BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
Desperate Taylor Swift Fans Defrauded by Ticket Scams
/in General NewsAs reported by the BBC, Lloyds Bank estimates that fans have lost an estimated £1m ($1.25 m) in ticket scams ahead of the UK leg of Taylor Swift’s Eras tour. Roughly 90% of these scams were said to have started on Facebook.
Cyware News – Latest Cyber News – Read More
zEus Stealer Distributed via Crafted Minecraft Source Pack
/in General NewsZeus Stealer is designed to steal sensitive information such as passwords and cryptocurrency wallets from infected systems. The attackers utilize the popularity of Minecraft to lure unsuspecting users into downloading and executing the payload.
Cyware News – Latest Cyber News – Read More
Shields Up: How to Minimize Ransomware Exposure
/in General NewsOrganizations need to look beyond preventive measures when it comes to dealing with today’s ransomware threats and invest in ransomware response.
The post Shields Up: How to Minimize Ransomware Exposure appeared first on SecurityWeek.
SecurityWeek – Read More
Token Security Raises $7 Million Seed Funding for Machine-First Identity Security
/in General NewsTel Aviv-based firm emerged from stealth with $7 million seed funding led by TLV Partners with participation from SNR and angel investors.
The post Token Security Raises $7 Million Seed Funding for Machine-First Identity Security appeared first on SecurityWeek.
SecurityWeek – Read More
Top FBI Official Urges Agents to Use Warrantless Wiretaps on US Soil
/in General NewsAn internal email from FBI deputy director Paul Abbate, obtained by WIRED, tells employees to search for “US persons” in a controversial spy program’s database that investigators have repeatedly misused.
Security Latest – Read More
Akamai to Acquire Noname for $450 Million
/in General NewsNoname, one of the top API security vendors in the market, will enhance Akamai’s existing API Security solution and accelerate its ability to meet growing customer demand and market requirements as the use of APIs continues to expand.
Cyware News – Latest Cyber News – Read More
Critical Bug Could Open 50K+ Tinyproxy Servers to DoS, RCE
/in General NewsPatch now: CVE-2023-49606 in the open source, small-footprint proxy server can potentially lead to remote code execution.
darkreading – Read More
LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
/in General NewsBy Deeba Ahmed
Is your WordPress site using LiteSpeed Cache? A recent surge in malicious JavaScript injections targets vulnerable versions. Learn how to identify the signs of infection and prevent future attacks. Patch, scan, and secure your WordPress site today!
This is a post from HackRead.com Read the original post: LiteSpeed Cache Plugin XSS Vulnerability Affects 1.8M WordPress Sites
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The best VPN for Mac in 2024: Expert tested and reviewed
/in General NewsMac VPNs should offer high performance, speed, and security. Here are our Mac VPN recommendations for 2024.
Latest stories for ZDNET in Security – Read More
New Spectre-Style ‘Pathfinder’ Attack Targets Intel CPU, Leak Encryption Keys and Data
/in General NewsResearchers have discovered two novel attack methods targeting high-performance Intel CPUs that could be exploited to stage a key recovery attack against the Advanced Encryption Standard (AES) algorithm.
The techniques have been collectively dubbed Pathfinder by a group of academics from the University of California San Diego, Purdue University, UNC Chapel
The Hacker News – Read More