BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Scammers are Selling Fake NSO Pegasus Spyware
/in General NewsCloudSEK researchers found the fake spyware after perusing around 25,000 posts of individuals offering Pegasus and other NSO tools via channels on the messaging service Telegram.
Cyware News – Latest Cyber News – Read More
SEC Fines NYSE Owner ICE for Delay in Reporting VPN Breach
/in General NewsThe U.S. Securities and Exchange Commission (SEC) announced today that a major player in the U.S. financial system has agreed to pay a $10 million penalty for failing to timely report an April 2021 VPN breach.
Cyware News – Latest Cyber News – Read More
China APT Stole Geopolitical Secrets From Middle East, Africa & Asia
/in General NewsOne of China’s biggest espionage operations owes its success to longstanding Microsoft Exchange bugs, open source tools, and old malware.
darkreading – Read More
Using AI, Mastercard Expects to Find Compromised Cards Quicker, Before They Get Used by Criminals
/in General NewsMastercard is integrating AI into its fraud-prediction technology that it expects will be able to see patterns in stolen cards faster and allow banks to replace them before they are used by criminals.
The post Using AI, Mastercard Expects to Find Compromised Cards Quicker, Before They Get Used by Criminals appeared first on SecurityWeek.
SecurityWeek – Read More
Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server
/in General NewsAn authentication bypass vulnerability of maximum severity (CVSS V4 Score: 10.0) tracked as CVE-2024-4985 was recently fixed by GitHub. It impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication.
Cyware News – Latest Cyber News – Read More
Server-Side Credit Card Skimmer Lodged in Obscure Plugin
/in General NewsThere are plenty of widely-used code snippet plugins available but in this case the attackers decided to use a very obscure plugin called Dessky Snippets, with only a few hundred active installations at the time of writing.
Cyware News – Latest Cyber News – Read More
The End of an Era: Microsoft Phases Out VBScript for JavaScript and PowerShell
/in General NewsMicrosoft on Wednesday outlined its plans to deprecate Visual Basic Script (VBScript) in the second half of 2024 in favor of more advanced alternatives such as JavaScript and PowerShell.
“Technology has advanced over the years, giving rise to more powerful and versatile scripting languages such as JavaScript and PowerShell,” Microsoft Program Manager Naveen Shankar said. “These languages
The Hacker News – Read More
Microsoft Build 2024: Copilot AI Will Gain ‘Personal Assistant’ and Custom Agent Capabilities
/in General NewsOther announcements included a Snapdragon Dev Kit for Windows, GitHub Copilot Extensions and the general availability of Azure AI Studio.
Security | TechRepublic – Read More
US Pumps $50M Into Better Healthcare Cyber Resilience
/in General NewsUpgrade, an ARPA-H program, will focus on automating cybersecurity for healthcare institutions so that providers can focus on patient care.
darkreading – Read More
New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea
/in General NewsBy Waqas
Unfading Sea Haze’s modus operandi spans over five years, with evidence dating back to 2018, reveals Bitdefender Labs’ investigation.
This is a post from HackRead.com Read the original post: New APT Group “Unfading Sea Haze” Hits Military Targets in South China Sea
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More