BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
“Dirty Stream” Attack Affects Popular Android Apps
/in General NewsA vulnerability in popular Android apps like Xiaomi File Manager and WPS Office could allow malicious apps to overwrite files in the vulnerable app’s home directory, potentially leading to code execution and unauthorized access to user data.
Cyware News – Latest Cyber News – Read More
REvil Affiliate Off to Jail for Multimillion-Dollar Ransomware Scheme
/in General NewsCharges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering.
darkreading – Read More
Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report
/in General NewsMicrosoft security chief Charlie Bell pledges significant reforms and a strategic shift to prioritize security above all other product features.
The post Microsoft Overhauls Cybersecurity Strategy After Scathing CSRB Report appeared first on SecurityWeek.
SecurityWeek – Read More
More Than Two Dozen Android Vulnerabilities Fixed
/in General NewsXiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.
Cyware News – Latest Cyber News – Read More
Top 5 Global Cyber Security Trends of 2023, According to Google Report
/in General NewsAccording to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.
Security | TechRepublic – Read More
U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems
/in General NewsThe U.K.’s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.
Security | TechRepublic – Read More
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
/in General NewsPatch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
darkreading – Read More
How Are APAC Tech Salaries Faring in 2024?
/in General NewsThe year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.
Security | TechRepublic – Read More
North Korean Hackers Spoofing Journalist Emails to Spy on Experts
/in General NewsNorth Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs.
Cyware News – Latest Cyber News – Read More
LayerX Raises $26 Million for Browser Security Platform
/in General NewsIsraeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies.
The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More