BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack
/in General NewsThe City of Columbus sued a researcher who disclosed the impact of the data breach caused by a recent ransomware attack.
The post City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
The 6 Best Antivirus Software Options for Windows in 2024
/in General NewsBitdefender GravityZone is best overall when it comes to our top choices for protection from malware like viruses, spyware, trojans, and bots.
Security | TechRepublic – Read More
Researchers Find SQL Injection Flaw to Bypass Airport TSA Security Checks
/in General NewsSecurity researchers discovered a SQL injection vulnerability in FlyCASS, a third-party web service used by airlines to manage the Known Crewmember (KCM) program and the Cockpit Access Security System (CASS).
Cyware News – Latest Cyber News – Read More
The US Navy Is Going All In on Starlink
/in General NewsThe Navy is testing out the Elon Musk–owned satellite constellation to provide high-speed internet access to sailors at sea. It’s part of a bigger project that’s about more than just getting online.
Security Latest – Read More
Intel Responds to SGX Hacking Research
/in General NewsIntel has shared some clarifications on claims made by a researcher regarding the hacking of its SGX security technology.
The post Intel Responds to SGX Hacking Research appeared first on SecurityWeek.
SecurityWeek – Read More
North Korea-linked APT Citrine Sleet Exploit Chrome Zero-Day to Deliver FudModule Rootkit
/in General NewsA North Korean APT used a Google Chrome zero-day flaw, CVE-2024-7971, to deploy the FudModule rootkit. Microsoft researchers linked these attacks to Citrine Sleet (AppleJeus, Labyrinth Chollima, UNC4736, or Hidden Cobra) with medium confidence.
Cyware News – Latest Cyber News – Read More
Roblox Developers Under Attack by New Malicious NPM Campaign
/in General NewsRoblox developers are being targeted by a new malicious npm campaign. Cybercriminals have created fake Roblox npm packages with the aim of deploying a remote access trojan called Quasar.
Cyware News – Latest Cyber News – Read More
Novel Attack on Windows Spotted in Chinese Phishing Campaign
/in General NewsThe malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary “runonce.exe,” giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.
Cyware News – Latest Cyber News – Read More
Secrets Exposed: Why Your CISO Should Worry About Slack
/in General NewsIn the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day?
A Single Secret Can Wreak Havoc
Imagine this: It’s a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is
The Hacker News – Read More
Chrome 128 Updates Patch High-Severity Vulnerabilities
/in General NewsGoogle has released two Chrome 128 updates to address six high-severity vulnerabilities reported by external researchers.
The post Chrome 128 Updates Patch High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More