BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
2 (or 5) Bugs in F5 Asset Manager Allow Full Takeover, Hidden Accounts
/in General NewsF5 customers should patch immediately, though even that won’t protect them from every problem with their networked devices.
darkreading – Read More
CyberProof Announces Strategic Partnership With Google Cloud
/in General NewsPost Content
darkreading – Read More
87% of DDoS Attacks Targeted Windows OS Devices in 2023
/in General NewsPost Content
darkreading – Read More
Why Reddit’s new content policy is a big win for your privacy
/in General NewsReddit will continue to sell user data, but it’s enacting restrictions on companies that want to commercialize that data for free. Here’s what’s changing.
Latest stories for ZDNET in Security – Read More
Aggressive Cloud-Security Player Wiz Scores $1B in Funding Round
/in General NewsThe latest round of investment prices the fast-growing cloud native application protection platform (CNAPP) at $12 billion with a simple mandate: Grow quickly through acquisition.
darkreading – Read More
Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity
/in General NewsAccenture Federal Services wins $789 million U.S. Navy SHARKCAGE cybersecurity contract.
The post Accenture Lands $789 Million Contract to Bolster U.S. Navy Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
LockBit Claims Wichita as Its Victim 2 Days After Ransomware Attack
/in General NewsThe city is still investigating the attack, and neither the group nor city officials have offered details about the ransomware demands.
darkreading – Read More
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation
/in General NewsResearchers have detailed a Virtual Private Network (VPN) bypass technique dubbed TunnelVision that allows threat actors to snoop on victim’s network traffic by just being on the same local network.
The “decloaking” method has been assigned the CVE identifier CVE-2024-3661 (CVSS score: 7.6). It impacts all operating systems that implement a DHCP client and has
The Hacker News – Read More
Vast Network of Fake Web Shops Defrauds 850,000 & Counting
/in General NewsChina-based cybercriminal group “BogusBazaar” created tens of thousands of fraudulent online stores based on expired domains to steal payment credentials.
darkreading – Read More
Dell Says Customer Names, Addresses Stolen in Database Breach
/in General NewsTech giant notifies millions of customers that full names and physical mailing addresses were stolen during a security incident.
The post Dell Says Customer Names, Addresses Stolen in Database Breach appeared first on SecurityWeek.
SecurityWeek – Read More