BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Critical GitLab Bug Lets Attackers Run Pipelines as Other Users
/in General NewsThe vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.
Cyware News – Latest Cyber News – Read More
The best portable power stations of 2024: Expert tested and reviewed
/in General NewsGoing off the grid, or need power in a pinch during a power outage? I tested the best portable power stations to keep your devices running.
Latest news – Read More
ViperSoftX Info-Stealing Malware Being Distributed Through Fake Ebooks
/in General NewsOriginally detected in 2020, the ViperSoftX malware now incorporates more sophisticated evasion tactics by using the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts distributed through pirated eBook copies.
Cyware News – Latest Cyber News – Read More
‘Crystalray’ Attacks Jump 10X, Using Only OSS to Steal Credentials
/in General NewsRemember when hackers used to write their own malware? Kids these days don’t want to work, they just want freely available tools to do it for them.
darkreading – Read More
Risk Escalates as Communication Channels Proliferate
/in General NewsA survey by data security company Kiteworks reveals that around 60% of organizations struggle to track their information once it leaves through communication channels like email.
Cyware News – Latest Cyber News – Read More
GitLab Ships Update for Critical Pipeline Execution Vulnerability
/in General NewsGitLab issues an advisory for a critical-severity vulnerability that allows an attacker to trigger a pipeline as another user.
The post GitLab Ships Update for Critical Pipeline Execution Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
The 30 best early Prime Day 2024 TV deals
/in General NewsAmazon Prime Day is just around the corner, but you don’t have to wait to save big on TVs from Samsung, Sony, LG, and more.
Latest news – Read More
Chinese APT41 Upgrades Malware Arsenal with DodgeBox and MoonWalk
/in General NewsThe China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an “advanced and upgraded version” of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk.
The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in
The Hacker News – Read More
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
/in General NewsSecurity researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.
Cyware News – Latest Cyber News – Read More
AI-Driven Scam Ads: Deepfake Tech Used to Peddle Bogus Health Products
/in General NewsScammers are leveraging deepfake technology to create convincing health and celebrity-endorsed ads on social media, targeting millions globally.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More