BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
North Korean Hackers Target Energy and Aerospace Industries with New MISTPEN Malware
/in General NewsMISTPEN is a trojanized version of a legitimate Notepad++ plugin that allows the threat actor to download and execute files from a command-and-control server. The threat group constantly enhances its malware, making it harder to detect and analyze.
Cyware News – Latest Cyber News – Read More
Infostealers: An Early Warning for Ransomware Attacks
/in General NewsCan cyber defenders use the presence of infostealers as a canary in the coal mine to preempt ransomware attacks?
darkreading – Read More
Australian Police Infiltrate Encrypted Messaging App Ghost and Arrest Dozens
/in General NewsAustralian police have infiltrated encrypted messaging app Ghost, which has been used for illegal activities, and arrested dozens of people.
The post Australian Police Infiltrate Encrypted Messaging App Ghost and Arrest Dozens appeared first on SecurityWeek.
SecurityWeek – Read More
INE Security Wins 2024 SC Excellence Award
/in General NewsCary, North Carolina, 18th September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
CISA Urges Software Developers to Weed Out XSS Vulnerabilities
/in General NewsThe CISA and the FBI recommended software developers to implement rigorous validation, sanitization, and input escaping to prevent malicious script injections and data manipulation.
Cyware News – Latest Cyber News – Read More
AT&T to Pay $13 Million in Settlement Over 2023 Data Breach
/in General NewsAT&T has agreed to pay $13 million in a settlement with the FCC over a 2023 data breach at a third-party vendor’s cloud environment.
The post AT&T to Pay $13 Million in Settlement Over 2023 Data Breach appeared first on SecurityWeek.
SecurityWeek – Read More
Data Theft Risk in Salesforce by Manipulating Public Links
/in General NewsThe vulnerability was related to the undocumented Salesforce Aura API and SOQL subqueries, allowing a blind SOQL injection attack to retrieve customer information, including personally identifiable information (PII).
Cyware News – Latest Cyber News – Read More
US Indicts Chinese National for Phishing for NASA Tech
/in General NewsProsecutors allege that Chinese national Wu Song targeted US academics and engineers to obtain applications used in aerospace engineering and fluid dynamics, which could be used for developing missiles and weapons.
Cyware News – Latest Cyber News – Read More
Uber launches new rider verification program as a safety measure for drivers across the US
/in General NewsAfter going through a background check, verified users will have a blue checkmark on their account and may even experience priority pickup.
Latest stories for ZDNET in Security – Read More
Russian Security Firm Doctor Web Hacked
/in General NewsAntimalware company Doctor Web was recently targeted in a cyberattack that prompted it to disconnect all resources from its networks.
The post Russian Security Firm Doctor Web Hacked appeared first on SecurityWeek.
SecurityWeek – Read More