BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
AI is growing faster than companies can secure it, warn industry leaders
/in General NewsIndustry leaders at DataGrail Summit 2024 warn of AI’s exponential growth outpacing security measures, urging companies to invest in robust AI safety systems to mitigate risks and protect consumer trust.Read More
Security News | VentureBeat – Read More
Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day
/in General NewsRedmond’s threat intel team said exploitation of CVE-2024-7971 can be attributed to a North Korean APT targeting the cryptocurrency sector for financial gain.
The post Microsoft Says North Korean Cryptocurrency Thieves Behind Chrome Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
US-China relationship remains ‘competitive’, as steps towards diplomacy strengthen
/in General NewsThe US says efforts to improve bilateral relations with China are ongoing, alongside “necessary action” to prevent US tech from being used to undermine its national security.
Latest stories for ZDNET in Security – Read More
US Offers $2.5 Million Reward for Hacker Linked to Angler Exploit Kit
/in General NewsThe U.S. Department of State and the Secret Service are offering a reward of $2.5 million for information leading to the capture of Belarusian cybercriminal Volodymyr Kadariya, who is linked to the Angler Exploit Kit.
Cyware News – Latest Cyber News – Read More
Twitch’s Drop Ins Feature Turned On VTubers’ Cameras Without Consent
/in General NewsTwitch’s Drop Ins feature unintentionally turned on VTubers’ cameras without their consent, raising privacy concerns. Twitch has apologized…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cybercriminals Capitalize on Travel Industry’s Peak Season
/in General NewsCequence Security found that cyberattacks against the travel industry surge during holidays, with 91% of severe vulnerabilities in the top 10 travel and hospitality sites enabling man-in-the-middle attacks.
Cyware News – Latest Cyber News – Read More
Governments need to beef up cyberdefense for the AI era – which means going back to the basics
/in General NewsOrganizations in both private and public sectors are moving to adopt artificial intelligence, but doing so for the latter heightens the importance of security fundamentals.
Latest stories for ZDNET in Security – Read More
‘Voldemort’ Malware Curses Orgs Using Global Tax Authorities
/in General NewsThe global malware campaign (that must not be named?) is targeting organizations by impersonating tax authorities, and using custom tools like Google Sheets for command and control.
darkreading – Read More
Commercial Spyware Vendors Have a Copycat in Top Russian APT
/in General NewsRussia’s Midnight Blizzard infected Mongolian government websites to try to compromise the devices of visitors, using watering-hole tactics.
darkreading – Read More
NASA Focuses on Cybersecurity of its Mission-Critical Software
/in General NewsThe software verification and validation efforts helps NASA improve the safety and cost-effectiveness of its mission critical software. Cybersecurity is now part of the evaluation.
darkreading – Read More