BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation
/in General NewsGoogle on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-4761, is an out-of-bounds write bug impacting the V8 JavaScript and WebAssembly engine. It was reported anonymously on May 9, 2024.
Out-of-bounds write bugs could be typically
The Hacker News – Read More
Southeast Asian Scam Syndicates Stealing $64 Billion Annually, Researchers Find
/in General NewsResearchers have found that Southeast Asian scam syndicates are stealing an estimated $64 billion annually through various online fraud operations, with the majority of the losses occurring in Cambodia, Laos, and Myanmar.
Cyware News – Latest Cyber News – Read More
DNS Tunneling Used for Stealthy Scans and Email Tracking
/in General NewsBy Deeba Ahmed
Hackers are hiding malicious messages in everyday internet traffic! Learn how DNS tunneling works and how to protect yourself from this sneaky cyberattack. Stop hackers from scanning your network and tracking your clicks.
This is a post from HackRead.com Read the original post: DNS Tunneling Used for Stealthy Scans and Email Tracking
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Google Chrome Emergency Update Fixes Sixth Zero-Day Exploited in 2024
/in General NewsThe latest bug is tracked as CVE-2024-4761. It is an out-of-bounds write problem impacting Chrome’s V8 JavaScript engine, which is responsible for executing JS code in the application.
Cyware News – Latest Cyber News – Read More
Cyber Insurers Pledge to Help Reduce Ransom Payments
/in General NewsThe UK’s NCSC and major insurance associations have partnered to help reduce the profitability of ransomware attacks by providing better support and guidance to victims, encouraging resilience, and promoting alternatives to paying ransoms.
Cyware News – Latest Cyber News – Read More
VMware Patches Vulnerabilities Exploited at Pwn2Own 2024
/in General NewsVMware has patched three vulnerabilities exploited earlier this year at the Pwn2Own hacking competition.
The post VMware Patches Vulnerabilities Exploited at Pwn2Own 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
DNS Tunneling Abuse Expands to Tracking & Scanning Victims
/in General NewsSeveral campaigns are leveraging the evasive tactic to provide useful insights into victims’ online activities and find new ways to compromise organizations.
darkreading – Read More
There Is No Cyber Labor Shortage
/in General NewsThere are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.
darkreading – Read More
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
/in General NewsSAP has released 14 new and three updated security notes on its May 2024 Security Patch Day.
The post SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver appeared first on SecurityWeek.
SecurityWeek – Read More
Millions of Messages Distribute LockBit Black Ransomware
/in General NewsThe attack chain required user interaction to execute the malicious email attachment, which then initiated a network callout to the Phorpiex botnet infrastructure to download and detonate the LockBit Black ransomware.
Cyware News – Latest Cyber News – Read More