BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Acronis Backup Plugins Hit by CVE-2024-8767: CVSS 9.9 Severity Alert
/in General NewsAcronis Backup Plugins have been affected by a critical security flaw, CVE-2024-8767 (CVSS 9.9). The vulnerability impacts Linux-based plugins for cPanel & WHM, Plesk, and DirectAdmin, potentially leading to data breaches and unauthorized operations.
Cyware News – Latest Cyber News – Read More
Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China
/in General NewsGreyNoise has observed millions of spoofed IPs flooding internet providers with web traffic primarily focusing on TCP connections.
The post Noise Storms: Massive Amounts of Spoofed Web Traffic Linked to China appeared first on SecurityWeek.
SecurityWeek – Read More
Experts Warn of China-Linked APT’s Raptor Train IoT Botnet
/in General NewsThe attribution of the Raptor Train botnet to a Chinese nation-state actor is based on various factors, including operational timelines, targeting sectors aligned with Chinese interests, and the use of the Chinese language.
Cyware News – Latest Cyber News – Read More
CVE-2023-48788 Exploited: Researcher Details Cyberattacks on Fortinet FortiClient EMS
/in General NewsCybersecurity researchers at Darktrace have discovered cybercriminals exploiting Fortinet’s FortiClient EMS. The attackers targeted a critical vulnerability, CVE-2023-48788, to gain unauthorized access through an SQL injection flaw.
Cyware News – Latest Cyber News – Read More
Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones
/in General NewsThe iServer phishing-as-a-service platform was used by Spanish-speaking criminals to harvest credentials and unlock stolen and lost phones.
The post Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones appeared first on SecurityWeek.
SecurityWeek – Read More
Where’s your BitLocker recovery key? How and why to save a copy before the next Windows meltdown
/in General NewsBitLocker encryption is a tremendous way to stop a thief from accessing your business and personal secrets. But don’t let the tool lock you out of your PC. Here’s how to save a secure backup copy of your encryption key for panic-free recovery.
Latest stories for ZDNET in Security – Read More
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
/in General NewsIn addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Chrome Users Can Now Sync Passkeys Across Devices with New Google PIN Feature
/in General NewsGoogle on Thursday unveiled a Password Manager PIN to let Chrome web users sync their passkeys across Windows, macOS, Linux, ChromeOS, and Android devices.
“This PIN adds an additional layer of security to ensure your passkeys are end-to-end encrypted and can’t be accessed by anyone, not even Google,” Chrome product manager Chirag Desai said.
The PIN is a six-digit code by default, although it’s
The Hacker News – Read More
Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks
/in General NewsIvanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the wild.
The new vulnerability, assigned the CVE identifier CVE-2024-8963, carries a CVSS score of 9.4 out of a maximum of 10.0. It was “incidentally addressed” by the company as part of CSA 4.6 Patch 519 and CSA 5.0.
“Path Traversal in the Ivanti CSA before 4.6 Patch
The Hacker News – Read More
North Korean APT Bypasses DMARC Email Policies in Cyber-Espionage Attacks
/in General NewsHow the Kimsuky nation-state group and other threat actors are exploiting poor email security — and what organizations can do to defend themselves.
darkreading – Read More