BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Oh, the Humanity! How to Make Humans Part of Cybersecurity Design
/in General NewsGovernment and industry want to jump-start the conversation around “human-centric cybersecurity” to boost the usability and effectiveness of security products and services.
darkreading – Read More
Enhance customer experiences with Generative AI
/in General NewsThe advent of Generative AI and its application in real-life use cases has been on the cards for…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
DocuSign Abused to Deliver Fake Invoices
/in General NewsCybercriminals are abusing DocuSign APIs to send bogus email messages that bypass protections such as spam and phishing filters.
The post DocuSign Abused to Deliver Fake Invoices appeared first on SecurityWeek.
SecurityWeek – Read More
New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers
/in General NewsOver 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat actors to conduct fraudulent banking transactions.
“ToxicPanda’s main goal is to initiate money transfers from compromised devices via account takeover (ATO) using a well-known technique called on-device fraud (ODF),” Cleafy researchers Michele Roviello, Alessandro Strino
The Hacker News – Read More
Hackers Deploy CRON#TRAP for Persistent Linux System Backdoors
/in General NewsCRON#TRAP is a new phishing attack using emulated Linux environments to bypass security and establish persistent backdoors. Leveraging…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
On Election Day, Disinformation Worries Security Pros the Most
/in General NewsA Dark Reading poll reveals widespread concern over disinformation about election integrity and voter fraud, even as Russia steps up deepfake attacks meant to sow distrust in the voting process among the electorate.
darkreading – Read More
Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access
/in General NewsAttackers could have exploited IBM Security Verify Access vulnerabilities to compromise the entire authentication infrastructure.
The post Researcher Discloses 36 Vulnerabilities Found in IBM Security Verify Access appeared first on SecurityWeek.
SecurityWeek – Read More
Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks
/in General NewsGoogle warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update.
The post Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Leveraging Wazuh for Zero Trust security
/in General NewsZero Trust security changes how organizations handle security by doing away with implicit trust while continuously analyzing and validating access requests. Contrary to perimeter-based security, users within an environment are not automatically trusted upon gaining access. Zero Trust security encourages continuous monitoring of every device and user, which ensures sustained protection after
The Hacker News – Read More
QNAP fixed NAS backup zero-day demonstrated at Pwn2Own Ireland 2024
/in General NewsIn a way of working that looks like someone digging a trench while the other behind is covering it, and a third one is digging it yet again, this is another example of how bad software keeps cyber security in business. (Great read, by the way) Bad software may be too harsh and flaws may range from exposed credentials, and misconfiguration to more advanced issues like miss-after-use or implicit…
Source
TechSplicer – Read More