BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
The vCISO Academy: Transforming MSPs and MSSPs into Cybersecurity Powerhouses
/in General NewsWe’ve all heard a million times: growing demand for robust cybersecurity in the face of rising cyber threats is undeniable. Globally small and medium-sized businesses (SMBs) are increasingly targeted by cyberattacks but often lack the resources for full-time Chief Information Security Officers (CISOs). This gap is driving the rise of the virtual CISO (vCISO) model, offering a cost-effective
The Hacker News – Read More
HPE Patches Critical Vulnerabilities in Aruba Access Points
/in General NewsHPE this week warned of two critical vulnerabilities in Aruba Networking access points that could lead to unauthenticated command injection.
The post HPE Patches Critical Vulnerabilities in Aruba Access Points appeared first on SecurityWeek.
SecurityWeek – Read More
Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns
/in General NewsCISA has added a Palo Alto Networks Expedition flaw tracked as CVE-2024-5910 to its Known Exploited Vulnerabilities Catalog.
The post Palo Alto Networks Expedition Vulnerability Exploited in Attacks, CISA Warns appeared first on SecurityWeek.
SecurityWeek – Read More
AI can drive business growth in Southeast Asia. But some big challenges remain
/in General NewsResearch suggests Southeast Asian markets have already invested heavily in AI. Continued growth will rely on pro-innovation policies.
Latest stories for ZDNET in Security – Read More
OWASP Top 10: A Sign of Progress in Web Security
/in General NewsAs sarcastic as it sounds, even with all the ever-increasing data breaches and various attacks, we are seeing ‘improvement’ let’s say, in the OWASP Top 10. The OWASP (Open Web Application Security Project) top 10 is widely recognized as one of the best guidelines for web developers. In cybersecurity we have several guidelines that help us understand and assess vulnerability in various devices…
Source
TechSplicer – Read More
Top Vulnerability Management Tools: Reviews & Comparisons 2024
/in General NewsThere are a great many vulnerability management tools available. But which is best? Here are our top picks for a variety of use cases.
Security | TechRepublic – Read More
New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus
/in General NewsCybersecurity researchers have flagged a new malware campaign that infects Windows systems with a Linux virtual instance containing a backdoor capable of establishing remote access to the compromised hosts.
The “intriguing” campaign, codenamed CRON#TRAP, starts with a malicious Windows shortcut (LNK) file likely distributed in the form of a ZIP archive via a phishing email.
“What makes the CRON#
The Hacker News – Read More
CISA Alerts to Active Exploitation of Critical Palo Alto Networks Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a now-patched critical security flaw impacting Palo Alto Networks Expedition to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-5910 (CVSS score: 9.3), concerns a case of missing authentication in the Expedition migration tool that
The Hacker News – Read More
Texas-based oilfield supplier faces disruptions following ransomware attack
/in General NewsIn a regulatory filing on Thursday evening, Newpark Resources said it discovered the ransomware attack on October 29 that affected internal information systems.
The Record from Recorded Future News – Read More
New SteelFox Malware Posing as Popular Software to Steal Browser Data
/in General NewsSteelFox malware targets software pirates through fake activation tools, stealing credit card data and deploying crypto miners. Learn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More