BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
P0 Security Banks $15M for Security Cloud Access
/in General NewsSan Francisco secure cloud access startup gets backing from SYN Ventures, Zscaler, and Lightspeed Venture Partners.
The post P0 Security Banks $15M for Security Cloud Access appeared first on SecurityWeek.
SecurityWeek – Read More
The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats
/in General NewsSigned on September 5, 2024, the AI Convention is a laudable intent but suffers from the usual exclusions and exemptions necessary to satisfy multiple nations.
The post The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats appeared first on SecurityWeek.
SecurityWeek – Read More
Chinese APT Group Abuses Visual Studio Code to Target Government in Asia
/in General NewsChinese APT group Stately Taurus exploited Visual Studio Code to target government entities in Southeast Asia for cyberespionage. They utilized the software’s reverse shell feature to infiltrate networks, a technique first detected in 2023.
Cyware News – Latest Cyber News – Read More
Darkhive Raises $21 Million for Drones, Secure Code Delivery System
/in General NewsDrone maker Darkhive has raised $21 million in a round led by cybersecurity-focused venture capital firm Ten Eleven.
The post Darkhive Raises $21 Million for Drones, Secure Code Delivery System appeared first on SecurityWeek.
SecurityWeek – Read More
China-Linked Hackers Target Drone Makers
/in General NewsA Chinese-speaking threat actor tracked as Tidrone has been observed targeting military and satellite industries in Taiwan.
The post China-Linked Hackers Target Drone Makers appeared first on SecurityWeek.
SecurityWeek – Read More
Gallup Poll Bugs Open Door to Election Misinformation
/in General NewsResearchers flagged a pair of Gallup polling site XSS vulnerabilities that could have allowed malicious actors to execute arbitrary code, access sensitive data, or take over a victim account.
darkreading – Read More
Chinese Tag Team APTs Keep Stealing Asian Gov’t Secrets
/in General NewsA PRC threat cluster known as “Crimson Palace” is demonstrating the benefits of having specialized units carry out distinct stages of a wider attack chain.
darkreading – Read More
Mustang Panda Deploys Advanced Malware to Spy on Asia-Pacific Governments
/in General NewsThe threat actor tracked as Mustang Panda has refined its malware arsenal to include new tools in order to facilitate data exfiltration and the deployment of next-stage payloads, according to new findings from Trend Micro.
The cybersecurity firm, which is monitoring the activity cluster under the name Earth Preta, said it observed “the propagation of PUBLOAD via a variant of the worm HIUPAN.”
The Hacker News – Read More
Cybercriminals Target Latin American Banks with Mekotio, BBTok, and Grandoreiro Trojans
/in General NewsThese campaigns aim to steal sensitive banking credentials using innovative tactics, expanding beyond traditional regions like Brazil and Argentina to industries such as manufacturing, retail, and financial services.
Cyware News – Latest Cyber News – Read More
Homeland Security Hopes to Scuttle Maritime Cyber-Threats
/in General NewsThe U.S. Department of Homeland Security (DHS) has issued a request for information to assess the security of technology at ports in order to develop a Maritime Port Resiliency and Security Research Testbed.
Cyware News – Latest Cyber News – Read More