BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Proper DDoS Protection Requires Both Detective and Preventive Controls
/in General NewsDDoS attacks still plague the enterprise, but adding preventive measures can reduce their impact.
darkreading – Read More
92K D-Link NAS Devices Open to Critical Command-Injection Bug
/in General NewsThe company is asking users to retire several network-attached storage (NAS) models to avoid compromise through a publicly available exploit that results in backdooring.
darkreading – Read More
Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products
/in General NewsAdobe calls attention to a pair of code execution bugs in Adobe Commerce and Magento Open Source, a product used to manage online stories.
The post Patch Tuesday: Code Execution Flaws in Multiple Adobe Software Products appeared first on SecurityWeek.
SecurityWeek – Read More
Why Liquid Cooling Systems Threaten Data Center Security & Our Water Supply
/in General NewsWe are potentially encroaching on a water supply crisis if data center operators, utilities, and the government don’t implement preventative measures now.
darkreading – Read More
Google Cloud Next 2024: New Data Center Chip and Chrome Enterprise Premium Join the Ecosystem
/in General NewsSome Google Cloud customers will be able to run instances on the Arm-based Axion chip later this year.
Security | TechRepublic – Read More
Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation
/in General NewsData security company Cyera’s latest $300 million funding round brings the total raised by the firm to $460 million, at unicorn valuation.
The post Data Security Firm Cyera Raises $300 Million at $1.4 Billion Valuation appeared first on SecurityWeek.
SecurityWeek – Read More
Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million
/in General NewsFounded in 2022, Singapore-based StealthMole leverages AI to analyze data from the dark web, deep web, and other sources to provide risk assessment and threat monitoring capabilities.
The post Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Android 15’s Private Space feature could better protect your sensitive data
/in General NewsAvailable in the next version of Android, Private Space would provide an encrypted storage area for private apps and files.
Latest stories for ZDNET in Security – Read More
10-Year-Old ‘RUBYCARP’ Romanian Hacker Group Surfaces with Botnet
/in General NewsA threat group of suspected Romanian origin called RUBYCARP has been observed maintaining a long-running botnet for carrying out crypto mining, distributed denial-of-service (DDoS), and phishing attacks.
The group, believed to be active for at least 10 years, employs the botnet for financial gain, Sysdig said in a report shared with The Hacker News.
“Its primary method of operation
The Hacker News – Read More
Ambitious Training Initiative Taps Talents of Blind and Visually Impaired
/in General NewsNovacoast’s Apex Program prepares individuals with visual impairments for cybersecurity careers.
darkreading – Read More