BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
ShadowLogic Attack Targets AI Model Graphs to Create Codeless Backdoors
/in General NewsHiddenLayer details ShadowLogic, a new method of creating codeless backdoors in AI models by manipulating their graphs.
The post ShadowLogic Attack Targets AI Model Graphs to Create Codeless Backdoors appeared first on SecurityWeek.
SecurityWeek – Read More
Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices
/in General NewsOcto2 malware is targeting Android devices by disguising itself as popular apps like NordVPN and Google Chrome. This…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Relyance AI Raises $32 Million for Data Governance Platform
/in General NewsRelyance AI has raised $32 million in Series B funding to develop its data governance platform and scale operations.
The post Relyance AI Raises $32 Million for Data Governance Platform appeared first on SecurityWeek.
SecurityWeek – Read More
GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities
/in General NewsThe latest GitLab update resolves eight vulnerabilities, including critical- and high-severity pipeline execution flaws.
The post GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Recent Veeam Vulnerability Exploited in Ransomware Attacks
/in General NewsSophos warns of ransomware operators exploiting a critical code execution vulnerability in Veeam Backup & Replication.
The post Recent Veeam Vulnerability Exploited in Ransomware Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Fidelity Investments Data Breach Impacts 77,000 Customers
/in General NewsFidelity Investments is informing 77,000 individuals that their personal information was compromised in a data breach.
The post Fidelity Investments Data Breach Impacts 77,000 Customers appeared first on SecurityWeek.
SecurityWeek – Read More
OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks
/in General NewsOpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.
The post OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
/in General NewsGitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
“An issue was discovered in GitLab EE
The Hacker News – Read More
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
/in General NewsThe Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.
The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.
The marketplace
The Hacker News – Read More
American Water Bringing Systems Back Online After Cyberattack
/in General NewsAmerican Water is reconnecting and reactivating the systems that were taken offline earlier this week due to a cybersecurity incident.
The post American Water Bringing Systems Back Online After Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More