BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Research Uncovers New Microsoft Outlook Vulnerability
/in General NewsA new vulnerability has been discovered in Microsoft Outlook by security researchers, labeled as CVE-2024-38173 with a CVSS score of 6.7. This Form Injection RCE flaw is similar to a previous vulnerability, CVE-2024-30103, patched in July 2024.
Cyware News – Latest Cyber News – Read More
New ValleyRAT Malware Targets Chinese Windows Users in Multi-Stage Attack
/in General NewsA sophisticated ValleyRAT campaign is targeting Chinese Windows users. Learn about the malware’s multi-stage attack, its ability to…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New Phishing Attack Uses Sophisticated Infostealer Malware
/in General NewsA new phishing attack with advanced infostealer malware has been discovered by analysts. The malware collects sensitive data like passwords, cookies, credit card info, and browsing history.
Cyware News – Latest Cyber News – Read More
Windows TCP/IP RCE Impacts all Systems with IPv6 Enabled, Patch Now
/in General NewsA critical TCP/IP remote code execution (RCE) vulnerability affecting all Windows systems with IPv6 enabled has been discovered, prompting Microsoft to issue a warning urging users to patch their systems immediately.
Cyware News – Latest Cyber News – Read More
Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw
/in General NewsSecurity experts are ratcheting up the urgency for Windows admins to patch a wormable, pre-auth remote code execution vulnerability in the Windows TCP/IP stack.
The post Zero-Click Exploit Concerns Drive Urgent Patching of Windows TCP/IP Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
SolarWinds Urges Upgrade After Revealing Critical RCE Bug
/in General NewsSolarWinds is advising customers to upgrade their Web Help Desk platform due to a critical vulnerability, CVE-2024-28986, discovered by Inmarsat Government researchers. The bug allows for remote code execution through Java deserialization.
Cyware News – Latest Cyber News – Read More
Black Basta Ransomware Gang Linked to a Malware Campaign
/in General NewsThe attacks, detected on June 20, 2024, show threat actors using various tools like AnyDesk and AntiSpam.exe to harvest credentials. They also deploy payloads like Golang HTTP beacons and Socks proxy beacons.
Cyware News – Latest Cyber News – Read More
SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software
/in General NewsSolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to execute arbitrary code on susceptible instances.
The flaw, tracked as CVE-2024-28986 (CVSS score: 9.8), has been described as a deserialization bug.
“SolarWinds Web Help Desk was found to be susceptible to a Java deserialization remote code execution vulnerability
The Hacker News – Read More
Ransomware Attacks on Industrial Firms Surged in Q2 2024
/in General NewsDragos has seen a significant increase in ransomware attacks on industrial organizations in Q2 2024 compared to the previous quarter.
The post Ransomware Attacks on Industrial Firms Surged in Q2 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Beyond the Hype: Unveiling the Realities of WormGPT in Cybersecurity
/in General NewsThough WormGPT tools may not be a major problem now, organizations can’t let their guard down.
darkreading – Read More