BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Construction companies potentially vulnerable through accounting software, report says
/in General NewsPost Content
The Record from Recorded Future News – Read More
80% of Critical National Infrastructure Companies Experienced an Email Security Breach in Last Year
/in General NewsThe scale of the potential disruption from a successful attack on CNI is all too tempting for cyber attackers.
Security | TechRepublic – Read More
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
/in General NewsVMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
The post VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest appeared first on SecurityWeek.
SecurityWeek – Read More
US Hits Intellexa Spyware Maker With More Sanctions
/in General NewsThe US has imposed further sanctions on Intellexa, the maker of the Predator spyware, targeting individuals and entities associated with the company due to its opaque corporate structure designed to evade accountability.
Cyware News – Latest Cyber News – Read More
Intezer Raises $33M to Extend AI-Powered SOC Platform
/in General NewsIntezer is looking to tap into booming market for AI-powered tooling to address the severe shortage of skilled cybersecurity professionals.
The post Intezer Raises $33M to Extend AI-Powered SOC Platform appeared first on SecurityWeek.
SecurityWeek – Read More
EchoStrike: Generate Undetectable Reverse Shells, Perform Process Injection
/in General NewsEchoStrike features an interactive Python wizard for easy customization, various persistence techniques, binary padding for evasion, AES payload encryption, and dynamic binary download.
Cyware News – Latest Cyber News – Read More
North Korean Hackers Target Cryptocurrency Users on LinkedIn with RustDoor Malware
/in General NewsNorth Korean hackers are using RustDoor malware to target cryptocurrency users on LinkedIn, posing as recruiters for legitimate decentralized finance (DeFi) companies like STON.fi.
Cyware News – Latest Cyber News – Read More
Update: PoC Exploit Released for Windows Hyper-V Zero-Day Vulnerability
/in General NewsThis critical flaw, actively exploited in the wild, allows attackers to elevate privileges to SYSTEM level, posing a significant risk to organizations using Microsoft’s Hyper-V virtualization technology.
Cyware News – Latest Cyber News – Read More
Supply Chain Attack on Google Cloud Composer Could Have Resulted in Remote Code Execution
/in General NewsGoogle has addressed a critical security flaw in Google Cloud Platform (GCP) Composer that could have allowed remote code execution via a supply chain attack known as dependency confusion.
Cyware News – Latest Cyber News – Read More
Hundreds Wounded After Pagers Detonate in Lebanon, Media and Security Officials Say
/in General NewsA Hezbollah official speculated that malware may have caused the pagers to heat up and explode.
The post Hundreds Wounded After Pagers Detonate in Lebanon, Media and Security Officials Say appeared first on SecurityWeek.
SecurityWeek – Read More