BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
New Cross-Platform Malware KTLVdoor Discovered in Attack on Chinese Trading Firm
/in General NewsThe Chinese-speaking threat actor known as Earth Lusca has been observed using a new backdoor dubbed KTLVdoor as part of a cyber attack targeting an unnamed trading company based in China.
The previously unreported malware is written in Golang, and thus is a cross-platform weapon capable of targeting both Microsoft Windows and Linux systems.
“KTLVdoor is a highly obfuscated malware that
The Hacker News – Read More
Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks
/in General NewsCisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow unauthenticated, remote attackers to elevate their privileges or access sensitive information.
A brief description of the two vulnerabilities is below –
CVE-2024-20439 (CVSS score: 9.8) – The presence of an undocumented static user credential for an administrative account
The Hacker News – Read More
Indian Army Propaganda Spread by 1.4K AI-Powered Social Media Accounts
/in General NewsFor three years now, more than a thousand social media accounts have been reposting the same pro-India, anti-Pakistan content on Facebook and X.
darkreading – Read More
New Supply Chain Attack “Revival Hijack” Risks Massive PyPI Takeovers
/in General NewsJFrog’s cybersecurity researchers have identified a new PyPI attack technique called “Revival Hijack,” which exploits package deletion policies. Over 22,000 packages are at risk, potentially impacting thousands of users. Stay informed!
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
‘Revival Hijack’ on PyPI Disguises Malware with Legitimate File Names
/in General NewsAdversaries reusing abandoned package names sneak malware into organizations in a sort of software shell game.
darkreading – Read More
US Government Isn’t Ready for Cyber Chaos in the Food and Agriculture Sector
/in General NewsThe industry remains largely unscathed by cyber threats, but recent events like the JBS ransomware attack highlight vulnerabilities. The sector’s increased automation makes it a target for hackers, posing risks to the US food supply.
Cyware News – Latest Cyber News – Read More
Travelers Targeted in New Booking.com Phishing Scam
/in General NewsThe attack involves compromising hotel managers’ accounts to access customer reservation systems, ultimately tricking hotel guests via the Booking.com app. The scheme utilizes a fake domain to deceive users and harvest sensitive data.
Cyware News – Latest Cyber News – Read More
Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation
/in General NewsMicrosoft is experimenting with a major new security mitigation to block attacks targeting flaws in the Windows Common Log File System (CLFS).
The post Microsoft Tackling Windows Logfile Flaws With New HMAC-Based Security Mitigation appeared first on SecurityWeek.
SecurityWeek – Read More
DDoS Attacks Hit France Over Telegram’s Pavel Durov Arrest
/in General NewsHacktivists unite for the #FreeDurov campaign to launch a massive cyber campaign against France in response to Telegram…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
That massive Pixel security flaw has been patched
/in General NewsGoogle’s new update removes software intended only for cell phone store employees that could have been exploited by bad actors.
Latest stories for ZDNET in Security – Read More