BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Researchers Uncover Hijack Loader Malware Using Stolen Code-Signing Certificates
/in General NewsCybersecurity researchers have disclosed a new malware campaign that delivers Hijack Loader artifacts that are signed with legitimate code-signing certificates.
French cybersecurity company HarfangLab, which detected the activity at the start of the month, said the attack chains aim to deploy an information stealer known as Lumma.
Hijack Loader, also known as DOILoader, IDAT Loader, and
The Hacker News – Read More
Recurring Risks: Analyzing Fidelity Investments’ Latest Data Breach and Its Implications
/in General NewsIn a recent notification from the Maine Attorney General, Fidelity Investments disclosed another data breach affecting over 77,000 individuals. This marks the second significant incident for the company in 2024 for one of the world’s largest financial services providers. The breach, occurring between August 17-19, 2024, exposed sensitive information including names, Social Security numbers…
Source
TechSplicer – Read More
European cyber insurance startup Stoïk secures $27 million
/in General NewsCyber risk has become an increasingly important issue for small companies around the world. While many companies try to avoid and mitigate cyber risks, they rarely discuss transferring those risks to a third party. That’s why Stoïk is stepping in with a cyber insurance product specifically designed for small and medium-sized businesses. The French startup […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites
/in General NewsThe maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow logged-in users to access forms submitted by others on a site.
Jetpack, owned by WordPress maker Automattic, is an all-in-one plugin that offers a comprehensive suite of tools to improve site safety, performance, and traffic growth. It’s used on 27 million
The Hacker News – Read More
Southeast Asian Cybercrime Profits Fuel Shadow Economy
/in General NewsWith cybercriminal gangs raking in at least $18 billion regionally — and much more globally — law enforcement and policymakers are struggling to keep up as the syndicates innovate and entrench themselves in national economies.
darkreading – Read More
Serious Adversaries Circle Ivanti CSA Zero-Day Flaws
/in General NewsSuspected nation-state actors are spotted stringing together three different zero-days in the Ivanti Cloud Services Application to gain persistent access to a targeted system.
darkreading – Read More
Intel Broker Claims Cisco Breach, Selling Stolen Data from Major Firms
/in General NewsIntel Broker claims a major data breach at Cisco, allegedly stealing source codes, confidential documents, and credentials from…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft: Schools Grapple With Thousands of Cyberattacks Weekly
/in General NewsEducation, including K-12 schools and universities, has become the third most targeted sector due to the high variety of sensitive data it stores in its databases.
darkreading – Read More
Pokémon Gaming Company Employee Info Leaked in Hack
/in General NewsThe gaming company reports that the server has been rebuilt after the leak, but has not confirmed what kind of information was compromised.
darkreading – Read More
Gmail users, beware of new AI scam that looks very authentic
/in General NewsA spoofed phone number, an email address plus an AI voice are all it takes to steal your Google credentials. Here’s what to look out for, just in case, you happen to find yourself in such a situation.
Latest stories for ZDNET in Security – Read More