BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
NHIs Are the Future of Cybersecurity: Meet NHIDR
/in General NewsThe frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity (NHI), they can swiftly exploit it to move laterally across systems, identifying vulnerabilities and compromising additional NHIs in minutes. While organizations often take
The Hacker News – Read More
Portugal’s Tekever raises $74M for dual-use drone platform deployed to Ukraine
/in General NewsDual-use drone startup Tekever has raised €70 million ($74 million) to develop its product and expand into new markets, specifically the U.S.. The news is part of a trend of smaller tech-driven startups moving into markets normally dominated by large ‘defense primes’. It also shows that unmanned aerial drones are becoming far more sophisticated, in […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
Linux Variant of Helldown Ransomware Targets VMware ESX Servers
/in General NewsCybersecurity firm Sekoia has discovered a new variant of Helldown ransomware. The article details their tactics and how…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Inside the Booming ‘AI Pimping’ Industry
/in General NewsAI-generated influencers based on stolen images of real-life adult content creators are flooding social media.
Security Latest – Read More
Cyera Raises $300 Million at $3 Billion Valuation
/in General NewsData security firm Cyera has raised $300 million in Series D funding, which brings the total investment in the company to $760 million.
The post Cyera Raises $300 Million at $3 Billion Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Ford Says Leaked Data Comes From Supplier and Is Not Sensitive
/in General NewsFord has completed its investigation into recent data breach claims and determined that its systems and customer data have not been compromised.
The post Ford Says Leaked Data Comes From Supplier and Is Not Sensitive appeared first on SecurityWeek.
SecurityWeek – Read More
Web Security 101: Understanding Cross-Origin Resource Sharing (CORS)
/in General NewsContinuing the web security headers series, after covering HSTS (Strict Transport Security), and CSP (Content Security Policy), now comes a more painful security header, so to speak. Painful, at least for web developers. And if we don’t want to generalize, CORS represented a painful header, or something that I always needed to bypass on the localhost environment when started working on a new app.
Source
TechSplicer – Read More
African Reliance on Foreign Suppliers Boosts Insecurity Concerns
/in General NewsRecent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors.
darkreading – Read More
China-Backed Hackers Leverage SIGTRAN, GSM Protocols to Infiltrate Telecom Networks
/in General NewsA new China-linked cyber espionage group has been attributed as behind a series of targeted cyber attacks targeting telecommunications entities in South Asia and Africa since at least 2020 with the goal of enabling intelligence collection.
Cybersecurity company CrowdStrike is tracking the adversary under the name Liminal Panda, describing it as possessing deep knowledge about telecommunications
The Hacker News – Read More
Oracle Warns of Agile PLM Vulnerability Currently Under Active Exploitation
/in General NewsOracle is warning that a high-severity security flaw impacting the Agile Product Lifecycle Management (PLM) Framework has been exploited in the wild.
The vulnerability, tracked as CVE-2024-21287 (CVSS score: 7.5), could be exploited sans authentication to leak sensitive information.
“This vulnerability is remotely exploitable without authentication, i.e., it may be exploited over a network
The Hacker News – Read More