BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Organizations Warned of Exploited Fortinet FortiOS Vulnerability
/in General NewsCISA has added a FortinetFortiOS vulnerability tracked as CVE-2024-23113 to its Known Exploited Vulnerabilities (KEV) catalog.
The post Organizations Warned of Exploited Fortinet FortiOS Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Use Unicode to Hide Mongolian Skimmer in E-Commerce Platforms
/in General NewsCybersecurity researchers have shed light on a new digital skimmer campaign that leverages Unicode obfuscation techniques to conceal a skimmer dubbed Mongolian Skimmer.
“At first glance, the thing that stood out was the script’s obfuscation, which seemed a bit bizarre because of all the accented characters,” Jscrambler researchers said in an analysis. “The heavy use of Unicode characters, many
The Hacker News – Read More
The Internet Archive slammed by DDoS attack and data breach
/in General NewsThe Internet Archive, the nonprofit organization that digitizes and archives materials like web pages, came under attack Wednesday. Several users – including over at The Verge – confronted a pop-up when visiting the site, reading, “Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
CISA Warns of Critical Fortinet Flaw as Palo Alto and Cisco Issue Urgent Security Patches
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday added a critical security flaw impacting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability, tracked as CVE-2024-23113 (CVSS score: 9.8), relates to cases of remote code execution that affects FortiOS, FortiPAM, FortiProxy, and FortiWeb.
“A
The Hacker News – Read More
Firefox Zero-Day Under Attack: Update Your Browser Immediately
/in General NewsMozilla has revealed that a critical security flaw impacting Firefox and Firefox Extended Support Release (ESR) has come under active exploitation in the wild.
The vulnerability, tracked as CVE-2024-9680, has been described as a use-after-free bug in the Animation timeline component.
“An attacker was able to achieve code execution in the content process by exploiting a use-after-free in
The Hacker News – Read More
Internet Archive Breach Exposes 31 Million Users
/in General NewsThe hack exposed the data of 31 million users as the embattled Wayback Machine maker scrambles to stay online and contain the fallout of digital —and legal—attacks.
Security Latest – Read More
AI-Powered Cybercrime Cartels on the Rise in Asia
/in General NewsAll across the Asia-Pacific region, large and diverse marketplaces for AI cybercrime tools have developed, with deepfakes proving most popular.
darkreading – Read More
Marriott Agrees to Pay $52 million, Beef up Data Security to Resolve Probes Over Data Breaches
/in General NewsMarriott agreed to pay $52 million and make changes to bolster its data security to resolve claims related to major data breaches that affected more than 300 million customers.
The post Marriott Agrees to Pay $52 million, Beef up Data Security to Resolve Probes Over Data Breaches appeared first on SecurityWeek.
SecurityWeek – Read More
OpenGradient Raises $8.5M to Decentralize AI Infrastructure and Accelerate Secure, Open-Source AI
/in General NewsPost Content
darkreading – Read More
Introducing Mayhem: ForAllSecure Unveils New Name and Company Focus
/in General NewsPost Content
darkreading – Read More