BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
There Is No Cyber Labor Shortage
/in General NewsThere are plenty of valuable candidates on the market. Hiring managers are simply looking in the wrong places.
darkreading – Read More
SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver
/in General NewsSAP has released 14 new and three updated security notes on its May 2024 Security Patch Day.
The post SAP Patches Critical Vulnerabilities in CX Commerce, NetWeaver appeared first on SecurityWeek.
SecurityWeek – Read More
Millions of Messages Distribute LockBit Black Ransomware
/in General NewsThe attack chain required user interaction to execute the malicious email attachment, which then initiated a network callout to the Phorpiex botnet infrastructure to download and detonate the LockBit Black ransomware.
Cyware News – Latest Cyber News – Read More
iOS and Android owners will now be alerted if an unknown tracker is moving with them
/in General NewsLast year, Apple and Google teamed up to develop a specification for alerting users if a Bluetooth tracking device is surreptitiously monitoring them. That feature just rolled out to iOS and Android users.
Latest stories for ZDNET in Security – Read More
Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks
/in General NewsBy Waqas
Kaspersky’s Global Research and Analysis Team (GReAT) has released its latest quarterly report (Q1 2024) on the advanced persistent threat (APT) activity, highlighting several key trends in the threat and risk environment.
This is a post from HackRead.com Read the original post: Kaspersky Reveals Global Rise in APTs, Hacktivism and Targeted Attacks
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code
/in General NewsThe maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security flaws, including two critical issues that could lead to the execution of arbitrary code.
The most severe of the vulnerabilities are listed below –
CVE-2024-25641 (CVSS score: 9.1) – An arbitrary file write vulnerability in the “Package Import” feature that
The Hacker News – Read More
Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker
/in General NewsRon Reiter was a childhood hacker in Israel. He was recruited into the IDF’s elite Unit 8200 for his military service. Now he is CTO and co-founder of cybersecurity firm Sentra.
The post Hacker Conversations: Ron Reiter, and the Making of a Professional Hacker appeared first on SecurityWeek.
SecurityWeek – Read More
Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks
/in General NewsThreat actors are using DNS tunneling to track victims’ interaction with spam and to scan network infrastructures.
The post Attackers Use DNS Tunneling to Track Victim Activity, Scan Networks appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches Second Chrome Zero-Day in One Week
/in General NewsGoogle has patched CVE-2024-4761, the second exploited vulnerability addressed by the company within one week.
The post Google Patches Second Chrome Zero-Day in One Week appeared first on SecurityWeek.
SecurityWeek – Read More
6 Mistakes Organizations Make When Deploying Advanced Authentication
/in General NewsDeploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying
The Hacker News – Read More