BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
New Fortinet Zero-Day Exploited for Months Before Patch
/in General NewsA Fortinet zero-day tracked as CVE-2024-47575 and named FortiJump has been exploited since at least June 2024.
The post New Fortinet Zero-Day Exploited for Months Before Patch appeared first on SecurityWeek.
SecurityWeek – Read More
What Is PCI Compliance? A Simple Guide for Businesses
/in General NewsSafeguard your customers’ card data using these industry-standard security protocols.
Security | TechRepublic – Read More
Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements
/in General NewsThe Penn State university has agreed to pay $1.25 million to settle alleged failure to meet cybersecurity requirements for DoD and NASA contracts.
The post Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements appeared first on SecurityWeek.
SecurityWeek – Read More
New Scoring System Helps Secure the Open Source AI Model Supply Chain
/in General NewsAI models from Hugging Face can contain similar hidden problems to OSS downloads from repositories such as GitHub.
The post New Scoring System Helps Secure the Open Source AI Model Supply Chain appeared first on SecurityWeek.
SecurityWeek – Read More
Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign
/in General NewsCisco has released patches for multiple vulnerabilities in ASA, FMC, and FTD products, including an exploited flaw.
The post Cisco Patches Vulnerability Exploited in Large-Scale Brute-Force Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Technologist Bruce Schneier on security, society and why we need ‘public AI’ models
/in General NewsThe renowned security expert says fully transparent models can help us turn AI into a tool that produces benefits for everyone.
Latest stories for ZDNET in Security – Read More
Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation
/in General NewsFortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.
Tracked as CVE-2024-47575 (CVSS score: 9.8), the vulnerability is also known as FortiJump and is rooted in the FortiGate to FortiManager (FGFM) protocol.
“A missing authentication for critical function vulnerability [CWE-306] in FortiManager fgfmd daemon may
The Hacker News – Read More
‘Prometei’ Botnet Spreads Its Cryptojacker Worldwide
/in General NewsThe Russian-language malware primarily enlists computers to mine Monero, but theoretically it can do worse.
darkreading – Read More
Hackers Leak 180,000 Esport North Africa User Records a Day Before Tournament Begins
/in General NewsA hacker leaked the personal data of 180,000 Esport North Africa users just before the tournament. While no…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Lazarus Group Exploits Chrome Zero-Day in Latest Campaign
/in General NewsThe North Korean actor is going after cryptocurrency investors worldwide leveraging a genuine-looking game site and AI-generated content and images.
darkreading – Read More