BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Why Cybersecurity Is a Whole-of-Society Issue
/in General NewsWorking together and integrating cybersecurity as part of our corporate and individual thinking can make life harder for hackers and safer for ourselves.
darkreading – Read More
Threat Actors Deliver Malware via YouTube Video Game Cracks
/in General NewsMany types of video games appear to be targeted to younger users including games popular with children, a group that is less likely to be able to identify malicious content and risky online behaviors.
Cyware News – Latest Cyber News – Read More
Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites
/in General NewsA critical SQL injection vulnerability in the LayerSlider WordPress plugin allows attackers to extract sensitive information.
The post Critical Vulnerability Found in LayerSlider Plugin Installed on a Million WordPress Sites appeared first on SecurityWeek.
SecurityWeek – Read More
Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack
/in General NewsCyber Safety Review Board, said “a cascade of errors” by Microsoft let state-backed Chinese cyber operators break into email accounts of senior U.S. officials.
The post Scathing Federal Report Rips Microsoft for Shoddy Security, Insincerity in Response to Chinese Hack appeared first on SecurityWeek.
SecurityWeek – Read More
Earth Freybug Uses UNAPIMON for Unhooking Critical APIs
/in General NewsThe adversarial collective is known to rely on a combination of living-off-the-land binaries (LOLBins) and custom malware to realize its goals. Also adopted are techniques like DLL hijacking and API unhooking.
Cyware News – Latest Cyber News – Read More
Google Cloud and CSA: 2024 will bring significant generative AI adoption in cybersecurity, driven by C-suite
/in General NewsThe majority of orgs will incorporate generative AI into cybersecurity this year, and many security teams are already tinkering with it.Read More
Security News | VentureBeat – Read More
Attack Surface Management vs. Vulnerability Management
/in General NewsAttack surface management (ASM) and vulnerability management (VM) are often confused, and while they overlap, they’re not the same. The main difference between attack surface management and vulnerability management is in their scope: vulnerability management checks a list of known assets, while attack surface management assumes you have unknown assets and so begins with discovery. Let’s look at
The Hacker News – Read More
Missouri County Hit by Ransomware
/in General NewsJackson County, Missouri, discloses ‘significant disruptions’ to IT systems, says ransomware attack likely at fault.
The post Missouri County Hit by Ransomware appeared first on SecurityWeek.
SecurityWeek – Read More
Pixel Update Bulletin—April 2024 | Android Open Source Project
/in General NewsA total of 24 vulnerabilities leading to elevation of privilege (EoP) and information disclosure were addressed in various Pixel components, and another was resolved in Qualcomm components.
Cyware News – Latest Cyber News – Read More
Google to Delete Billions of Browser Records to Settle ‘Incognito’ Lawsuit
/in General NewsGoogle will delete billions of data records as part of a settlement for a lawsuit that accused the tech giant of improperly tracking the web-browsing habits of users who thought they were browsing the internet privately.
Cyware News – Latest Cyber News – Read More