BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers
/in General NewsCybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data.
“The vulnerabilities range in severity: in many cases a malicious server can inject files, tamper with file data, and even gain direct access to plaintext,” ETH Zurich researchers Jonas Hofmann and Kien Tuong Truong
The Hacker News – Read More
DPRK Uses Microsoft Zero-Day in No-Click Toast Attacks
/in General NewsThe “Code-on-Toast” supply chain cyberattacks by APT37 delivered data-stealing malware to users in South Korea who had enabled Toast pop-up ads.
darkreading – Read More
Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal
/in General NewsCyprus said that it has successfully thwarted a DDoS attack aimed at blocking access to the government’s central online portal.
The post Cyprus Thwarted a Digital Attack Against the Government’s Main Online Portal appeared first on SecurityWeek.
SecurityWeek – Read More
“HM Surf” macOS Flaw Lets Attackers Access Camera and Mic – Patch Now!
/in General NewsResearchers at Microsoft discovered a new macOS vulnerability, “HM Surf” (CVE-2024-44133), which bypasses TCC protections, allowing unauthorized access…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
The AI edge in cybersecurity: Predictive tools aim to slash response times
/in General NewsAI’s ability to sift through massive amounts of data, identify patterns and constantly learn makes it invaluable in cybersecurity.Read More
Security News | VentureBeat – Read More
Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries
/in General NewsA new Gorilla Botnet has launched massive DDoS attacks, targeting over 100 countries, according to cybersecurity firm NSFOCUS.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Hackers Exploit Roundcube Webmail XSS Vulnerability to Steal Login Credentials
/in General NewsUnknown threat actors have been observed attempting to exploit a now-patched security flaw in the open-source Roundcube webmail software as part of a phishing attack designed to steal user credentials.
Russian cybersecurity company Positive Technologies said it discovered last month that an email was sent to an unspecified governmental organization located in one of the Commonwealth of
The Hacker News – Read More
North Korean IT Workers in Western Firms Now Demanding Ransom for Stolen Data
/in General NewsNorth Korean information technology (IT) workers who obtain employment under false identities in Western companies are not only stealing intellectual property, but are also stepping up by demanding ransoms in order to not leak it, marking a new twist to their financially motivated attacks.
“In some instances, fraudulent workers demanded ransom payments from their former employers after gaining
The Hacker News – Read More
Hackers Use Fake ESET Emails to Target Israeli Firms with Wiper Malware
/in General NewsHackers impersonate ESET in phishing attacks targeting Israeli organizations. Malicious emails, claiming to be from ESET, deliver wiper…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
23andMe faces an uncertain future — so does your genetic data
/in General NewsFinancial and security chaos at the once-pioneering genetic testing firm has intensified concerns about user data. Here’s how to take action.
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More