BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere
/in General NewsBy cybernewswire
Tel Aviv, Israel, May 2nd, 2024, CyberNewsWire Early adoption by Fortune 100 companies worldwide, LayerX already secures more…
This is a post from HackRead.com Read the original post: LayerX Security Raises $24M for its Browser Security Platform, Enabling Employees to Work Securely from Any Browser, Anywhere
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISA Adds GitLab Flaw to its Known Exploited Vulnerabilities Catalog
/in General NewsThis flaw allows for an account takeover via Password Reset, enabling attackers to hijack accounts without any interaction. The affected versions range from 16.1 to 16.7, with GitLab releasing patches for versions 16.1.6 to 16.7.2.
Cyware News – Latest Cyber News – Read More
NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms
/in General NewsThe initiative is designed to mitigate the threat of consumer-grade devices being targeted by commercial spyware, potentially enabling sophisticated threat actors to use these as a stepping stone into back-end corporate systems and data.
Cyware News – Latest Cyber News – Read More
LockBit, Black Basta, Play Dominate Ransomware in Q1 2024
/in General NewsLockBit, Black Basta, and Play have been observed to be the most active ransomware groups in Q1 2024, with Black Basta experiencing a notable 41% increase in activity, according to a report by ReliaQuest.
Cyware News – Latest Cyber News – Read More
1,400 GitLab Servers Impacted by Exploited Vulnerability
/in General NewsCISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
The post 1,400 GitLab Servers Impacted by Exploited Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Hackers Target Industrial Systems in North America, Europe
/in General NewsGovernment agencies are sharing recommendations following attacks claimed by pro-Russian hacktivists on ICS/OT systems.
The post Russian Hackers Target Industrial Systems in North America, Europe appeared first on SecurityWeek.
SecurityWeek – Read More
HPE Aruba Networking Fixes Four Critical RCE Flaws in ArubaOS
/in General NewsHPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.
Cyware News – Latest Cyber News – Read More
Dropbox Discloses Breach of Digital Signature Service Affecting All Users
/in General NewsCloud storage services provider Dropbox on Wednesday disclosed that Dropbox Sign (formerly HelloSign) was breached by unidentified threat actors, who accessed emails, usernames, and general account settings associated with all users of the digital signature product.
The company, in a filing with the U.S. Securities and Exchange Commission (SEC), said it became aware of the ”
The Hacker News – Read More
New “Goldoon” Botnet Targets D-Link Routers With Decade-Old Flaw
/in General NewsA never-before-seen botnet called Goldoon has been observed targeting D-Link routers with a nearly decade-old critical security flaw with the goal of using the compromised devices for further attacks.
The vulnerability in question is CVE-2015-2051 (CVSS score: 9.8), which affects D-Link DIR-645 routers and allows remote attackers to execute arbitrary
The Hacker News – Read More
Vulnerability Exploits Triple as Initial Access Point for Breaches
/in General NewsAccording to Verizon’s 2024 Data Breach Investigations Report, this method of gaining unauthorized access leading to a breach accounted for 14% of malicious actors’ way into a network. It is the third most used after credential theft and phishing.
Cyware News – Latest Cyber News – Read More