BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack
/in General NewsIntercontinental Exchange, the company that operates NYSE and other exchanges, has agreed to pay a $10 million fine related to a 2021 hack.
The post NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Why We Need to Get a Handle on AI
/in General NewsIt will be interesting to see how AI continues to evolve and how it is used by defenders as they attempt to leapfrog attackers and protect the organization against new forms of AI attacks.
The post Why We Need to Get a Handle on AI appeared first on SecurityWeek.
SecurityWeek – Read More
Newly Detected Chinese Group Targeting Military, Government Entities
/in General NewsUnfading Sea Haze has been targeting military and government entities in South China Sea countries since 2018.
The post Newly Detected Chinese Group Targeting Military, Government Entities appeared first on SecurityWeek.
SecurityWeek – Read More
400,000 Impacted by CentroMed Data Breach
/in General NewsThe personal information of 400,000 individuals was compromised in a data breach at El Centro Del Barrio (CentroMed).
The post 400,000 Impacted by CentroMed Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Apple Wi-Fi Positioning System Open to Global Tracking Abuse
/in General NewsApple is one of several companies, along with Google, Skyhook, and others, that operate a WPS. They offer client devices a way to determine their location that’s more energy efficient than using the Global Positioning System (GPS).
Cyware News – Latest Cyber News – Read More
Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report
/in General NewsAttackers are getting more sophisticated, better armed, and faster. Nothing in Rapid7’s 2024 Attack Intelligence Report suggests that this will change.
The post Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report appeared first on SecurityWeek.
SecurityWeek – Read More
Former White House Cyber Official Jeff Greene to Join CISA
/in General NewsFormer White House National Security Council cyber staff member Jeff Greene, the current cybersecurity programs director at the Aspen Institute think tank, is joining the CISA next month, the agency confirmed.
Cyware News – Latest Cyber News – Read More
OpenText Boosts MDR Offering for MSPs With Pillr Acquisition
/in General NewsThe MDR business was stood up in 2018 as a standalone unit within Novacoast, and rebranded in September 2022 from novaSOC to Pillr. Novacoast CEO Paul Anderson served as Pillr’s chief executive for most of its existence.
Cyware News – Latest Cyber News – Read More
My 5 must-have extensions for Firefox on Android (and what I use them for)
/in General NewsIf you’ve already switched to Firefox on Android, or are considering making the switch, you might be interested in knowing the mobile browser includes extensions to boost the feature set. Here are my favorites.
Latest stories for ZDNET in Security – Read More
Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager
/in General NewsIvanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited to achieve remote code execution under certain circumstances.
Six of the 10 vulnerabilities – from CVE-2024-29822 through CVE-2024-29827 (CVSS scores: 9.6) – relate to SQL injection flaws that allow an unauthenticated attacker within the same network to
The Hacker News – Read More