BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Hackers Proxyjack & Cryptomine Selenium Grid Servers
/in General NewsA vendor honeypot caught two attacks intended to leverage the tens of thousands of exposed Selenium Grid Web app testing servers.
darkreading – Read More
Apple Vision Pro’s Eye Tracking Exposed What People Type
/in General NewsThe Vision Pro uses 3D avatars on calls and for streaming. These researchers used eye tracking to work out the passwords and PINs people typed with their avatars.
Security Latest – Read More
Microsoft Discloses Four Zero-Days in September Update
/in General NewsMicrosoft recently revealed four zero-day vulnerabilities in its September update, part of the Patch Tuesday release containing 79 vulnerabilities, making it the fourth-largest release of the year.
Cyware News – Latest Cyber News – Read More
ToneShell Backdoor Targets IISS Defence Summit Attendees in Latest Espionage Campaign
/in General NewsThe ToneShell backdoor, attributed to the Mustang Panda cyber espionage group, has resurfaced in a new attack targeting attendees of the 2024 IISS Defence Summit in Prague.
Cyware News – Latest Cyber News – Read More
Healthcare Provider to Pay $65M Settlement Following Ransomware Attack
/in General NewsLehigh Valley Health Network has agreed to pay a $65 million settlement in a class-action suit filed over a 2023 data breach.
The post Healthcare Provider to Pay $65M Settlement Following Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Exploiting CI/CD Pipelines for Fun and Profit
/in General NewsOn September 8, 2024, a significant exploit chain was discovered, starting from a publicly exposed . git directory, leading to a full server takeover. The vulnerabilities stem from websites exposing their . git folders.
Cyware News – Latest Cyber News – Read More
Amateurish ‘CosmicBeetle’ Ransomware Stings SMBs in Turkey
/in General NewsWith an immature codebase and a “rather chaotic encryption scheme” prone to failure, the group targets small businesses with custom malware.
darkreading – Read More
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
/in General NewsWordPress.org has announced a new account security measure that will require accounts with capabilities to update plugins and themes to activate two-factor authentication (2FA) mandatorily.
The enforcement is expected to come into effect starting October 1, 2024.
“Accounts with commit access can push updates and changes to plugins and themes used by millions of WordPress sites worldwide,” the
The Hacker News – Read More
Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences
/in General NewsTorrance, United States / California, 12th September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Flipper Zero gets a big firmware upgrade, and some amazing new features
/in General NewsAfter three years of development, the portable hacking tool gets its first major firmware update – to version 1.0!
Latest stories for ZDNET in Security – Read More