BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation
/in General NewsCISA warns that a critical-severity hardcoded credentials vulnerability in SolarWinds Web Help Desk is exploited in attacks.
The post CISA Flags Critical SolarWinds Web Help Desk Bug for In-the-Wild Exploitation appeared first on SecurityWeek.
SecurityWeek – Read More
Oracle Patches Over 200 Vulnerabilities With October 2024 CPU
/in General NewsOracle has released 334 new security patches to address roughly 220 unique CVEs as part of its October 2024 Critical Patch Update.
The post Oracle Patches Over 200 Vulnerabilities With October 2024 CPU appeared first on SecurityWeek.
SecurityWeek – Read More
Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users
/in General NewsFIDO Alliance has published new specifications for securely moving passkeys across providers, as Amazon announced 175 million passkey users.
The post Passkey News: FIDO Unveils New Specifications, Amazon Announces 175 Million Users appeared first on SecurityWeek.
SecurityWeek – Read More
Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack
/in General NewsA new spear-phishing campaign targeting Brazil has been found delivering a banking malware called Astaroth (aka Guildma) by making use of obfuscated JavaScript to slip past security guardrails.
“The spear-phishing campaign’s impact has targeted various industries, with manufacturing companies, retail firms, and government agencies being the most affected,” Trend Micro said in a new analysis.
”
The Hacker News – Read More
CISA Warns of Active Exploitation in SolarWinds Help Desk Software Vulnerability
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting SolarWinds Web Help Desk (WHD) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2024-28987 (CVSS score: 9.1), the vulnerability relates to a case of hard-coded credentials that could be abused to gain
The Hacker News – Read More
GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access
/in General NewsGitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow unauthorized access to an instance.
The vulnerability, tracked as CVE-2024-9487, carries a CVS score of 9.5 out of a maximum of 10.0
“An attacker could bypass SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, allowing
The Hacker News – Read More
North Korea Hackers Get Cash Fast in Linux Cyber Heists
/in General NewsThe thieves modify transaction messages to initiate unauthorized withdrawals, even when there are insufficient funds.
darkreading – Read More
Nearly 400 US healthcare institutions hit with ransomware over last year, Microsoft says
/in General NewsIn the last fiscal year, 389 U.S.-based healthcare institutions were successfully hit with ransomware, causing “network closures, systems offline, critical medical operations delayed, and appointments rescheduled,” Microsoft said.
The Record from Recorded Future News – Read More
Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says
/in General NewsThe growing collaboration between authoritarian governments and criminal hackers has alarmed national security officials and cybersecurity experts.
The post Cybercriminals Are Increasingly Helping Russia and China Target the US and Allies, Microsoft Says appeared first on SecurityWeek.
SecurityWeek – Read More
Anthropic just made it harder for AI to go rogue with its updated safety policy
/in General NewsAnthropic updates its Responsible Scaling Policy, introducing new safety standards and AI capability thresholds to manage risks from powerful AI models like autonomous systems and bioweapons threats.Read More
Security News | VentureBeat – Read More