BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Snowflake Data Breach Impacts Ticketmaster, Other Organizations
/in General NewsTicketmaster and other organizations have been affected by a data breach at cloud AI data platform Snowflake.
The post Snowflake Data Breach Impacts Ticketmaster, Other Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Andariel Hackers Target South Korean Institutes with New Dora RAT Malware
/in General NewsThe North Korea-linked threat actor known as Andariel has been observed using a new Golang-based backdoor called Dora RAT in its attacks targeting educational institutes, manufacturing firms, and construction businesses in South Korea.
“Keylogger, Infostealer, and proxy tools on top of the backdoor were utilized for the attacks,” the AhnLab Security Intelligence Center (ASEC) said in a report
The Hacker News – Read More
Secrets Exposed in Hugging Face Hack
/in General NewsAI tool development platform Hugging Face has detected a Spaces hack that resulted in the exposure of secrets.
The post Secrets Exposed in Hugging Face Hack appeared first on SecurityWeek.
SecurityWeek – Read More
As Allies, Kenya & US Aim to Bolster Digital Security in Africa
/in General NewsAmid surging attacks, Kenya aims to expand its technology sector and improve cybersecurity to protect the country’s fast-growing digital economy.
darkreading – Read More
Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware
/in General NewsFake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2).
“Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,” cybersecurity firm eSentire said in a new report. “In April 2024, we observed FakeBat being distributed
The Hacker News – Read More
Lawyers Ask Forensics Investigators for Help Outside Cybersecurity
/in General NewsAttorneys are increasingly realizing that forensics investigators have skills analyzing documents and uncovering digital clues that could help them in non-cybersecurity cases.
darkreading – Read More
The Ticketmaster Data Breach May Be Just the Beginning
/in General NewsData breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be uncovered.
Security Latest – Read More
Mysterious Hack Destroyed 600,000 Internet Routers
/in General NewsPlus: A whistleblower claims the Biden administration falsified a report on Gaza, “Operation Endgame” disrupts the botnet ecosystem, and more.
Security Latest – Read More
AI Company Hugging Face Notifies Users of Suspected Unauthorized Access
/in General NewsArtificial Intelligence (AI) company Hugging Face on Friday disclosed that it detected unauthorized access to its Spaces platform earlier this week.
“We have suspicions that a subset of Spaces’ secrets could have been accessed without authorization,” it said in an advisory.
Spaces offers a way for users to create, host, and share AI and machine learning (ML) applications. It also functions as a
The Hacker News – Read More
An interview with the most prolific jailbreaker of ChatGPT and other leading LLMs
/in General NewsPliny the Prompter has been finding ways to jailbreak, or remove the prohibitions and restrictions on leading LLMs, since last year.Read More
Security News | VentureBeat – Read More