BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
100 Groups Urge Feds to Put UHG on Hook for Breach Notices
/in General NewsOver 100 medical associations and industry groups, representing thousands of U.S. doctors and healthcare professionals, have urged the HHS to hold Change Healthcare accountable for breach notifications following a massive February ransomware attack.
Cyware News – Latest Cyber News – Read More
Veeam Warns of Critical Backup Enterprise Manager Auth Bypass Bug
/in General News?Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).
Cyware News – Latest Cyber News – Read More
MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
/in General NewsAn unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East.
Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, banks, IT companies, and educational institutions. The first-ever compromise dates back to 2021.
“This
The Hacker News – Read More
QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances
/in General NewsTaiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of which could be exploited to achieve code execution on its network-attached storage (NAS) appliances.
The issues, which impact QTS 5.1.x and QuTS hero h5.1.x, are listed below –
CVE-2024-21902 – An incorrect permission assignment for critical resource
The Hacker News – Read More
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
/in General NewsPopular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future.
“As adversarial threats become more sophisticated, so does the need to safeguard user data,” the company said in a statement. “With the launch of post-quantum E2EE, we are doubling down on
The Hacker News – Read More
Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass
/in General NewsUsers of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical security flaw that could permit an adversary to bypass authentication protections.
Tracked as CVE-2024-29849 (CVSS score: 9.8), the vulnerability could allow an unauthenticated attacker to log in to the Veeam Backup Enterprise Manager web interface as
The Hacker News – Read More
SAGE Cyber Launches CISO Planning Tool
/in General NewsAs a newly independent company, SAGE Cyber will offer a platform that helps CISOs make data-driven decisions and optimize their security defenses.
darkreading – Read More
WitnessAI Launches With Guardrails for AI
/in General NewsAI safety platform startup WitnessAI claims to help enterprises use AI safely and effectively with its platform addressing AI privacy, governance, and security.
darkreading – Read More
Picking the Right Database Tech for Cybersecurity Defense
/in General NewsGraph and streaming databases are helping defenders deal with complex, real-time threat and cybersecurity data to find weak points before attackers.
darkreading – Read More
AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks
/in General NewsLeading artificial intelligence companies made pledge to develop AI safely, while world leaders agreed to build a network of publicly backed safety institutes to advance research and testing of the technology.
The post AI Companies Make Fresh Safety Promise at Seoul Summit, Nations Agree to Align Work on Risks appeared first on SecurityWeek.
SecurityWeek – Read More