BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Clever ‘GitHub Scanner’ Campaign Abusing Repositories to Push Malware
/in General NewsA sophisticated campaign is using GitHub repositories to spread the Lumma Stealer malware, targeting users interested in open-source projects or receiving email notifications from them.
Cyware News – Latest Cyber News – Read More
Microsoft Entra ID’s Administrative Units Weaponized to Gain Stealthy Persistence
/in General NewsDatadog Security Labs recently revealed a security risk within Microsoft Entra ID, showing how its administrative units (AUs) can be weaponized by attackers to create persistent backdoor access.
Cyware News – Latest Cyber News – Read More
Adversarial attacks on AI models are rising: what should you do now?
/in General NewsWith AI’s growing influence across industries, malicious attackers continue to sharpen their tradecraft to exploit ML models.Read More
Security News | VentureBeat – Read More
Ivanti’s Cloud Service Appliance Attacked via Second Vuln
/in General NewsThe critical bug, CVE-2024-8963, can be used in conjunction with the prior known flaw to achieve remote code execution (RCE).
darkreading – Read More
Citrine Sleet Poisons PyPI Packages With Mac & Linux Malware
/in General NewsA North Korean advanced persistent threat (APT) actor (aka Gleaming Pisces) tried to sneak simple backdoors into public software packages.
darkreading – Read More
More than $44 million in cryptocurrency stolen from Singaporean platform BingX
/in General NewsSingaporean crypto platform BingX said Friday that more than $44 million was stolen from their platform in a cyberattack.
The Record from Recorded Future News – Read More
Zero-Click MediaTek Bug Opens Phones, Wi-Fi to Takeover
/in General NewsCritical-rated CVE-2024-20017 allows remote code execution (RCE) on a range of phones and Wi-Fi access points from a variety of OEMs.
darkreading – Read More
Police Broke Tor Anonymity to Arrest Dark Web Users in Major CSAM Bust
/in General NewsGerman authorities dismantled Boystown, a notorious Dark Web platform for CSAM, by deanonymizing Tor users in 2021. This…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Airline exec settles hack-for-hire case against law firm, pledging to ‘vigorously’ prosecute other alleged conspirators
/in General NewsThe aviation executive Farhad Azima settled litigation this week against the law firm Dechert and two of its former attorneys who he alleged were involved in the hacking of his personal accounts in order to smear his reputation.
The Record from Recorded Future News – Read More
Ukraine Bans Telegram Messenger App on State-Issued Devices Because of Russian Security Threat
/in General NewsUkraine issued the Telegram ban for the official devices of government employees, military personnel, security and defense workers, and critical infrastructure employees.
The post Ukraine Bans Telegram Messenger App on State-Issued Devices Because of Russian Security Threat appeared first on SecurityWeek.
SecurityWeek – Read More