BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Identity of Notorious Hacker USDoD Revealed
/in General NewsUSDoD, the hacker known for high-profile data leaks, is a man from Brazil, according to CrowdStrike and others.
The post Identity of Notorious Hacker USDoD Revealed appeared first on SecurityWeek.
SecurityWeek – Read More
Seattle Airport Blames Outages on Potential Cyberattack
/in General NewsThe Port of Seattle, including the SEA Airport, is experiencing system outages likely caused by a cyberattack.
The post Seattle Airport Blames Outages on Potential Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Researchers Discover Several Potential Attack Vectors in Bicycles With Shimano Di2 Wireless Gear-Shifting System
/in General NewsResearchers found a vulnerability in the Shimano Di2 system’s proprietary protocol, making it susceptible to a replay attack. They demonstrated that an attacker could intercept and replay commands using off-the-shelf software-defined radio.
Cyware News – Latest Cyber News – Read More
Google Warns of Exploited Chrome Vulnerability
/in General NewsGoogle flags another high-severity vulnerability patched with the latest Chrome 128 release as exploited in the wild.
The post Google Warns of Exploited Chrome Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Centreon Issues Critical Security Update to Fix SQL Injection Vulnerabilities That Threaten IT Monitoring
/in General NewsThese vulnerabilities, known as CVE-2024-32501, CVE-2024-33852, CVE-2024-33853, CVE-2024-33854, CVE-2024-5725, and CVE-2024-39841, pose a significant risk to organizations relying on Centreon for IT infrastructure monitoring.
Cyware News – Latest Cyber News – Read More
Critical SSTI Flaw in WPML Plugin Exposes Millions of WordPress Sites to RCE Attacks
/in General NewsThis vulnerability allows authorized users to inject and execute malicious code through the plugin’s shortcode feature, potentially leading to data theft and website takeover.
Cyware News – Latest Cyber News – Read More
Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot
/in General NewsDetails have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling.
“ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface,” security researcher Johann Rehberger said.
“This means that an attacker
The Hacker News – Read More
Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation
/in General NewsGoogle has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild.
Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine.
“Inappropriate implementation in V8 in Google Chrome prior to
The Hacker News – Read More
How AI is helping cut the risks of breaches with patch management
/in General NewsAI/ML-driven patch management delivers real-time risk assessments, guiding IT and security teams to prioritize critical patches first.Read More
Security News | VentureBeat – Read More
Microsoft to Host Windows Security Summit in CrowdStrike Outage Aftermath
/in General NewsThe tech giant seeks to work with endpoint security partners, including CrowdStrike, on how to prevent an outage event of such gravity from happening again.
darkreading – Read More