BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Google Updates Cloud Backup, Disaster Recovery Service
/in General NewsThe combination of immutability, indelibility, centralized governance, and user empowerment provides a comprehensive backup strategy, Google said.
darkreading – Read More
Chinese ‘Crimson Palace’ Espionage Campaign Keeps Hacking Southeast Asian Governments
/in General NewsA sophisticated trio of Chinese cyberespionage groups known as Cluster Alpha, Cluster Bravo, and Cluster Charlie are behind the Crimson Palace espionage campaign targeting government organizations in Southeast Asia.
Cyware News – Latest Cyber News – Read More
Siemens Issues Critical Security Advisory for User Management Component (UMC)
/in General NewsSiemens has issued a critical security advisory for its User Management Component (UMC), revealing a heap-based buffer overflow vulnerability (CVE-2024-33698) with a 9. 3 CVSS score.
Cyware News – Latest Cyber News – Read More
CosmicBeetle Upgrades Arsenal with New ScRansom Ransomware to Target SMBs
/in General NewsCosmicBeetle has unleashed a new ransomware called ScRansom, targeting SMBs in Europe, Asia, Africa, and South America, possibly working with RansomHub. The threat actor swapped its Scarab ransomware for ScRansom, showing ongoing enhancements.
Cyware News – Latest Cyber News – Read More
OpenZiti: Secure, Open-Source Networking for Your Applications
/in General NewsOpenZiti is an open-source networking project that embeds zero-trust principles directly into applications, offering features like strong identity, mTLS, E2EE, private DNS, and smart routing.
Cyware News – Latest Cyber News – Read More
Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library
/in General NewsMicrosoft has started introducing support for post-quantum algorithms in SymCrypt, its main cryptographic library.
The post Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library appeared first on SecurityWeek.
SecurityWeek – Read More
Earth Preta Upgrades Attack Strategy via Removable Drives
/in General NewsThe HIUPAN worm allows Earth Preta to propagate malware into networks via removable drives, maintaining persistence by modifying registry values and creating autorun entries.
Cyware News – Latest Cyber News – Read More
FBI Report Says Cryptocurrency Scams Surged in 2023
/in General NewsAccording to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.
Cyware News – Latest Cyber News – Read More
UK: National Crime Agency, Responsible for Fighting Cybercrime, ‘On Its Knees,’ Warns Report
/in General NewsThe agency is losing nearly a fifth of its cyber capacity annually due to a broken pay system, leading to increased costs with temporary labor and consultants making up over 10% of its budget.
Cyware News – Latest Cyber News – Read More
Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products
/in General NewsZyxel has released critical hotfixes for its end-of-support NAS devices, NAS326 and NAS542, to address a severe command injection vulnerability (CVE-2024-6342) with a CVSS score of 9. 8.
Cyware News – Latest Cyber News – Read More