BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation
/in General NewsSonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible.
The vulnerability, tracked as CVE-2024-40766, carries a CVSS score of 9.3 out of a maximum of 10.
“An improper access control vulnerability has been identified in the SonicWall SonicOS management
The Hacker News – Read More
Cybersecurity Talent Shortage Prompts White House Action
/in General NewsThe Biden administration launches an initiative to encourage careers in cybersecurity, as businesses try new tactics to get unfilled IT security roles staffed.
darkreading – Read More
US Gov Removing Four-Year-Degree Requirements for Cyber Jobs
/in General NewsThe US government will remove “unnecessary degree requirements” in favor of skills-based hiring to help fill 500,000 open cybersecurity jobs.
The post US Gov Removing Four-Year-Degree Requirements for Cyber Jobs appeared first on SecurityWeek.
SecurityWeek – Read More
One million US Kaspersky customers to be migrated to this lesser-known alternative
/in General NewsKaspersky customers in the US can continue their existing subscriptions with a replacement product from the company’s ‘trusted partner’. Here’s what to know.
Latest stories for ZDNET in Security – Read More
GeoServer Vulnerability Targeted by Hackers to Deliver Backdoors and Botnet Malware
/in General NewsA recently disclosed security flaw in OSGeo GeoServer GeoTools has been exploited as part of multiple campaigns to deliver cryptocurrency miners, botnet malware such as Condi and JenX, and a known backdoor called SideWalk.
The security vulnerability is a critical remote code execution bug (CVE-2024-36401, CVSS score: 9.8) that could allow malicious actors to take over susceptible instances.
In
The Hacker News – Read More
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
/in General NewsThreat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped software and packages.
These attacks typically involve registering domains or packages with names slightly altered from their legitimate counterparts (e.g., goog1e.com vs. google.com).
Adversaries targeting open-source repositories across
The Hacker News – Read More
New global standard aims to build security around large language models
/in General NewsThe WDTA framework spans the lifecycle of large language models, offering guidelines to manage integration with other systems.
Latest stories for ZDNET in Security – Read More
Report: 83% of Organizations Experienced at Least One Ransomware Attack in the Last Year
/in General NewsAccording to Onapsis, 83% of organizations experienced a ransomware attack in the past year. Of those, 46% experienced four or more attacks, and 14% faced 10 or more. The attacks resulted in at least 24 hours of downtime for 61% of respondents.
Cyware News – Latest Cyber News – Read More
MuddyWater Hijacks RMM Software for Espionage
/in General NewsMuddyWater, an Iranian hacker group since 2017, has been using legitimate RMM software to target organizations globally, focusing on government, military, telecom, and oil sectors.
Cyware News – Latest Cyber News – Read More
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
/in General NewsSonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.
The post Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild appeared first on SecurityWeek.
SecurityWeek – Read More