BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
The NSA Has a Podcast—Here’s How to Decode It
/in General NewsThe spy agency that dared not speak its name is now the Joe Rogan of the SIGINT set. And the pod’s actually worth a listen.
Security Latest – Read More
In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams
/in General NewsNoteworthy stories that might have slipped under the radar: US Special Forces can hack buildings, X is hiring cybersecurity staff, and FTC warns of Bitcoin ATM scams.
The post In Other News: US Army Hacks Buildings, X Hiring Cybersecurity Staff, Bitcoin ATM Scams appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Foreman Flaw Exposes Red Hat Satellite to Unauthorized Access
/in General NewsThis authentication bypass flaw, with a CVSS score of 9.8 (the highest severity rating), could enable unauthorized users to gain administrative access to Red Hat Satellite, a commercial offering built on Foreman.
Cyware News – Latest Cyber News – Read More
Use of Predator Spyware Rebounds After a Dip From Biden Sanctions, Researchers Say
/in General NewsDespite facing sanctions, Predator has managed to attract new customers and has been detected in various countries, including the Democratic Republic of Congo and Angola.
Cyware News – Latest Cyber News – Read More
Cybersecurity M&A Roundup: 36 Deals Announced in August 2024
/in General NewsRoundup of the three dozen cybersecurity-related merger and acquisition (M&A) deals announced in August 2024.
The post Cybersecurity M&A Roundup: 36 Deals Announced in August 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Infosec Spending to Hit 3-Year Growth Peak, Reach $212B Next Year: Gartner
/in General NewsGlobal spending on information security is on track to reach nearly $212 billion next year, with a projected 15% increase from 2024. The majority of this spending is in security software, particularly in endpoint protection platforms.
Cyware News – Latest Cyber News – Read More
Respotter: Open-Source Responder Honeypot
/in General NewsRespotter is an open-source honeypot designed to detect attackers when they launch Responder within your environment. This application identifies active instances of Responder by exploiting its behavior when responding to any DNS query.
Cyware News – Latest Cyber News – Read More
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz
/in General NewsThe latest Apache OFBiz update patches CVE-2024-45195, a bypass of a recently disclosed remote code execution bug exploited in attacks.
The post Apache Makes Another Attempt at Patching Exploited RCE in OFBiz appeared first on SecurityWeek.
SecurityWeek – Read More
Goffloader: In-Memory Execution, No Disk Required
/in General NewsPraetorian has uncovered GoffLoader, an in-memory execution tool that allows security professionals to run BOF and unmanaged Cobalt Strike PE files directly in memory without writing to disk.
Cyware News – Latest Cyber News – Read More
CVE-2024-26581 PoC Exploit Released: Linux Systems at Risk of Root Compromise
/in General NewsThe CVE-2024-26581 PoC exploit has been disclosed, posing a risk to Linux systems by allowing root compromise. The flaw exists in the nft_set_rbtree function within the Linux kernel, enabling attackers to access sensitive data on affected systems.
Cyware News – Latest Cyber News – Read More