BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Critical Flaw in LiteSpeed Cache Plugin Actively Exploited: Over 30,000 Attacks Blocked in 24 Hours
/in General NewsThe widely used LiteSpeed Cache plugin for WordPress is being actively exploited through a critical security vulnerability, CVE-2024-28000, with over 30,000 attack attempts blocked in just 24 hours.
Cyware News – Latest Cyber News – Read More
Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access
/in General NewsCybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges.
“The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and
The Hacker News – Read More
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
/in General NewsGitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges.
The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5.
“On GitHub Enterprise Server instances that use SAML single sign-on (SSO)
The Hacker News – Read More
Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild
/in General NewsGoogle has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild.
Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine.
“Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap
The Hacker News – Read More
New Malware PG_MEM Targets PostgreSQL Databases for Crypto Mining
/in General NewsCybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that’s designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances.
“Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords,” Aqua security researcher Assaf Morag said in a technical report.
”
The Hacker News – Read More
Bangladeshi Hackers Deface India’s Zee Media Website for Mocking Floods
/in General NewsBangladeshi hackers “SYSTEMADMINBD” defaced Zee Media’s website, accusing them of mocking the situation in Bangladesh amid severe flooding.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
From Offices to Hotels: Backdoor in Contactless Key Cards Enables Mass Cloning
/in General NewsMillions of office and hotel contactless access cards using Fudan Microelectronics chips are vulnerable to a hardware backdoor…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
What Gartner’s 2024 hype cycle forecast tells us about the future of AI (and other tech)
/in General NewsIs your favorite emerging tech about to explode – or fizzle out? Gartner’s hype cycle offers crucial insights into the future of AI, developer tools, and security. See what’s coming tomorrow.
Latest stories for ZDNET in Security – Read More
Stadiums Are Embracing Face Recognition. Privacy Advocates Say They Should Stick to Sports
/in General NewsProtesters took to Citi Field Wednesday to raise awareness of the facial recognition systems that have become common at major league sporting venues.
Security Latest – Read More
New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency
/in General NewsThe new PG_MEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More