BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks
/in General NewsTwo recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.
The post Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Binance Warns of Rising Clipper Malware Attacks Targeting Cryptocurrency Users
/in General NewsCryptocurrency exchange Binance is warning of an “ongoing” global threat that’s targeting cryptocurrency users with clipper malware with the goal of facilitating financial fraud.
Clipper malware, also called ClipBankers, is a type of malware that Microsoft calls cryware, which comes with capabilities to monitor a victim’s clipboard activity and steal sensitive data a user copies, including
The Hacker News – Read More
Woo Skimmer Uses Style Tags and Image Extension to Steal Card Details
/in General NewsA recent WooCommerce skimming attack used a creative method to steal credit card details by hiding malicious code within style tags and embedding a fake payment overlay in an image file disguised as a favicon.
Cyware News – Latest Cyber News – Read More
SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks
/in General NewsSolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.
The vulnerability, tracked as CVE-2024-28991, is rated 9.0 out of a maximum of 10.0 on the CVSS scoring system. It has been described as an instance of deserialization of untrusted data.
“SolarWinds Access Rights
The Hacker News – Read More
DOJ indicts Chinese national for spear phishing campaign against NASA, FAA, Air Force
/in General NewsPost Content
The Record from Recorded Future News – Read More
Cambodian Tycoon Sanctioned for Forced Cyber Labor, Trafficking
/in General NewsThe sanctions are unlikely to affect the growing network of criminals who lure victims into working for cybercrime sweat shops around the world.
darkreading – Read More
‘Void Banshee’ Exploits Second Microsoft Zero-Day
/in General NewsAttackers have been using the Windows MSHTML Platform spoofing vulnerability in conjunction with another zero-day flaw.
darkreading – Read More
Ivanti Cloud Bug Goes Under Exploit After Alarms Are Raised
/in General NewsThree days after Ivanti published an advisory about the high-severity vulnerability CVE-2024-8190, threat actors began to abuse the flaw.
darkreading – Read More
Feds sentence 12 crypto thieves behind SIM swaps, home invasions
/in General NewsPost Content
The Record from Recorded Future News – Read More
Elon Musk Is a National Security Risk
/in General NewsMusk’s now-deleted post questioning why no one has attempted to assassinate Joe Biden and Kamala Harris renews concerns over his work for the US government—and potential to inspire extremist violence.
Security Latest – Read More