BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
New HTTP/2 Vulnerability Exposes Web Servers to DoS Attacks
/in General NewsNew research has found that the CONTINUATION frame in the HTTP/2 protocol can be exploited to conduct denial-of-service (DoS) attacks.
The technique has been codenamed HTTP/2 CONTINUATION Flood by security researcher Bartek Nowotarski, who reported the issue to the CERT Coordination Center (CERT/CC) on January 25, 2024.
“Many HTTP/2 implementations do not properly limit or sanitize the
The Hacker News – Read More
Microsoft Exchange State-Linked Hack Entirely Preventable, Cyber Review Board Finds
/in General NewsThe China-affiliated threat actor Microsoft identified as Storm-0558 compromised the Microsoft Exchange Online mailboxes of 22 organizations and more than 500 individuals in the attacks, which began in May 2023.
Cyware News – Latest Cyber News – Read More
Pixel Phone Zero-Days Exploited by Forensic Firms
/in General NewsGoogle this week patched two Pixel phone zero-day vulnerabilities actively exploited by forensic companies to obtain data from devices.
The post Pixel Phone Zero-Days Exploited by Forensic Firms appeared first on SecurityWeek.
SecurityWeek – Read More
Get a Lifetime of VPN Protection for Just $16
/in General NewsDuring a special sale event, you can get an extra 20% off our already discounted price on RealVPN, bringing it down to just $16 for life. Use code SECURE20 at checkout.
Security | TechRepublic – Read More
New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset
/in General NewsNew HTTP/2 DoS method named Continuation Flood can pose a greater risk than Rapid Reset, which has been used for record-breaking attacks.
The post New HTTP/2 DoS Attack Potentially More Severe Than Record-Breaking Rapid Reset appeared first on SecurityWeek.
SecurityWeek – Read More
Zoom Paid Out $10 Million via Bug Bounty Program Since 2019
/in General NewsVideo conferencing giant Zoom has paid out $10 million through its bug bounty program since it was launched in 2019.
The post Zoom Paid Out $10 Million via Bug Bounty Program Since 2019 appeared first on SecurityWeek.
SecurityWeek – Read More
Magento Shoplift Malware Targets Both WordPress and Magento CMS on E-Commerce Sites
/in General NewsWhile it pretends to be a Google Analytics script, this is merely a distraction from the true nature of the credit card skimming JavaScript code snippet embedded in the infected website.
Cyware News – Latest Cyber News – Read More
Google Fixed Another Chrome Zero-Day Exploited at Pwn2Own
/in General NewsThe vulnerability CVE-2024-3159 is an out-of-bounds memory access in the V8 JavaScript engine. The flaw was demonstrated by Edouard Bochin (@le_douds) and Tao Yan (@Ga1ois) of Palo Alto Networks during the Pwn2Own 2024 on March 22, 2024.
Cyware News – Latest Cyber News – Read More
Rhadamanthys Stealer Delivered in Transportation Campaign
/in General NewsThe phishing emails use a unique vehicle incident lure and, in later stages of the infection chain, spoof the Federal Bureau of Transportation in a PDF that mentions a significant fine for the incident.
Cyware News – Latest Cyber News – Read More
A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask
/in General NewsAs “P4x,” Alejandro Caceres single-handedly disrupted the internet of an entire country. Then he tried to show the US military how it can—and should—adopt his methods.
Security Latest – Read More