BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
500,000 tokens: How Anthropic’s Claude Enterprise is pushing AI boundaries
/in General NewsAnthropic launches Claude Enterprise, transforming AI for businesses with a 500,000 token context window, advanced security, and GitHub integration, challenging OpenAI and Google in the enterprise market.Read More
Security News | VentureBeat – Read More
Rage Stealer Rebranded as Angry Stealer, Now Uses Telegram Bot for Data Theft
/in General NewsBeware of “Angry Stealer,” a new malware targeting your online accounts. This rebranded version of Rage Stealer steals…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Complying with PCI DSS Requirements by 2025
/in General NewsThe latest version 4.0.1 of the Payment Card Industry Data Security Standard (PCI DSS) has introduced key changes to address the evolving digital landscape. While some requirements are already in effect, others will come into play by April 2025.
Cyware News – Latest Cyber News – Read More
Hackers Hijack 22,000 Removed PyPI Packages, Spreading Malicious Code to Developers
/in General NewsA new supply chain attack technique targeting the Python Package Index (PyPI) registry has been exploited in the wild in an attempt to infiltrate downstream organizations.
It has been codenamed Revival Hijack by software supply chain security firm JFrog, which said the attack method could be used to hijack 22,000 existing PyPI packages and result in “hundreds of thousands” of malicious package
The Hacker News – Read More
Criminal IP Secures PCI DSS v4.0 Certification, Enhancing Payment Security with Top-Level Compliance
/in General NewsTorrance, United States / California, 4th September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
How CISOs Can Effectively Communicate Cyber-Risk
/in General NewsA proximity resilience graph offers a more accurate representation of risk than heat maps and risk registers, and allows CISOs to tell a complex story in a single visualization.
darkreading – Read More
HHS Drops Appeal of Hospital Web Tracking Decision
/in General NewsThe Biden administration has dropped its appeal of a court decision that rejected new regulations restricting hospitals’ use of web-tracking tools. A Texas judge ruled the administration’s efforts illegal in June.
Cyware News – Latest Cyber News – Read More
Worried about the YubiKey 5 vulnerability? Here’s why I’m not
/in General NewsI’m a big fan of YubiKeys and the fact that some of them are vulnerable to being cloned doesn’t change that. Let me explain.
Latest stories for ZDNET in Security – Read More
Crypto Vulnerability Allows Cloning of YubiKey Security Keys
/in General NewsYubiKey security keys can be cloned via a side-channel attack that leverages a vulnerability in a cryptographic library.
The post Crypto Vulnerability Allows Cloning of YubiKey Security Keys appeared first on SecurityWeek.
SecurityWeek – Read More
Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers
/in General NewsZyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions that could result in the execution of unauthorized commands.
Tracked as CVE-2024-7261 (CVSS score: 9.8), the vulnerability has been described as a case of operating system (OS) command injection.
“The improper neutralization of special elements in the
The Hacker News – Read More