BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
NIST Releases New Draft of Digital Identity Proofing Guidelines
/in General NewsThe new draft of NIST’s digital identity proofing guidelines includes updates to accommodate passkeys and mobile driver’s licenses, as well as options for identification without using biometrics like facial recognition.
Cyware News – Latest Cyber News – Read More
CISA Launches Cyber Incident Reporting Portal To Streamline Breach Disclosure
/in General NewsThe CISA has launched a cyber incident reporting portal to make breach disclosure easier. It allows organizations to report cyberattacks, vulnerabilities, and data breaches voluntarily.
Cyware News – Latest Cyber News – Read More
North Korean Cyberattacks Persist: Developers Targeted via npm Packages
/in General NewsThe campaign, known as “Contagious Interview,” tricks developers into downloading fake npm packages or installers. The attackers deploy a Python payload named InvisibleFerret to steal data from cryptocurrency wallets.
Cyware News – Latest Cyber News – Read More
State-Backed Attackers and Commercial Surveillance Vendors Repeatedly Use the Same Exploits
/in General NewsRussian hackers exploited vulnerabilities in Safari and Chrome to launch cyberattacks from November 2023 to July 2024. They used a watering hole attack on Mongolian government websites to infect mobile users with malware, stealing information.
Cyware News – Latest Cyber News – Read More
OceanLotus APT Group Targeting Vietnamese Human Rights Defenders
/in General NewsThe attackers use spear-phishing lures and watering hole campaigns to infiltrate networks and collect sensitive data. Huntress identified four compromised hosts in recent attacks, linking them to Cobalt Strike Beacons and encrypted DLL payloads.
Cyware News – Latest Cyber News – Read More
Webinar: Learn to Boost Cybersecurity with AI-Powered Vulnerability Management
/in General NewsThe world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated.
In this high-stakes game, security leaders need every advantage they can get. That’s where Artificial Intelligence (AI) comes in. AI isn’t just a buzzword; it’s a game-changer for vulnerability management.
AI is poised to revolutionize vulnerability
The Hacker News – Read More
SafeTech Labs Takes Aim at $52B Digital Legacy Industry with World’s First Fully Comprehensive Digital Legacy Solution
/in General NewsBrussel, Belgium, 2nd September 2024, CyberNewsWire
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Next-Generation Attacks, Same Targets – How to Protect Your Users’ Identities
/in General NewsThe FBI and CISA Issue Joint Advisory on New Threats and How to Stop Ransomware
Note: on August 29, the FBI and CISA issued a joint advisory as part of their ongoing #StopRansomware effort to help organizations protect against ransomware. The latest advisory, AA24-242A, describes a new cybercriminal group and its attack methods. It also details three important actions to take today to mitigate
The Hacker News – Read More
Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems
/in General NewsRoblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware.
“By mimicking the popular ‘noblox.js’ library, attackers have published dozens of packages designed to steal sensitive data and compromise systems,” Checkmarx
The Hacker News – Read More
Ransomware Gangs Pummel Southeast Asia
/in General NewsSuccessful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year.
darkreading – Read More