BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Android Remote Access Trojan Equipped to Harvest Credentials
/in General NewsThis malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their devices. This includes the icons of Google, Instagram, Snapchat, WhatsApp, and X (formerly Twitter).
Cyware News – Latest Cyber News – Read More
Update: Thwarted Cyberattack Targeted Library of Congress in Tandem With October British Library Breach
/in General NewsThe Library of Congress was targeted in a cyberattack that occurred in parallel with a high-profile intrusion into the British Library in October 2023 but it was a failed attempt, according to internal documents obtained by Nextgov/FCW.
Cyware News – Latest Cyber News – Read More
Ransomware Attacks Impact 20% of Sensitive Data in Healthcare Orgs
/in General NewsRecent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against healthcare targets.
Cyware News – Latest Cyber News – Read More
Cybersecurity in a Race to Unmask a New Wave of AI-Borne Deepfakes
/in General NewsKevin Mandia, CEO of Mandiant at Google Cloud, calls for content “watermarks” as the industry braces for a barrage of mind-bending AI-generated fake audio and video traffic.
darkreading – Read More
Monday.com Removes “Share Update” Feature Abused for Phishing Attacks
/in General NewsThe phishing emails pretended to come from a “Human Resources” department, asking users to either acknowledge the “organization’s workplace sex policy” or submit feedback as part of a “2024 Employee Evaluation.”
Cyware News – Latest Cyber News – Read More
Widely Used Telit Cinterion Modems Open to SMS-based Device Takeover Attacks
/in General NewsThe vulnerabilities were found in the Cinterion EHS5-E series modem, but other Telit Cinterion products with similar software and hardware architecture are also likely impacted, including
Cinterion BGS5, EHS5/6/7, PDS5/6/8, ELS61/81, and PLS62.
Cyware News – Latest Cyber News – Read More
In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved
/in General NewsNoteworthy stories that might have slipped under the radar: European Parliament application breached, DocGo hacked, VMware advisories moved to Broadcom portal.
The post In Other News: European Parliament Breach, DocGo Hack, VMware Advisories Moved appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Explains Why it Doesn’t Call Out Tech Vendors by Name
/in General NewsThe CISA isn’t inclined to call out technology vendors when their fundamental errors impact customers — officials contend they can make a greater impact by discerning and generalizing those mistakes for a broader audience.
Cyware News – Latest Cyber News – Read More
Exploited Chrome Zero-Day Patched by Google
/in General NewsA Chrome 124 update patches the second Chrome zero-day that has been found to be exploited in malicious attacks in 2024.
The post Exploited Chrome Zero-Day Patched by Google appeared first on SecurityWeek.
SecurityWeek – Read More
What’s the Right EDR for You?
/in General NewsA guide to finding the right endpoint detection and response (EDR) solution for your business’ unique needs.
Cybersecurity has become an ongoing battle between hackers and small- and mid-sized businesses. Though perimeter security measures like antivirus and firewalls have traditionally served as the frontlines of defense, the battleground has shifted to endpoints. This is why endpoint
The Hacker News – Read More