BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
StickmanCyber Report: A Look Inside Australia’s Cybersecurity Skills Crisis
/in General NewsA StickmanCyber report reveals a critical cybersecurity skills shortage in Australia, which can have both short- and long-term business implications
Security | TechRepublic – Read More
Microsoft Warns of Six Windows Zero-Days Being Actively Exploited
/in General NewsMicrosoft’s security response team pushed out documentation for almost 90 vulnerabilities across Windows and OS components and marked several flaws in the actively exploited category.
The post Microsoft Warns of Six Windows Zero-Days Being Actively Exploited appeared first on SecurityWeek.
SecurityWeek – Read More
Adobe Calls Attention to Massive Batch of Code Execution Flaws
/in General NewsPatch Tuesday: Adobe patches 72 security vulnerabilities and warns that Windows and macOS users are at risk of code execution, memory leaks, and denial-of-service attacks.
The post Adobe Calls Attention to Massive Batch of Code Execution Flaws appeared first on SecurityWeek.
SecurityWeek – Read More
GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks
/in General NewsA team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug impacting Chinese chip company T-Head’s XuanTie C910 and C920 RISC-V CPUs that could allow attackers to gain unrestricted access to susceptible devices.
The vulnerability has been codenamed GhostWrite. It has been described as a direct CPU bug embedded in the hardware, as
The Hacker News – Read More
Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service
/in General NewsCybersecurity researchers have discovered two security flaws in Microsoft’s Azure Health Bot Service that, if exploited, could permit a malicious actor to achieve lateral movement within customer environments and access sensitive patient data.
The critical issues, now patched by Microsoft, could have allowed access to cross-tenant resources within the service, Tenable said in a new report shared
The Hacker News – Read More
US Unseals Charges Against Three Eastern Europeans Over Ransomware, Malvertising
/in General NewsMaksim Silnikau was extradited to the US to face charges for roles in the distribution of the Angler exploit kit, malware, and the Ransom Cartel ransomware.
The post US Unseals Charges Against Three Eastern Europeans Over Ransomware, Malvertising appeared first on SecurityWeek.
SecurityWeek – Read More
National Public Data Breach: 2.7bn Records Leaked on Dark Web
/in General NewsIn August, 2.7 billion records from National Public Data, including social security numbers, were leaked on a dark web forum.
Security | TechRepublic – Read More
SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps
/in General NewsSAP has released 25 security notes on August 2024 Security Patch Day, including for critical vulnerabilities in BusinessObjects and Build Apps.
The post SAP Patches Critical Vulnerabilities in BusinessObjects, Build Apps appeared first on SecurityWeek.
SecurityWeek – Read More
The Changing Expectations for Developers in an AI-Coding Future
/in General NewsAI’s proficiency at creating software code won’t put developers out of a job, but the job will change to one focused on security, collaboration, and “mentoring” AI models.
darkreading – Read More
DARPA Aims to Ditch C Code, Move to Rust
/in General NewsThe Defense Advanced Research Projects Agency launches TRACTOR program to work with university and industry researchers on creating a translation system that can turn C code into secure, idiomatic Rust code.
darkreading – Read More