BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Microsoft Confirms Exploited Zero-Day in Windows Management Console
/in General NewsRedmond warns that attackers are rigging Microsoft Saved Console (MSC) files to execute remote code on targeted Windows systems.
The post Microsoft Confirms Exploited Zero-Day in Windows Management Console appeared first on SecurityWeek.
SecurityWeek – Read More
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
/in General NewsIvanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance (CSA) have come under active exploitation in the wild.
The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software services provider said.
Successful exploitation of these vulnerabilities could allow an authenticated
The Hacker News – Read More
Adobe Patches Critical Bugs in Commerce and Magento Products
/in General NewsAdobe documents 25 vulnerabilities in Adobe Commerce and warns of code execution and privilege escalation exposure.
The post Adobe Patches Critical Bugs in Commerce and Magento Products appeared first on SecurityWeek.
SecurityWeek – Read More
How Major Companies Are Honoring Cybersecurity Awareness Month
/in General NewsThe annual event reinforces best practices while finding new ways to build a culture where employees understand how their daily decisions affect company security. Find out how AWS, IBM, Intuit, SentinelOne, and Gallo are spreading the word.
darkreading – Read More
SecurityWeek to Host Zero Trust Strategies Summit as Virtual Event on October 9th
/in General NewsOnline summit is laser focused on helping organizations to level up their Identity and Zero Trust security strategies.
The post SecurityWeek to Host Zero Trust Strategies Summit as Virtual Event on October 9th appeared first on SecurityWeek.
SecurityWeek – Read More
What Google’s U-Turn on Third-Party Cookies Means for Chrome Privacy
/in General NewsEarlier this year, Google ditched its plans to abolish support for third-party cookies in its Chrome browser. While privacy advocates called foul, the implications for users is not so clear cut.
Security Latest – Read More
Lua Malware Targeting Student Gamers via Fake Game Cheats
/in General NewsMorphisec Threat Labs uncovers sophisticated Lua malware targeting student gamers and educational institutions. Learn how these attacks work…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Kasperksy says it’s closing down its UK office and laying off dozens
/in General NewsRussian cybersecurity giant Kaspersky is shutting down its office in the United Kingdom and laying off its staff, just three months after the company started closing down its U.S. operations and laying off dozens of workers, TechCrunch has learned. Kaspersky spokesperson Francesco Tius said in an email to TechCrunch that the company “will commence a […]
© 2024 TechCrunch. All rights reserved. For personal use only.
Security News | TechCrunch – Read More
SAP Patches Critical Vulnerability in BusinessObjects
/in General NewsSAP has released 12 new and updated security notes on October 2024 patch day, including one that fixes a critical flaw in BusinessObjects.
The post SAP Patches Critical Vulnerability in BusinessObjects appeared first on SecurityWeek.
SecurityWeek – Read More
Ukrainian pleads guilty to running Raccoon Infostealer malware, agrees to pay nearly $1 million
/in General NewsA Ukrainian national pleaded guilty in U.S. federal court to running the Raccoon Infostealer malware, and agreed to pay victims more than $900,000 as part of the plea deal.
The Record from Recorded Future News – Read More