BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
‘Store Now, Decrypt Later’: US Leaders Prep for Quantum Cryptography Concerns
/in General NewsU.S. cybersecurity leaders are focusing on preparing for the potential risks posed by quantum cryptography tools that could threaten critical infrastructure and national security.
Cyware News – Latest Cyber News – Read More
Employee Arrested for Locking Windows Admins Out of 254 Servers in Extortion Plot
/in General NewsThe FBI investigation revealed that the suspect, Daniel Rhyne, had accessed the company’s systems without authorization and changed passwords for various accounts. Rhyne’s actions were intended to deny the company access to its systems and data.
Cyware News – Latest Cyber News – Read More
Third-Party Risk Management is Under the Spotlight
/in General NewsThird-party risk management is a critical issue in the wake of the CrowdStrike IT outage, revealing vulnerabilities within financial institutions related to supply chain resilience, especially in vital sectors like financial services.
Cyware News – Latest Cyber News – Read More
Why Identity Teams Need to Start Reporting to the CISO
/in General NewsIdentity management sits with IT for good reason, but now that identity is the common denominator in every attack, it’s time identity security was owned by a leader with a security background, like the CISO.
darkreading – Read More
UK Labour Party Reprimanded Over Cyberattack Backlog by Privacy Regulator
/in General NewsMore than 150 people filed complaints to the Information Commissioner’s Office (ICO) regarding the delay in responding to subject access requests (SARs) after the cyberattack in October 2021.
Cyware News – Latest Cyber News – Read More
Russian APT29 Using NSO Group-Style Exploits in Attacks, Google
/in General NewsGoogle’s Threat Analysis Group (TAG) has exposed a new campaign by Russian state-backed APT29, also known as Cozy…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Cyberattackers Exploit Google Sheets for Malware Control in Global Espionage Campaign
/in General NewsCybersecurity researchers have uncovered a novel malware campaign that leverages Google Sheets as a command-and-control (C2) mechanism.
The activity, detected by Proofpoint starting August 5, 2024, impersonates tax authorities from governments in Europe, Asia, and the U.S., with the goal of targeting over 70 organizations worldwide by means of a bespoke tool called Voldemort that’s equipped to
The Hacker News – Read More
Report: Ransomware Attacks on US Schools and Colleges Cost $9.45 Billion
/in General NewsOver the last few years, ransomware attacks have become a major concern for schools and colleges in the US, with an average of $500,000 being lost per day due to downtime from these attacks, according to Comparitech.
Cyware News – Latest Cyber News – Read More
The NIS2 Directive: How Far Does it Reach?
/in General NewsKey aspects of the NIS2 Directive include a focus on proactive cybersecurity measures for entities within its scope, such as risk analysis, incident handling, and supply chain security.
Cyware News – Latest Cyber News – Read More
Iranian Hackers Set Up New Network to Target U.S. Political Campaigns
/in General NewsCybersecurity researchers have unearthed new network infrastructure set up by Iranian threat actors to support activities linked to the recent targeting of U.S. political campaigns.
Recorded Future’s Insikt Group has linked the infrastructure to a threat it tracks as GreenCharlie, an Iran-nexus cyber threat group that overlaps with APT42, Charming Kitten, Damselfly, Mint Sandstorm (formerly
The Hacker News – Read More