BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
The Disinformation Warning Coming From the Edge of Europe
/in General NewsMoldova is facing a tide of disinformation unprecedented in complexity and aggression, the head of a new center meant to combat it tells WIRED. And platforms like Facebook, TikTok, Telegram and YouTube could do more.
Security Latest – Read More
Southeast Asia reiterates pledge to collaborate amid growing cyber threats in AI era
/in General NewsASEAN member states now have a physical CERT facility located in Singapore to exchange threat intel and best practices.
Latest stories for ZDNET in Security – Read More
MacOS Safari ‘HM Surf’ Exploit Exposes Camera, Mic, Browser Data
/in General NewsMicrosoft researchers toyed with app permissions to uncover CVE-2024-44133, using it to access sensitive user data. Adware merchants may have as well.
darkreading – Read More
Time to Get Strict With DMARC
/in General NewsAdoption of the email authentication and policy specification remains low, and only about a tenth of DMARC-enabled domains enforce policies. Everyone is waiting for major email providers to get strict.
darkreading – Read More
CISOs: Throwing Cash at Tools Isn’t Helping Detect Breaches
/in General NewsA survey shows three-quarters of CISOs are drowning in threat detections put out by a sprawling stack of tools, yet still lack the basic visibility necessary to identify breaches.
darkreading – Read More
ESET-Branded Wiper Attack Targets Israel; Firm Denies Compromise
/in General NewsThe security firm is denying an assessment that its systems were compromised in Israel by pro-Palestinian cyberattackers, but acknowledged an attack on one of its partners.
darkreading – Read More
Vulnerabilities, AI Compete for Software Developers’ Attention
/in General NewsThis year, the majority of developers have adopted AI assistants to help with coding and improve code output, but most are also creating more vulnerabilities that take longer to remediate.
darkreading – Read More
Iranian Hackers Target Microsoft 365, Citrix Systems with MFA Push Bombing
/in General NewsIranian hackers are targeting critical infrastructure organizations with brute force tactics. This article explores their techniques, including MFA…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Are your Venmo transactions still public? Here’s why – and how – to change that ASAP
/in General NewsYou’re probably revealing more information than you realize when you use Venmo.
Latest stories for ZDNET in Security – Read More
CISA confirms Veeam vulnerability is being used in ransomware attacks
/in General NewsCISA added CVE-2024-40711 to its Known Exploited Vulnerabilities database and specified that the bug in Veeam software products is being used to facilitate ransomware attacks.
The Record from Recorded Future News – Read More