BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [remote] CrushFTP 11.3.1 - Authentication Bypass
- [remote] Invision Community 5.0.6 - Remote Code Execution (RCE)
- [local] Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO
/in General NewsBy Waqas
Concerned about a potential MFA bypass in Microsoft Azure Entra ID? This article explores the research, explains the vulnerability in context, and offers actionable steps to secure your organization.
This is a post from HackRead.com Read the original post: Findings Show MFA Bypass in Microsoft Azure Entra ID Using Seamless SSO
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
/in General NewsBy cybernewswire
Philadelphia, Pennsylvania, May 8th, 2024, CyberNewsWire Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection…
This is a post from HackRead.com Read the original post: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
A SaaS Security Challenge: Getting Permissions All in One Place
/in General NewsPermissions in SaaS platforms like Salesforce, Workday, and Microsoft 365 are remarkably precise. They spell out exactly which users have access to which data sets. The terminology differs between apps, but each user’s base permission is determined by their role, while additional permissions may be granted based on tasks or projects they are involved with. Layered on top of
The Hacker News – Read More
Security Teams & SREs Want the Same Thing: Let’s Make It Happen
/in General NewsSite reliability engineers (SREs) and security teams are more powerful when they work together, and being able to combine our efforts can make or break our teams’ experiences and outputs.
darkreading – Read More
New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System
/in General NewsA new VPN bypass technique allows threat actors to snoop on victims’ traffic by forcing it off the VPN tunnel using built-in features of DHCP, penetration testing firm Leviathan Security Group warns. Called TunnelVision and relying on manipulating route tables, the set of rules that computers use to decide which network traffic should be sent […]
The post New ‘TunnelVision’ Technique Leaks Traffic From Any VPN System appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Will Hold Executives Accountable for Cybersecurity
/in General NewsAt least a portion of executive compensation going forward will be tied to meeting security goals and metrics.
darkreading – Read More
Healthcare Cybersecurity Firm Blackwell Raises $13 Million
/in General NewsHealthcare cybersecurity company Blackwell Security has raised $13 million and appointed Geyer Jones as its first CEO.
The post Healthcare Cybersecurity Firm Blackwell Raises $13 Million appeared first on SecurityWeek.
SecurityWeek – Read More
RSA Conference 2024 – Announcements Summary (Day 2)
/in General NewsHundreds of companies are showcasing their products and services this week at the 2024 edition of the RSA Conference in San Francisco.
The post RSA Conference 2024 – Announcements Summary (Day 2) appeared first on SecurityWeek.
SecurityWeek – Read More
Brandywine Realty Trust Hit by Ransomware
/in General NewsPhiladelphia-based real estate company Brandywine Realty Trust shuts down systems following a ransomware attack.
The post Brandywine Realty Trust Hit by Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
BetterHelp to Pay $7.8 Million to 800,000 in Health Data Sharing Settlement
/in General NewsFollowing an investigation into BetterHelp’s handling of customer data, the FTC revealed in March 2023 that the service collected data without consent from its app users or website visitors, even from people who had not signed up for counseling.
Cyware News – Latest Cyber News – Read More