BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
North Korean Hackers Deploy FudModule Rootkit via Chrome Zero-Day Exploit
/in General NewsA recently patched security flaw in Google Chrome and other Chromium web browsers was exploited as a zero-day by North Korean actors in a campaign designed to deliver the FudModule rootkit.
The development is indicative of the persistent efforts made by the nation-state adversary, which had made a habit of incorporating rafts of Windows zero-day exploits into its arsenal in recent months.
The Hacker News – Read More
New Voldemort Malware Uses Google Sheets to Target Key Sectors Globally
/in General NewsThe Voldemort Malware campaign is spreading globally with over 20,000 phishing emails to more than 70 organizations, with…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Taylor Swift Concert Terror Plot Was Thwarted by Key CIA Tip
/in General NewsPlus: China-linked hackers infiltrate US internet providers, authorities crack down on a major piracy operation, and a ransomware gang claims attacks during the Paris Olympics.
Security Latest – Read More
New Snake Keylogger Variant Slithers Into Phishing Campaigns
/in General NewsThe attack starts with a phishing email disguised as a fund transfer notification, with an attached Excel file named “swift copy.xls” that triggers the deployment of Snake Keylogger on the victim’s computer upon opening.
Cyware News – Latest Cyber News – Read More
Rocinante: The Trojan Horse That Wanted to Fly
/in General NewsOnce installed, the Rocinante malware prompts the victim to grant Accessibility Services and displays phishing screens tailored to different banks to steal personal information.
Cyware News – Latest Cyber News – Read More
Operation DevilTiger: APT-Q-12’s Shadowy Tactics and Zero-Day Exploits Unveiled
/in General NewsThe QiAnXin Threat Intelligence Center has revealed the details of “Operation DevilTiger,” a cyber espionage campaign carried out by the elusive APT-Q-12 group, also known as “Pseudo Hunter.”
Cyware News – Latest Cyber News – Read More
FBI: RansomHub Ransomware Breached 210 Victims Since February 2024
/in General NewsThe ransomware operation focuses on data theft extortion rather than encrypting files, with victims facing the threat of stolen data being leaked or sold if negotiations fail.
Cyware News – Latest Cyber News – Read More
Godzilla Fileless Backdoors Targeting Atlassian Confluence
/in General NewsThe Godzilla fileless backdoor relies on a complex series of actions, such as cryptographic operations, class loading, and dynamic injection, to establish unauthorized access.
Cyware News – Latest Cyber News – Read More
Suspected Espionage Campaign Delivers New Voldemort Malware
/in General NewsThe campaign, which targeted organizations worldwide, involved impersonating tax authorities from various countries and utilizing Google Sheets for command and control (C2).
Cyware News – Latest Cyber News – Read More
AI is growing faster than companies can secure it, warn industry leaders
/in General NewsIndustry leaders at DataGrail Summit 2024 warn of AI’s exponential growth outpacing security measures, urging companies to invest in robust AI safety systems to mitigate risks and protect consumer trust.Read More
Security News | VentureBeat – Read More