BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet)
/in General NewsCISOS from Box and Smartsheet discuss the route toward, the role within, and the future of being a successful CISO.
The post CISO Conversations: Julien Soriano (Box) and Chris Peake (Smartsheet) appeared first on SecurityWeek.
SecurityWeek – Read More
LLMs Are a New Type of Insider Adversary
/in General NewsThe inherent intelligence of large language models gives them unprecedented capabilities like no other enterprise tool before.
darkreading – Read More
Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities
/in General NewsSplunk has released patches for multiple vulnerabilities in Splunk Enterprise, including two high-severity remote code execution flaws.
The post Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
99% of UK Businesses Faced Cyber Attacks in the Last Year
/in General NewsNearly half of respondents blamed remote work for these incidents.
Security | TechRepublic – Read More
Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack
/in General NewsAutomattic has rolled out updates for 101 Jetpack versions released over the past eight years to resolve a critical vulnerability.
The post Critical Vulnerability Patched in 101 Releases of WordPress Plugin Jetpack appeared first on SecurityWeek.
SecurityWeek – Read More
It Seemed Like an AI Crime-Fighting Super Tool. Then Defense Attorneys Started Asking Questions
/in General NewsGlobal Intelligence claims its Cybercheck technology can help cops find key evidence to nail a case. But a WIRED investigation reveals the smoking gun often appears far less solid.
Security Latest – Read More
Millions of People Are Using Abusive AI ‘Nudify’ Bots on Telegram
/in General NewsBots that “remove clothes” from images have run rampant on the messaging app, allowing people to create nonconsensual deepfake images even as lawmakers and tech companies try to crack down.
Security Latest – Read More
New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs
/in General NewsIntel and AMD respond to new attack methods named TDXDown and CounterSEVeillance that can be used against TDX and SEV technology.
The post New CounterSEVeillance and TDXDown Attacks Target AMD and Intel TEEs appeared first on SecurityWeek.
SecurityWeek – Read More
Open Source Package Entry Points May Lead to Supply Chain Attacks
/in General NewsEntry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks.
The post Open Source Package Entry Points May Lead to Supply Chain Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns
/in General NewsChina’s National Computer Virus Emergency Response Center (CVERC) has doubled down on claims that the threat actor known as the Volt Typhoon is a fabrication of the U.S. and its allies.
The agency, in collaboration with the National Engineering Laboratory for Computer Virus Prevention Technology, went on to accuse the U.S. federal government, intelligence agencies, and Five Eyes countries of
The Hacker News – Read More