BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Microchip Technology Reports $21.4 Million Cost From Ransomware Attack
/in General NewsMicrochip Technology’s latest financial report reveals the company’s expenses due to the recent cybersecurity incident.
The post Microchip Technology Reports $21.4 Million Cost From Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Attackers Breach IT-Based Networks Before Jumping to ICS/OT Systems
/in General NewsSANS recently published its 2024 State of ICS.OT Cybersecurity report, highlighting the skills of cyber professionals working in critical infrastructure, budget estimates, and emerging technologies. The report also looked at the most common types of attack vectors used against ICT/OT networks.
darkreading – Read More
9 Steps to Get CTEM on Your 2025 Budgetary Radar
/in General NewsBudget season is upon us, and everyone in your organization is vying for their slice of the pie. Every year, every department has a pet project that they present as absolutely essential to profitability, business continuity, and quite possibly the future of humanity itself. And no doubt that some of these actually may be mission critical. But as cybersecurity professionals, we understand that
The Hacker News – Read More
Cyberattack Blamed for Statewide Washington Courts Outage
/in General NewsUnauthorized activity detected on the Washington courts network, which led to websites and other services becoming unavailable.
The post Cyberattack Blamed for Statewide Washington Courts Outage appeared first on SecurityWeek.
SecurityWeek – Read More
INTERPOL Disrupts Over 22,000 Malicious Servers in Global Crackdown on Cybercrime
/in General NewsINTERPOL on Tuesday said it took down more than 22,000 malicious servers linked to various cyber threats as part of a global operation.
Dubbed Operation Synergia II, the coordinated effort ran from April 1 to August 31, 2024, targeting phishing, ransomware, and information stealer infrastructure.
“Of the approximately 30,000 suspicious IP addresses identified, 76 per cent were taken down and 59
The Hacker News – Read More
South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users
/in General NewsSouth Korea’s privacy watchdog has fined Meta 21.6 billion won ($15 million) for illegally collecting sensitive personal information from Facebook users.
The post South Korea Fines Meta $15 Million for Illegally Collecting Information on Facebook Users appeared first on SecurityWeek.
SecurityWeek – Read More
PLCHound Aims to Improve Detection of Internet-Exposed ICS
/in General NewsGeorgia Tech researchers have developed PLCHound, an algorithm that uses AI to improve the identification of internet-exposed ICS.
The post PLCHound Aims to Improve Detection of Internet-Exposed ICS appeared first on SecurityWeek.
SecurityWeek – Read More
South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertisers
/in General NewsMeta has been fined 21.62 billion won ($15.67 million) by South Korea’s data privacy watchdog for illegally collecting sensitive personal information from Facebook users, including data about their political views and sexual orientation, and sharing it with advertisers without their consent.
The country’s Personal Information Protection Commission (PIPC) said Meta gathered information such as
The Hacker News – Read More
Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users
/in General NewsGoogle’s cloud division has announced that it will enforce mandatory multi-factor authentication (MFA) for all users by the end of 2025 as part of its efforts to improve account security.
“We will be implementing mandatory MFA for Google Cloud in a phased approach that will roll out to all users worldwide during 2025,” Mayank Upadhyay, vice president of engineering and distinguished engineer at
The Hacker News – Read More
Interpol operation nets 41 arrests, takedown of 22,000 malicious IPs
/in General NewsThe global operation was intended to root out malicious IP addresses used for phishing, ransomware and infostealer malware.
The Record from Recorded Future News – Read More