BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- Shodan-Dorks - Dorks for Shodan; a powerful tool used to search for Internet-connected devices
- Pegasus-Pentest-Arsenal - A Comprehensive Web Application Security Testing Toolkit That Combines 10 Powerful Penetration Testing Features Into One Tool
- Witcher - Managing GitHub Advanced Security (GHAS) Controls At Scale
- ByeDPIAndroid - App To Bypass Censorship On Android
- API-s-for-OSINT - List Of API's For Gathering Information About Phone Numbers, Addresses, Domains Etc
- Firecrawl-Mcp-Server - Official Firecrawl MCP Server - Adds Powerful Web Scraping To Cursor, Claude And Any Other LLM Clients
- Deep-Live-Cam - Real Time Face Swap And One-Click Video Deepfake With Only A Single Image
- CAMEL - The First And The Best Multi-Agent Framework. Finding The Scaling Law Of Agents
- Liam - Automatically Generates Beautiful And Easy-To-Read ER Diagrams From Your Database
- SubGPT - Find Subdomains With GPT, For Free
Exploit DB
- [local] TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow
- [webapps] WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
- [webapps] Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)
- [local] RDPGuard 9.9.9 - Privilege Escalation
- [webapps] WordPress Depicter Plugin 3.6.1 - SQL Injection
- [webapps] SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation
- [local] Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation
- [local] VirtualBox 7.0.16 - Privilege Escalation
- [remote] Apache ActiveMQ 6.1.6 - Denial of Service (DOS)
- [webapps] ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
White House Issues National Security Memorandum for Critical Infrastructure
/in General NewsThe White House has published a national security memorandum focusing on critical infrastructure security and resilience.
The post White House Issues National Security Memorandum for Critical Infrastructure appeared first on SecurityWeek.
SecurityWeek – Read More
Lawsuits and Company Devaluations Await For Breached Firms
/in General NewsA new report from Netwrix has laid bare the significant financial and reputational costs stemming from serious cyber-attacks, including what are often unplanned expenses.
Cyware News – Latest Cyber News – Read More
These Dangerous Scammers Don’t Even Bother to Hide Their Crimes
/in General News“Yahoo Boy” cybercriminals are openly running dozens of scams across Facebook, WhatsApp, Telegram, TikTok, YouTube, and more.
Security Latest – Read More
Why Cloud Vulnerabilities Need CVEs
/in General NewsCloud services have introduced new challenges for vulnerability management, as organizations no longer control the underlying infrastructure and must focus on configuration management rather than just patching.
Cyware News – Latest Cyber News – Read More
Ransomware Rising Despite Takedowns, Says Corvus Report
/in General NewsIn its latest ransomware report, Ransomware Groups Don’t Die, They Multiply, published on April 30, the cyber insurance firm Corvus found that ransomware activity increased by 21% in the first quarter of 2024 compared to the same period in 2023.
Cyware News – Latest Cyber News – Read More
Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison
/in General NewsYaroslav Vasinskyi was sentenced to 13 years and seven months in prison for his alleged role in the REvil ransomware operation.
The post Ukrainian REvil Ransomware Affiliate Gets 13 Years in US Prison appeared first on SecurityWeek.
SecurityWeek – Read More
Mal.Metrica Redirects Users to Scam Sites
/in General NewsMal.Metrica is a significant malware campaign targeting vulnerabilities in popular WordPress plugins. It injects external scripts using domain names resembling legitimate services to redirect users to malicious sites.
Cyware News – Latest Cyber News – Read More
Google Announces Passkeys Adopted by Over 400 Million Accounts
/in General NewsGoogle on Thursday announced that passkeys are being used by over 400 million Google accounts, authenticating users more than 1 billion times over the past two years.
“Passkeys are easy to use and phishing resistant, only relying on a fingerprint, face scan or a pin making them 50% faster than passwords,” Heather Adkins, vice president of security engineering at Google, said.
The Hacker News – Read More
Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks
/in General NewsHPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that could result in remote code execution (RCE) on affected systems.
Of the 10 security defects, four are rated critical in severity –
CVE-2024-26304 (CVSS score: 9.8) – Unauthenticated Buffer Overflow Vulnerability in the L2/L3 Management Service Accessed via
The Hacker News – Read More
Billions of Android Devices Open to ‘Dirty Stream’ Attack
/in General NewsMicrosoft has uncovered a common vulnerability pattern in several apps allowing code execution; at least four of the apps have more than 500 million installations each; and one, Xiaomi’s File Manager, has at least 1 billion installations.
darkreading – Read More