BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability
/in General NewsResearchers at the Shadowserver Foundation identify thousands of internet-exposed Ivanti VPN appliances likely impacted by a recently disclosed vulnerability leading to remote code execution.
The post Thousands of Ivanti VPN Appliances Impacted by Recent Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Hotel Check-In Terminal Leaks Rafts of Guests’ Room Codes
/in General NewsMartin Schobert at Swiss security firm Pentagrid discovered that an attacker could input a series of six consecutive dashes (——) in place of a booking reference number and the terminal would return an extensive list of room details.
Cyware News – Latest Cyber News – Read More
Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right
/in General NewsThe American Privacy Rights Act would preempt most state privacy laws — though it wouldn’t impact certain states’ laws already on the books that protect financial, health or employee data.
The post Key Lawmakers Float New Rules for Personal Data Protection; Bill Would Make Privacy a Consumer Right appeared first on SecurityWeek.
SecurityWeek – Read More
Confidential VMs Hacked via New Ahoi Attacks
/in General NewsNew Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs.
The post Confidential VMs Hacked via New Ahoi Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
The Legacy of a Security Breach
/in General NewsBy Daily Contributors
Today over at Resonance Security I am going to look at one of the more unusual ways in…
This is a post from HackRead.com Read the original post: The Legacy of a Security Breach
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Google Sues Crypto Investment App Makers Over Alleged Massive “Pig Butchering” Scam
/in General NewsTwo China-based Android app developers are being sued by Google for an alleged scam targeting 100,000 users worldwide through fake cryptocurrency and other investment apps.
Cyware News – Latest Cyber News – Read More
The Fight for Cybersecurity Awareness
/in General NewsInvesting in cybersecurity skills creates a safer digital world for everyone.
darkreading – Read More
Hackers can Use AI Hallucinations to Spread Malware
/in General NewsOne security researcher investigating AI-hallucinated libraries said late last month that he found chatbots calling for a nonexistent Python package dubbed “huggingface-cli.”
Cyware News – Latest Cyber News – Read More
Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks
/in General NewsThe US Department of Health warns of financially motivated social engineering attacks targeting healthcare organizations.
The post Healthcare IT Help Desk Employees Targeted in Payment-Hijacking Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Watch Out for ‘Latrodectus’ – This Malware Could Be In Your Inbox
/in General NewsThreat hunters have discovered a new malware called Latrodectus that has been distributed as part of email phishing campaigns since at least late November 2023.
“Latrodectus is an up-and-coming downloader with various sandbox evasion functionality,” researchers from Proofpoint and Team Cymru said in a joint analysis published last week, adding it’s designed to retrieve
The Hacker News – Read More