BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
VMware Patches High-Severity Code Execution Flaw in Fusion
/in General NewsVMware rolls out patch for a high-severity code execution vulnerability in the Fusion hypervisor.
The post VMware Patches High-Severity Code Execution Flaw in Fusion appeared first on SecurityWeek.
SecurityWeek – Read More
VMware ESXi Servers Targeted by New Ransomware Variant from Cicada3301 Group
/in General NewsA number of similarities between Cicada3301 and ALPHV/BlackCat indicates that it could represent a rebrand or offshoot group.
Security | TechRepublic – Read More
Cyber A.I. Group Announces Global Presentation
/in General NewsMiami, New York, Paris, Worldwide, 3rd September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Google Removing Poor-Quality Android Apps From Play Store to Boost Engagement
/in General NewsIncluded in the purge are static apps, those with limited functionality and content, and apps that crash, freeze, and don’t offer an “engaging user experience,’’ the company said.
Security | TechRepublic – Read More
BlackCat Spinoff ‘Cicada3301’ Uses Stolen Creds on the Fly, Skirts EDR
/in General NewsMalware authors have iterated on one of the premier encryptors on the market, building something even bigger and better.
darkreading – Read More
Trio Admits Running “OTP Agency” Enabling Bank Fraud, and 2FA Bypass
/in General NewsThree men plead guilty to running OTP Agency, a website that enabled criminals to bypass banking security and…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
/in General NewsCybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
“It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,” cybersecurity
The Hacker News – Read More
Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces
/in General NewsDutch agency said a database with billions of photos of faces amounted to serious violations of GDPR.
The post Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces appeared first on SecurityWeek.
SecurityWeek – Read More
CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys
/in General NewsCSOs Jaya Baloo and Jonathan Trull discuss the route, role, and requirements in becoming and being a successful CISO.
The post CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys appeared first on SecurityWeek.
SecurityWeek – Read More
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
/in General NewsA hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus.
“Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools.
“For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
The Hacker News – Read More