BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Government Launches Probe Into Change Healthcare Data Breach
/in General NewsThe HHS is investigating whether protected health information was compromised in the Change Healthcare data breach.
The post Government Launches Probe Into Change Healthcare Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Fortinet Warns of Critical RCE Bug in Endpoint Management Software
/in General NewsFortinet patched a critical SQL injection vulnerability (CVE-2023-48788) in its FortiClient EMS software, allowing unauthenticated attackers to achieve remote code execution with SYSTEM privileges.
Cyware News – Latest Cyber News – Read More
Keep Your Network Secure With This $39.99 CompTIA Bundle
/in General NewsThis Complete 2024 CompTIA Certification Bundle is both a way for tech entrepreneurs to secure their own systems and a gateway to a career in cybersecurity.
Security | TechRepublic – Read More
Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software
/in General NewsFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems.
“An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability [CWE-89] in FortiClientEMS may allow an unauthenticated attacker to execute unauthorized code or commands via specifically crafted
The Hacker News – Read More
150K+ UAE Network Devices & Apps Found Exposed Online
/in General NewsMisconfigurations, insecure services leave United Arab Emirates organizations and critical infrastructure vulnerable to bevy of cyber threats.
darkreading – Read More
DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack
/in General NewsA DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using bogus software installers.
“During this campaign, users were lured using PDFs that contained Google DoubleClick Digital Marketing (DDM) open redirects that led unsuspecting victims to compromised sites hosting the Microsoft Windows SmartScreen bypass
The Hacker News – Read More
Magnet Goblin Exploits 1-Day Bugs, Deploys Nerbian RAT
/in General NewsCyware News – Latest Cyber News – Read More
ChatGPT Spills Secrets in Novel PoC Attack
/in General NewsResearch is latest in a growing body of work to highlight troubling weaknesses in widely used generative AI tools.
darkreading – Read More
Codezero Raises $3.5M Seed Funding From Ballistic Ventures to Secure Multicloud Application Development
/in General NewsPost Content
darkreading – Read More
Claroty Launches Advanced Anomaly Threat Detection for Medigate
/in General NewsPost Content
darkreading – Read More