BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
GHOSTENGINE Exploits Vulnerable Drivers to Disable EDRs in Cryptojacking Attack
/in General NewsCybersecurity researchers have discovered a new cryptojacking campaign that employs vulnerable drivers to disable known security solutions (EDRs) and thwart detection in what’s called a Bring Your Own Vulnerable Driver (BYOVD) attack.
Elastic Security Labs is tracking the campaign under the name REF4578 and the primary payload as GHOSTENGINE. Previous research from Chinese
The Hacker News – Read More
Beware – Your Customer Chatbot is Almost Certainly Insecure: Report
/in General NewsAs chatbots become more adventurous, the dangers will increase.
The post Beware – Your Customer Chatbot is Almost Certainly Insecure: Report appeared first on SecurityWeek.
SecurityWeek – Read More
Authelia: Open-Source Authentication and Authorization Server
/in General NewsAuthelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests.
Cyware News – Latest Cyber News – Read More
Exploring the Depths of SolarMarker’s Multi-tiered Infrastructure
/in General NewsThe core of SolarMarker’s operations is its layered infrastructure, which consists of at least two clusters: a primary one for active operations and a secondary one likely used for testing new strategies or targeting specific regions or industries.
Cyware News – Latest Cyber News – Read More
Set of Bugs Puts Software Company and IoT Device Makers Into Motion
/in General NewsCybersecurity researchers and Internet of Things (IoT) technology companies say they worked together to eliminate four software vulnerabilities that could have given malicious hackers deep access to networks.
Cyware News – Latest Cyber News – Read More
Chrome 125 Update Patches High-Severity Vulnerabilities
/in General NewsGoogle released a Chrome 125 update to resolve four high-severity vulnerabilities reported by external researchers.
The post Chrome 125 Update Patches High-Severity Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Optimizing LMS Integration: 7 Strategies for Enhanced Blended Learning
/in General NewsBy Uzair Amir
Blended learning, a method that melds in-person teaching with online learning, has become increasingly popular recently. This innovative…
This is a post from HackRead.com Read the original post: Optimizing LMS Integration: 7 Strategies for Enhanced Blended Learning
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Zoom Adds ‘Post-Quantum’ Encryption for Video Conferencing
/in General NewsTo enable E2EE, all meeting participants must join from the Zoom desktop or mobile app. While those hosting a meeting on a free account can use E2EE, they will still need to verify their phone number via an SMS-delivered code.
Cyware News – Latest Cyber News – Read More
AI Chatbots Highly Vulnerable to Jailbreaks, UK Researchers Find
/in General NewsIn a May 2024 update published ahead of the AI Seoul Summit 2024, co-hosted by the UK and South Korea on 21-22 May, the UK AISI shared the results of a series of tests performed on five leading AI chatbots.
Cyware News – Latest Cyber News – Read More
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
/in General NewsOver 100 medical associations and industry groups, representing thousands of U.S. doctors and healthcare professionals, have urged the HHS to hold Change Healthcare accountable for breach notifications following a massive February ransomware attack.
Cyware News – Latest Cyber News – Read More