BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Threat Actors Abuse GitHub to Distribute Multiple Information Stealers
/in General NewsRussian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.
The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek.
SecurityWeek – Read More
SideCopy APT Campaign Found Targeting Indian Universities
/in General NewsActive since May 2023, the SideCopy APT campaign targets university students through sophisticated infection chains involving malicious LNK files, HTAs, and loader DLLs disguised as legitimate documents.
Cyware News – Latest Cyber News – Read More
Australia: AFL Players Call for Data Protection Overhaul as Concerns Include Drug Test Results
/in General NewsAFL players are concerned about the risk of their personal and sensitive information, such as drug test results and psychologist session notes, being leaked onto the dark web due to inadequate data protection measures.
Cyware News – Latest Cyber News – Read More
CISA, FBI, and DHS Unveil Cybersecurity Guide For Civil Society Groups
/in General NewsThe publication Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society is designed to provide high-risk communities with actionable steps to bolster their cybersecurity defenses.
Cyware News – Latest Cyber News – Read More
Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities
/in General NewsIntel has published 41 new May 2024 Patch Tuesday advisories covering a total of more than 90 vulnerabilities.
The post Intel Publishes 41 Security Advisories for Over 90 Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
AI Is an Expert Liar
/in General NewsAI systems trained to excel at tasks can learn to lie and deceive in order to gain an advantage, posing serious risks to society such as fraud, election tampering, and even the potential loss of human control over AI.
Cyware News – Latest Cyber News – Read More
NIST Issues New Guidelines on Protecting Unclassified Data in Government Systems
/in General NewsThe NIST issued new guidelines to help federal agencies and their private sector contractors better protect sensitive unclassified information, known as Controlled Unclassified Information (CUI), from cyber threats, particularly supply chain risks.
Cyware News – Latest Cyber News – Read More
Several Vulnerabilities Addressed in Ubuntu 24.04
/in General NewsUbuntu 24.04 LTS has addressed several security vulnerabilities, including issues in less, Glibc, Curl, GnuTLS, libvirt, and Pillow, which could potentially lead to denial of service or arbitrary code execution.
Cyware News – Latest Cyber News – Read More
3 Tips for Becoming the Champion of Your Organization’s AI Committee
/in General NewsCISOs are now considered part of the organizational executive leadership and have both the responsibility and the opportunity to drive not just security but business success.
darkreading – Read More
(Cyber) Risk = Probability of Occurrence x Damage
/in General NewsHere’s How to Enhance Your Cyber Resilience with CVSS
In late 2023, the Common Vulnerability Scoring System (CVSS) v4.0 was unveiled, succeeding the eight-year-old CVSS v3.0, with the aim to enhance vulnerability assessment for both industry and the public. This latest version introduces additional metrics like safety and automation to address criticism of lacking granularity
The Hacker News – Read More