BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
CISA Warns of Exploited Vulnerabilities Impacting Dahua Products
/in General NewsCISA warns that attackers are exploiting two critical-severity authentication bypass vulnerabilities impacting multiple Dahua products.
The post CISA Warns of Exploited Vulnerabilities Impacting Dahua Products appeared first on SecurityWeek.
SecurityWeek – Read More
The best free antivirus software of 2024: Expert tested
/in General NewsWe tested the best free antivirus software to give you extra protection at no additional cost.
Latest stories for ZDNET in Security – Read More
CrowdStrike Hits Back at Action1 Following $1 Billion Acquisition Rumors
/in General NewsCrowdStrike has denied having any significant acquisition talks with patch management firm Action1 following rumors of a $1 billion deal.
The post CrowdStrike Hits Back at Action1 Following $1 Billion Acquisition Rumors appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches High-Severity Vulnerability Reported by NSA
/in General NewsA high-severity vulnerability in Cisco Unified CM and Unified CM SME could allow attackers to cause a denial-of-service (DoS) condition.
The post Cisco Patches High-Severity Vulnerability Reported by NSA appeared first on SecurityWeek.
SecurityWeek – Read More
Google Fixes Ninth Chrome Zero-Day Exploited in Attacks This Year
/in General NewsGoogle released an emergency security update to fix the ninth zero-day vulnerability exploited in attacks this year. The vulnerability, known as CVE-2024-7971, involves a type confusion weakness in Chrome’s V8 JavaScript engine.
Cyware News – Latest Cyber News – Read More
The Facts About Continuous Penetration Testing and Why It’s Important
/in General NewsWhat is Continuous Attack Surface Penetration Testing or CASPT?
Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization’s digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an
The Hacker News – Read More
Ingress-NGINX Annotation Validation Bypass Flaw (CVE-2024-7646) Allows Command Injection
/in General NewsThe vulnerability allows attackers to inject malicious content into annotations, leading to arbitrary command injection and potential access to controller credentials, enabling full access to cluster secrets.
Cyware News – Latest Cyber News – Read More
Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites
/in General NewsA critical vulnerability in the Litespeed Cache WordPress plugin can allow attackers to hack websites by creating an admin user.
The post Exploitation Expected for Flaw in Caching Plugin Installed on 5M WordPress Sites appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches Sixth Exploited Chrome Zero-Day of 2024
/in General NewsChrome 128 was released in the stable channel with patches for 38 vulnerabilities, including a V8 JavaScript engine flaw exploited in the wild.
The post Google Patches Sixth Exploited Chrome Zero-Day of 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
MegaMedusa, RipperSec’s Public Web DDoS Attack Tool
/in General NewsRipperSec, a pro-Palestinian hacktivist group based in Malaysia, has released MegaMedusa, a publicly available Web DDoS attack tool that simplifies launching large-scale DDoS attacks.
Cyware News – Latest Cyber News – Read More