BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
BlackCat Spinoff ‘Cicada3301’ Uses Stolen Creds on the Fly, Skirts EDR
/in General NewsMalware authors have iterated on one of the premier encryptors on the market, building something even bigger and better.
darkreading – Read More
Trio Admits Running “OTP Agency” Enabling Bank Fraud, and 2FA Bypass
/in General NewsThree men plead guilty to running OTP Agency, a website that enabled criminals to bypass banking security and…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
New Rust-Based Ransomware Cicada3301 Targets Windows and Linux Systems
/in General NewsCybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation.
“It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector,” cybersecurity
The Hacker News – Read More
Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces
/in General NewsDutch agency said a database with billions of photos of faces amounted to serious violations of GDPR.
The post Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces appeared first on SecurityWeek.
SecurityWeek – Read More
CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys
/in General NewsCSOs Jaya Baloo and Jonathan Trull discuss the route, role, and requirements in becoming and being a successful CISO.
The post CISO Conversations: Jaya Baloo From Rapid7 and Jonathan Trull From Qualys appeared first on SecurityWeek.
SecurityWeek – Read More
Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus
/in General NewsA hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus.
“Head Mare uses more up-to-date methods for obtaining initial access,” Kaspersky said in a Monday analysis of the group’s tactics and tools.
“For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which
The Hacker News – Read More
Canonical Addresses Critical Linux Kernel AWS Vulnerabilities with New Patches
/in General NewsSecurity researchers have identified six vulnerabilities, including a race condition in the Bluetooth RFCOMM protocol driver that can crash the system, a race condition in the Bluetooth subsystem, and a double-free error in the net/mlx5e module.
Cyware News – Latest Cyber News – Read More
Improved Software Supply Chain Resilience Equals Increased Security
/in General NewsUnderstanding through visibility, managing through governance, and anticipating through continuous deployment will better prepare organizations for the next supply chain attack.
darkreading – Read More
Researchers Link ManticoraLoader Malware to Ares Malware Developer
/in General NewsResearchers have traced the new ManticoraLoader malware-as-a-service (MaaS) to the cybercriminal group ‘DarkBLUP,’ previously associated with distributing AresLoader and AiDLocker ransomware from the DeadXInject group.
Cyware News – Latest Cyber News – Read More
Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking
/in General NewsThe FTC complaint alleges that Verkada’s failures allowed a hacker to access customers’ security cameras.
The post Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking appeared first on SecurityWeek.
SecurityWeek – Read More