BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
The Drop in Ransomware Attacks in 2024 and What it Means
/in General NewsThe ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 5,070. But 2024 is starting off showing a very different picture. While the numbers skyrocketed in Q4 2023 with 1309 cases, in Q1 2024, the ransomware industry was down to 1,048 cases. This is a 22% decrease in ransomware attacks compared to Q4 2023.
Figure
The Hacker News – Read More
Permiso Secures $18.5 Million in Series A Funding to Fortify Cloud Identity Security Landscape
/in General NewsAccording to Silicon Angle, this significant injection of capital is spearheaded by Altimeter Capital Management LP, with notable participation from Point72 Ventures LLC, marking a new milestone for the company founded in 2020.
Cyware News – Latest Cyber News – Read More
Google Adds V8 Sandbox to Chrome
/in General NewsGoogle fights Chrome V8 engine memory safety bugs with a new sandbox and adds it to the bug bounty program.
The post Google Adds V8 Sandbox to Chrome appeared first on SecurityWeek.
SecurityWeek – Read More
Over 92,000 Internet-Facing D-Link NAS Devices can be Easily Hacked
/in General NewsA researcher who goes online with the moniker ‘Netsecfish’ disclosed a new arbitrary command injection and hardcoded backdoor flaw, tracked as CVE-2024-3273, that impacts multiple end-of-life D-Link NAS device models.
Cyware News – Latest Cyber News – Read More
Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits
/in General NewsCrowdfense has announced a $30 million exploit acquisition program covering Android, iOS, Chrome, and Safari zero-days.
The post Company Offering $30 Million for Android, iOS, Browser Zero-Day Exploits appeared first on SecurityWeek.
SecurityWeek – Read More
US Chamber of Commerce, Industry Groups Call for 30-Day Delay in CIRCIA Rules
/in General NewsThe U.S. Chamber of Commerce and multiple industry leaders are calling for a month-long extension of the 60-day comment period for a new incident reporting rule being issued by the top cybersecurity agency in the U.S.
Cyware News – Latest Cyber News – Read More
AI Scam Calls: How to Protect Yourself, How to Detect
/in General NewsAI tools are getting better at cloning people’s voices, and scammers are using these new capabilities to commit fraud. Avoid getting swindled by following these expert tips.
Security Latest – Read More
UK: Police Launch Inquiry After MPs Targeted in Apparent ‘Spear-Phishing’ Attack
/in General NewsA police investigation has been launched after MPs were apparently targeted in a “spear-phishing” attack, in what security experts believe could be an attempt to compromise the UK Parliament.
Cyware News – Latest Cyber News – Read More
Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft
/in General NewsCloud security provider Wiz found two critical architecture flaws in generative AI models uploaded to Hugging Face, namely shared Inference infrastructure takeover and shared CI/CD takeover.
Cyware News – Latest Cyber News – Read More
Persistent Magento Backdoor Hidden in XML
/in General NewsAttackers are using a new method for malware persistence on Magento servers. Sansec discovered a cleverly crafted layout template in the database, which was used to automatically inject malware.
Cyware News – Latest Cyber News – Read More