BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
CISOs and Their Companies Struggle to Comply With SEC Disclosure Rules
/in General NewsMost companies still can’t determine whether a breach is material within the four days mandated by the SEC, skewing incident response.
darkreading – Read More
New UK System Will See ISPs Benefit From Same Protections as Government Networks
/in General NewsThe UK’s NCSC has launched a new “Share and Defend” system that will provide internet service providers with the same malicious domain blocklists used to protect government networks, helping to raise cybersecurity resilience across the country.
Cyware News – Latest Cyber News – Read More
Critical Flaw in AI Python Package Can Lead to System and Data Compromise
/in General NewsA critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers.
The post Critical Flaw in AI Python Package Can Lead to System and Data Compromise appeared first on SecurityWeek.
SecurityWeek – Read More
New XM Cyber Research: 80% of Exposures from Misconfigurations, Less Than 1% from CVEs
/in General NewsA new report from XM Cyber has found – among other insights – a dramatic gap between where most organizations focus their security efforts, and where the most serious threats actually reside.
The new report, Navigating the Paths of Risk: The State of Exposure Management in 2024, is based on hundreds of thousands of attack path assessments conducted by the XM Cyber
The Hacker News – Read More
China-Linked Hackers Adopt Two-Stage Infection Tactic to Deploy Deuterbear RAT
/in General NewsCybersecurity researchers have shed more light on a remote access trojan (RAT) known as Deuterbear used by the China-linked BlackTech hacking group as part of a cyber espionage campaign targeting the Asia-Pacific region this year.
“Deuterbear, while similar to Waterbear in many ways, shows advancements in capabilities such as including support for shellcode plugins, avoiding handshakes
The Hacker News – Read More
Black Basta Ransomware Struck More Than 500 Organizations Worldwide
/in General NewsRead about Black Basta ransomware’s impact and how to mitigate it. Plus, learn about recent ransomware trends.
Security | TechRepublic – Read More
CISA Warns of Exploited Vulnerabilities in EOL D-Link Products
/in General NewsCISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw.
The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity Leaders Expect Their SOC Budgets to Grow, KPMG Finds
/in General NewsCybersecurity leaders expect their security operations center (SOC) budgets to grow by up to 20% over the next two years, with the average annual SOC budget currently standing at $14.6 million, according to a survey conducted by KPMG.
Cyware News – Latest Cyber News – Read More
FCC Might Require Telecoms to Report on Securing Internet’s BGP Technology
/in General NewsThe FCC is proposing to mandate that broadband providers develop BGP security plans and document their use of the Resource Public Key Infrastructure (RPKI) security framework.
Cyware News – Latest Cyber News – Read More
Get on Cybersecurity Certification Track With $145 Off These Courses
/in General NewsThis $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.
Security | TechRepublic – Read More