BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd
/in General NewsAtlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.
The post Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd appeared first on SecurityWeek.
SecurityWeek – Read More
Picus Security, founded by Turkish 3 mathematicians, raises $45M after simulating 1B cyberattacks
/in General NewsFor as long as coding has existed, we have had a plethora of methods — white-hat testers, software, and more — to validate that code works as it was intended. These days, all that has been kicked into high gear: the growing sophistication of security breaches has turned the process of software verification into a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Security Validation Firm Picus Security Raises $45 Million
/in General NewsAttack simulation firm has raised $45 million in growth funding, bringing the total amount raised to $80 million.
The post Security Validation Firm Picus Security Raises $45 Million appeared first on SecurityWeek.
SecurityWeek – Read More
RunSafe Security Raises $12M to Drive Global Expansion and Product Development
/in General NewsThe Series B funding was led by Critical Ventures and SineWave Venture Partners, with other key investors joining in to support RunSafe’s mission to protect critical systems from global threats.
Cyware News – Latest Cyber News – Read More
Marko Polo Cybercrime Gang Targets Cryptocurrency Users, Influencers With Scams
/in General NewsThe group primarily focuses on online gaming personalities, cryptocurrency influencers, and technology professionals, enticing them with fake job opportunities on social media that lead to downloading malicious software.
Cyware News – Latest Cyber News – Read More
Cybersecurity Awareness: Reflecting on 20 Years of Defense Evolution and Preparing for Future Threats
/in General NewsThreats have become more complex as the threat surface has expanded and it is now about the evolution of protecting a business and its ecosystem.
The post Cybersecurity Awareness: Reflecting on 20 Years of Defense Evolution and Preparing for Future Threats appeared first on SecurityWeek.
SecurityWeek – Read More
Update: PoC Exploit Released for Unauthenticated RCE in Veeam Backup & Replication
/in General NewsSecurity researcher Sina Kheirkhah has published a PoC exploit for CVE-2024-40711 in Veeam Backup & Replication, a critical vulnerability with a CVSS score of 9.8. The flaw allows unauthenticated RCE, posing a threat to enterprise environments.
Cyware News – Latest Cyber News – Read More
US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon
/in General NewsThe US government has announced the disruption of Raptor Train, a Flax Typhoon botnet powered by hacked consumer devices.
The post US Disrupts ‘Raptor Train’ Botnet of Chinese APT Flax Typhoon appeared first on SecurityWeek.
SecurityWeek – Read More
GitLab Releases Critical Security Patch for CVE-2024-45409 (CVSS 10) Vulnerability
/in General NewsGitLab has released a critical security patch for the CVE-2024-45409 vulnerability (CVSS 10). It impacts both GitLab Community Edition (CE) and Enterprise Edition (EE) and originates from the Ruby-SAML library used for SAML authentication.
Cyware News – Latest Cyber News – Read More
GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions
/in General NewsGitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result in an authentication bypass.
The vulnerability is rooted in the ruby-saml library (CVE-2024-45409, CVSS score: 10.0), which could allow an attacker to log in as an arbitrary user within the vulnerable system. It was addressed by the maintainers last week.
The
The Hacker News – Read More