BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
New Tool Shields Organizations From NXDOMAIN Attacks
/in General NewsAkamai joins a growing list of security vendors aiming to strengthen companies’ DNS defenses.
darkreading – Read More
House Votes to Extend—and Expand—a Major US Spy Program
/in General NewsThe US House of Representatives voted on Friday to extend the Section 702 spy program. It passed without an amendment that would have required the FBI to obtain a warrant to access Americans’ information.
Security Latest – Read More
CISO Corner: Securing the AI Supply Chain; AI-Powered Security Platforms; Fighting for Cyber Awareness
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: facing hard truths in software security, and the latest guidance from the NSA.
darkreading – Read More
AI Safety Summit round two draws government, industry leaders to Seoul next month
/in General NewsUK and South Korea are hosting continued AI discussions — including safeguards, equitable access, and future innovation.
Latest stories for ZDNET in Security – Read More
State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls
/in General NewsA state-sponsored threat actor has been exploiting a zero-day in Palo Alto Networks firewalls for the past two weeks.
The post State-Sponsored Hackers Exploit Zero-Day to Backdoor Palo Alto Networks Firewalls appeared first on SecurityWeek.
SecurityWeek – Read More
Change Healthcare Faces Another Ransomware Threat—and It Looks Credible
/in General NewsChange Healthcare ransomware hackers already received a $22 million payment. Now a second group is demanding money, and it has sent WIRED samples of what they claim is the company’s stolen data.
Security Latest – Read More
CISA Issues Emergency Directive After Midnight Blizzard Microsoft Hits
/in General NewsThough Federal Civilian Executive Branch (FCEB) agencies are the primary targets, CISA encourages all organizations to up their security, given the high risk.
darkreading – Read More
Apple Alerts iPhone Users in 92 Countries to Mercenary Spyware Attacks
/in General NewsApple recommends that iPhone users install software updates, use strong passwords and 2FA, and don’t open links or attachments from suspicious emails to keep their device safe from spyware.
Security | TechRepublic – Read More
Wiz Acquires Gem Security, Pushes Security Tools Consolidation
/in General NewsFinancial terms of the translation were not disclosed but reports out of Tel Aviv valued the deal in the range of $350 million.
The post Wiz Acquires Gem Security, Pushes Security Tools Consolidation appeared first on SecurityWeek.
SecurityWeek – Read More
LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted
/in General NewsBy Waqas
Cybercriminals using deepfakes to target businesses! LastPass narrowly avoids security breach after employee identifies fake CEO in WhatsApp call. Read how LastPass is urging awareness against evolving social engineering tactics.
This is a post from HackRead.com Read the original post: LastPass Dodges Deepfake Scam: CEO Impersonation Attempt Thwarted
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More