BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
New PG_MEM Malware Targets PostgreSQL Databases to Mine Cryptocurrency
/in General NewsThe new PG_MEM malware targets PostgreSQL databases, exploiting weak passwords to deliver payloads and mine cryptocurrency. Researchers warn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
North Korean Hackers Deploy New MoonPeak Trojan in Cyber Campaign
/in General NewsA new remote access trojan called MoonPeak has been discovered as being used by a state-sponsored North Korean threat activity cluster as part of a new campaign.
Cisco Talos attributed the malicious cyber campaign to a hacking group it tracks as UAT-5394, which it said exhibits some level of tactical overlaps with a known nation-state actor codenamed Kimsuky.
MoonPeak, under active development
The Hacker News – Read More
Microsoft Patches Critical Copilot Studio Vulnerability Exposing Sensitive Data
/in General NewsCybersecurity researchers have disclosed a critical security flaw impacting Microsoft’s Copilot Studio that could be exploited to access sensitive information.
Tracked as CVE-2024-38206 (CVSS score: 8.5), the vulnerability has been described as an information disclosure bug stemming from a server-side request forgery (SSRF) attack.
“An authenticated attacker can bypass Server-Side Request
The Hacker News – Read More
Critical Authentication Flaw Haunts GitHub Enterprise Server
/in General NewsGitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users.
The post Critical Authentication Flaw Haunts GitHub Enterprise Server appeared first on SecurityWeek.
SecurityWeek – Read More
More than 3 in 4 Tech Leaders Worry About SaaS Security Threats, New Survey Reveals
/in General NewsThe average enterprise uses 130 different SaaS applications today, up from 80 in 2020, according to Onymos.
Security | TechRepublic – Read More
New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials
/in General NewsNew phishing attacks target iOS and Android users with Progressive Web Applications and WebAPKs to steal banking information.
The post New Phishing Technique Bypasses Security on iOS and Android to Steal Bank Credentials appeared first on SecurityWeek.
SecurityWeek – Read More
Ubuntu Addresses Multiple OpenJDK 8 Vulnerabilities
/in General NewsCanonical has released security fixes for multiple OpenJDK 8 vulnerabilities that could result in denial of service, information disclosure, or arbitrary code execution on certain Ubuntu releases.
Cyware News – Latest Cyber News – Read More
The US Government Wants You—Yes, You—to Hunt Down Generative AI Flaws
/in General NewsAI ethics nonprofit Humane Intelligence and the US National Institute of Standards and Technology are launching a series of contests to get more people probing for problems in generative AI systems.
Security Latest – Read More
Why LinkedIn Developed Its Own AI-Powered Security Platform
/in General NewsAn inside look at how LinkedIn developed an internal AI-assisted vulnerability management system to protect its massive infrastructure and user base.
The post Why LinkedIn Developed Its Own AI-Powered Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Remote Code Execution Vulnerability Addressed in GiveWP Plugin
/in General NewsThe vulnerability, identified as CVE-2024-5932, arises from inadequate validation of user-provided serialized data, allowing attackers to inject harmful PHP objects through the give_title parameter.
Cyware News – Latest Cyber News – Read More