BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
More Than Two Dozen Android Vulnerabilities Fixed
/in General NewsXiaomi resolved 20 flaws, ensuring user safety by fixing issues like arbitrary access to system components and data leaks. Google also fixed six vulnerabilities, including geolocation access through the camera and arbitrary file access.
Cyware News – Latest Cyber News – Read More
Top 5 Global Cyber Security Trends of 2023, According to Google Report
/in General NewsAccording to the M-Trends report, the average time it takes for an organisation to detect an attacker in their environment has decreased from 16 days in 2022 to 10 days in 2023.
Security | TechRepublic – Read More
U.K., U.S. and Canadian Cyber Authorities Warn of Pro-Russia Hacktivist Attacks on Operational Technology Systems
/in General NewsThe U.K.’s National Cyber Security Centre, along with U.S. and Canadian cyber authorities, has identified a rise in attacks against OT operators since 2022.
Security | TechRepublic – Read More
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
/in General NewsPatch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
darkreading – Read More
How Are APAC Tech Salaries Faring in 2024?
/in General NewsThe year 2024 is bringing a return to stable tech salary growth in APAC, with AI and data jobs leading the way. This follows downward salary pressure in 2023, after steep increases in previous years.
Security | TechRepublic – Read More
North Korean Hackers Spoofing Journalist Emails to Spy on Experts
/in General NewsNorth Korean threat actors, specifically the Kimsuky group, are exploiting weakly configured DMARC protocols to spoof the email addresses of legitimate journalists, academics, and other experts in East Asian affairs.
Cyware News – Latest Cyber News – Read More
LayerX Raises $26 Million for Browser Security Platform
/in General NewsIsraeli startup LayerX Security banks $25 million in new financing as investors continue to pour money into secure web browsing technologies.
The post LayerX Raises $26 Million for Browser Security Platform appeared first on SecurityWeek.
SecurityWeek – Read More
US Says North Korean Hackers Exploiting Weak DMARC Settings
/in General NewsThe US government warns of a North Korean threat actor abusing weak email DMARC settings to hide spear-phishing attacks.
The post US Says North Korean Hackers Exploiting Weak DMARC Settings appeared first on SecurityWeek.
SecurityWeek – Read More
reNgine: Open-Source Automated Reconnaissance Framework for Web Applications
/in General NewsDeveloped to address limitations in existing tools, reNgine is beneficial for bug bounty hunters, penetration testers, and corporate security teams by automating and enhancing their information collection processes.
Cyware News – Latest Cyber News – Read More
DeepKeep Secures $10M in Seed Funding to Boost GenAI Protection Endeavors
/in General NewsFounded in 2021 by Rony Ohayon, DeepKeep specializes in AI-Native Trust, Risk, and Security Management (TRiSM). The platform caters to large corporations reliant on AI, GenAI, and LLM technologies for risk management and growth protection.
Cyware News – Latest Cyber News – Read More