BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
QNAP QTS Zero-Day in Share Feature Gets Public RCE Exploit
/in General NewsAn extensive security audit of QNAP QTS, the operating system for the company’s NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed.
Cyware News – Latest Cyber News – Read More
Consumers Continue to Overestimate Their Ability to Spot Deepfakes
/in General NewsThe Jumio 2024 Online Identity Study reveals that while consumers are increasingly concerned about the risks posed by deepfakes and generative AI, they continue to overestimate their ability to detect these deceptions.
Cyware News – Latest Cyber News – Read More
Eventbrite Promoted Illegal Opioid Sales to People Searching for Addiction Recovery Help
/in General NewsA WIRED investigation found thousands of Eventbrite posts selling escort services and drugs like Xanax and oxycodone—some of which the company’s algorithm recommended alongside addiction recovery events.
Security Latest – Read More
EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems
/in General NewsThe EPA has issued an enforcement alert, outlining the steps needed to comply with the Safe Drinking Water Act.
The post EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems appeared first on SecurityWeek.
SecurityWeek – Read More
Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox
/in General NewsA critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by threat actors to achieve arbitrary code execution.
Tracked as CVE-2024-34359 (CVSS score: 9.7), the flaw has been codenamed Llama Drama by software supply chain security firm Checkmarx.
“If exploited, it could allow attackers to execute arbitrary code on your system,
The Hacker News – Read More
CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw
/in General NewsCISA has added CVE-2023-43208, an unauthenticated remote code execution vulnerability, to its KEV catalog.
The post CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw appeared first on SecurityWeek.
SecurityWeek – Read More
How to Install a VPN on Your Router
/in General NewsTrying to figure out how to install a VPN on your router? Read our step-by-step guide to help you get started.
Security | TechRepublic – Read More
CISA Warns of Actively Exploited NextGen Mirth Connect Pre-Auth RCE Vulnerability
/in General NewsThe CISA has required federal agencies to update to a patched version of Mirth Connect (version 4.4.1 or later) by June 10, 2024, to secure their networks against active threats.
Cyware News – Latest Cyber News – Read More
Chinese Telco Gear May Get Banned in Germany
/in General NewsGermany is considering banning the use of Huawei and ZTE equipment in its 5G networks due to national security concerns, despite industry opposition and the potential high costs associated with the removal of the Chinese-made technology.
Cyware News – Latest Cyber News – Read More
North Korea-Linked Kimsuky APT Attack Targets Victims via Messenger
/in General NewsResearchers at Genians Security Center (GSC) identified the North Korea-linked Kimsuky APT group targeting victims via Facebook Messenger, using fake accounts posing as South Korean officials to deliver malware.
Cyware News – Latest Cyber News – Read More