BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Litespeed Cache Flaw Exposes Millions of WordPress Sites to Takeover Attacks
/in General NewsDiscovered by security researcher Rafie Muhammad, the flaw allows unauthorized users to take control of logged-in accounts, potentially gaining administrator privileges on WordPress sites.
Cyware News – Latest Cyber News – Read More
Chinese-Speaking Hacker Group Targets Human Rights Studies in Middle East
/in General NewsUnnamed government entities in the Middle East and Malaysia are the target of a persistent cyber campaign orchestrated by a threat actor known as Tropic Trooper since June 2023.
“Sighting this group’s [Tactics, Techniques, and Procedures] in critical governmental entities in the Middle East, particularly those related to human rights studies, marks a new strategic move for them,” Kaspersky
The Hacker News – Read More
Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues
/in General NewsVeeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical vulnerabilities that could result in remote code execution.
The list of shortcomings is below –
CVE-2024-40711 (CVSS score: 9.8) – A vulnerability in Veeam Backup & Replication that allows unauthenticated remote code execution.
CVE-2024-42024 (CVSS score: 9.1
The Hacker News – Read More
WordPress Mandates 2FA, SVN Passwords for Plugin, Theme Authors
/in General NewsStarting October 2024, WordPress requires plugin and theme authors to enable two-factor authentication (2FA) and use SVN-specific passwords…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cisco Fixes Root Escalation Vulnerability With Public Exploit Code
/in General NewsLocal attackers can exploit this weakness through malicious CLI commands without user interaction, but only if they have Administrator privileges. So far, there is no evidence of this vulnerability being exploited in the wild.
Cyware News – Latest Cyber News – Read More
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team
/in General NewsUnit 29155 of Russia’s GRU military intelligence agency—a team responsible for coup attempts, assassinations, and bombings—has branched out into brazen hacking operations with targets across the world.
Security Latest – Read More
Intricate Babylon RAT Campaign Targets Malaysian Politicians, Government
/in General NewsThis campaign, active since July, utilizes at least three malicious ISO files to compromise Malaysian entities, containing components like a malicious executable and a decoy PDF file, ultimately delivering the Babylon RAT as a final payload.
Cyware News – Latest Cyber News – Read More
Why It’s So Hard to Fully Block X in Brazil
/in General NewsWith 20,000 internet providers across the country, the technical challenges of blocking X in Brazil mean some connections are slipping through the cracks.
Security Latest – Read More
Australia Proposes Mandatory Guardrails for AI
/in General NewsNew mandatory guardrails will apply to AI models in high-risk settings, with businesses encouraged to adopt new safety standards starting now.
Security | TechRepublic – Read More
Businesses still ready to invest in Gen AI, with risk management a top priority
/in General NewsAccording to a Salesforce study, 87% of C-suite executives say implementing AI technology is a top business priority, but 93% acknowledge barriers to adoption in their organizations.
Latest stories for ZDNET in Security – Read More