BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
User Outcry as Slack Scrapes Customer Data for AI Model Training
/in General NewsSlack reveals it has been training AI/ML models on customer data, including messages, files and usage information. It’s opt-in by default.
The post User Outcry as Slack Scrapes Customer Data for AI Model Training appeared first on SecurityWeek.
SecurityWeek – Read More
Is an Open-Source AI Vulnerability Next?
/in General NewsThe challenges within the AI supply chain mirror those of the broader software supply chain, with added complexity when integrating large language models (LLMs) or machine learning (ML) models into organizational frameworks.
Cyware News – Latest Cyber News – Read More
RSAC 2024 reveals the impact AI is having on strengthening cybersecurity infrastructure
/in General NewsQuickly progressing from first-generation chatbots to an essential ingredient of the high-octane fuel that’s running hyperscalers and cybersecurity platforms, AI’s dominance at RASC 2024 proves it is the DNA of cybersecurity. RSAC’s theme of “the art of the possible” sums up how cybersecurity vendors are looking to ca…Read More
Security News | VentureBeat – Read More
Breach Forums Admin ShinyHunters Claims Domain Reclaimed from FBI
/in General NewsBy Waqas
Breach Forums, a notorious cybercrime hub, could be back online with the same domain even after the FBI seizure. Hackers claim to have regained access to the clear web domain, while the dark web version remains in a tug-of-war.
This is a post from HackRead.com Read the original post: Breach Forums Admin ShinyHunters Claims Domain Reclaimed from FBI
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
SEC to Require Financial Firms to Have Data Breach Incident Plans
/in General NewsThe SEC now requires certain financial institutions to have written policies for detecting, addressing, and notifying customers of data breaches involving their personal information.
Cyware News – Latest Cyber News – Read More
400K Linux Servers Recruited by Resurrected Ebury Botnet
/in General NewsCryptocurrency theft and financial fraud are the new M.O. of the 15-year-old malware operation that has hit organizations around the globe.
darkreading – Read More
UK Lags Europe on Exploited Vulnerability Remediation
/in General NewsA report from Bitsight revealed that UK organizations are taking significantly longer than their European counterparts to remediate software vulnerabilities listed in the US CISA’s Known Exploited Vulnerability (KEV) catalog.
Cyware News – Latest Cyber News – Read More
In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack
/in General NewsNoteworthy stories that might have slipped under the radar: FBI is targeting Scattered Spider, Australia’s MediSecure hacked, new Wi-Fi attack.
The post In Other News: MediSecure Hack, Scattered Spider Targeted by FBI, New Wi-Fi Attack appeared first on SecurityWeek.
SecurityWeek – Read More
OWASP Dep-Scan: Open-Source Security and Risk Audit Tool
/in General NewsOWASP dep-scan is an open-source security and risk assessment tool that analyzes project dependencies to identify vulnerabilities, licensing issues, and potential risks like dependency confusion attacks.
Cyware News – Latest Cyber News – Read More
Whose Data Is It Anyway? Equitable Access in Cybersecurity
/in General NewsCybersecurity cannot be solely about defending against threats; it must also empower organizations with their data.
darkreading – Read More