BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
6 Best Enterprise Antivirus Software Choices in 2024
/in General NewsSentinelOne, Microsoft Defender for Endpoint, and CrowdStrike Falcon are among my top recommendations for businesses looking for an enterprise antivirus solution.
Security | TechRepublic – Read More
Microchip Technology Confirms Personal Information Stolen in Ransomware Attack
/in General NewsMicrochip Technology says employee contact information and other types of data was stolen in an August ransomware attack.
The post Microchip Technology Confirms Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
We Hunted Hidden Police Signals at the DNC
/in General NewsUsing special software, WIRED investigated police surveillance at the DNC. We collected signals from nearly 300,000 devices, revealing vulnerabilities for both law enforcement and everyday citizens alike.
Security Latest – Read More
Two Nigerians Sentenced to Prison in US for BEC Fraud
/in General NewsFranklin Ifeanyichukwu Okwonna and Ebuka Raphael Umeti were sentenced to prison in the US for business email compromise (BEC) fraud.
The post Two Nigerians Sentenced to Prison in US for BEC Fraud appeared first on SecurityWeek.
SecurityWeek – Read More
NIST Cybersecurity Framework (CSF) and CTEM – Better Together
/in General NewsIt’s been a decade since the National Institute of Standards and Technology (NIST) introduced its Cybersecurity Framework (CSF) 1.0. Created following a 2013 Executive Order, NIST was tasked with designing a voluntary cybersecurity framework that would help organizations manage cyber risk, providing guidance based on established standards and best practices. While this version was originally
The Hacker News – Read More
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign
/in General NewsTwo DrayTek vulnerabilities added by CISA to its KEV catalog have been exploited by multiple threat groups to steal data from organizations worldwide.
The post DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
Threat Actors Using MacroPack to Deploy Brute Ratel, Havoc, and PhantomCore Payloads
/in General NewsMalicious actors potentially utilized the MacroPack red-teaming framework to distribute harmful payloads like Brute Ratel and Havoc tools, as well as a new version of the PhantomCore remote access trojan.
Cyware News – Latest Cyber News – Read More
Malware Attackers Using MacroPack to Deliver Havoc, Brute Ratel, and PhantomCore
/in General NewsThreat actors are likely employing a tool designated for red teaming exercises to serve malware, according to new findings from Cisco Talos.
The program in question is a payload generation framework called MacroPack, which is used to generate Office documents, Visual Basic scripts, Windows shortcuts, and other formats for penetration testing and social engineering assessments. It was developed
The Hacker News – Read More
US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures
/in General NewsThe US has cracked down on an influence operation sponsored by the Russian government, announcing charges, sanctions and domain seizures.
The post US Targets Russian Election Influence Operation With Charges, Sanctions, Domain Seizures appeared first on SecurityWeek.
SecurityWeek – Read More
FBI Warns Crypto Firms of Aggressive Social Engineering Attacks
/in General NewsThe FBI issued a warning about aggressive social engineering attacks by North Korean hacking groups targeting cryptocurrency firms. The attacks involve deploying malware to steal crypto assets through highly targeted tactics that are hard to detect.
Cyware News – Latest Cyber News – Read More