BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
As Geopolitical Tensions Mount, Iran’s Cyber Operations Grow
/in General NewsIncreasing attacks by the OilRig/APT34 group linked to Iran’s Ministry of Intelligence and Security show that the nation’s capabilities are growing, and targeting regional allies and enemies alike.
darkreading – Read More
Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
/in General NewsBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution.
The vulnerability, tracked as CVE-2024-38812 (CVSS score: 9.8), has been described as a heap-overflow vulnerability in the DCE/RPC protocol.
“A malicious actor with network access to vCenter Server may trigger this vulnerability by sending a
The Hacker News – Read More
Zero-Click RCE Bug in macOS Calendar Exposes iCloud Data
/in General NewsA researcher bypassed the Calendar sandbox, Gatekeeper, and TCC in a chain attack that allowed for wanton theft of iCloud photos.
darkreading – Read More
Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack. Here’s What We Know.
/in General NewsVery small explosive devices may have been built into the pagers prior to their delivery to Hezbollah, and then all remotely triggered simultaneously.
The post Hundreds of Pagers Exploded in Lebanon and Syria in a Deadly Attack. Here’s What We Know. appeared first on SecurityWeek.
SecurityWeek – Read More
Russia targets Harris campaign with wave of fake videos
/in General NewsPost Content
The Record from Recorded Future News – Read More
‘Marko Polo’ Creates Globe-Spanning Cybercrime Juggernaut
/in General NewsThe Eastern European group is actively expanding its financial fraud activities, with its pipelines representing a veritable Silk Road for the transfer of cryptocurrency, and lucrative and exploitable data.
darkreading – Read More
Discord launches end-to-end encrypted voice and video chats
/in General NewsDiscord will now offer audio and video calls that even the company won’t be able to listen in on.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
AT&T to pay $13 million FCC settlement for 2023 data breach
/in General NewsPost Content
The Record from Recorded Future News – Read More
Apple Abandons Spyware Suit to Avoid Sharing Cyber Secrets
/in General NewsDespite more US sanctions against spyware operators, Apple decided the cost in terms of disclosures about its own anti-spyware efforts was too great.
darkreading – Read More
The Mystery of Hezbollah’s Deadly Exploding Pagers
/in General NewsAt least eight people have been killed and more than 2,700 people have been injured in Lebanon by exploding pagers. Experts say the blasts point toward a supply chain compromise, not a cyberattack.
Security Latest – Read More