BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Ukraine Hit by Cobalt Strike Campaign Using Malicious Excel Files
/in General NewsBeware Macro! Ukrainian users and cyberinfrastructure are being hit by a new malware campaign in which hackers are…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
NIST Commits to Plan to Resume NVD Work
/in General NewsThe agency aims to burn down the backlog of vulnerabilities waiting to be added to the National Vulnerabilities Database via additional funding, third-party contract, and partnership with CISA.
darkreading – Read More
Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts
/in General NewsProgress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be potentially exploited by a remote attacker to bypass authentication and create rogue administrator users.
The issue, tracked as CVE-2024-4358, carries a CVSS score of 9.8 out of a maximum of 10.0.
“In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or
The Hacker News – Read More
Cox Biz Auth-Bypass Bug Exposes Millions of Devices to Takeover
/in General NewsThe US broadband provider fixed an issue that allowed attackers to gain access to business customers’ modems, and then access info and execute commands with the same permissions of an ISP support team.
darkreading – Read More
ISC2 Provides Opportunity for Employers to Connect With Cybersecurity Job Seekers
/in General NewsPost Content
darkreading – Read More
Perfecting the Proactive Security Playbook
/in General NewsIt’s more important than ever for organizations to prepare themselves and their cybersecurity postures against known and unknown threats.
darkreading – Read More
Details of Atlassian Confluence RCE Vulnerability Disclosed
/in General NewsSonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence.
The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Commits to Vulnerability Plan, But Researchers’ Concerns Remain
/in General NewsThe agency aims to burn down the backlog of vulnerabilities that need enrichment using additional funding and a third-party contract, but what’s the long-term solution?
darkreading – Read More
Progress Patches Critical Vulnerability in Telerik Report Server
/in General NewsA critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality.
The post Progress Patches Critical Vulnerability in Telerik Report Server appeared first on SecurityWeek.
SecurityWeek – Read More
CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability
/in General NewsCISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.
The post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More