BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Breaking Down AD CS Vulnerabilities: Insights for InfoSec Professionals
/in General NewsThe most dangerous vulnerability you’ve never heard of.
In the world of cybersecurity, vulnerabilities are discovered so often, and at such a high rate, that it can be very difficult to keep up with. Some vulnerabilities will start ringing alarm bells within your security tooling, while others are far more nuanced, but still pose an equally dangerous threat. Today, we want to discuss one of
The Hacker News – Read More
New Tickler Malware Used to Backdoor US Government, Defense Organizations
/in General NewsAPT33 used the new Tickler malware to infiltrate government and defense organizations in the US and the UAE. The group, known as Peach Sandstorm and Refined Kitten, is linked to the Iranian Revolutionary Guard Corps.
Cyware News – Latest Cyber News – Read More
LummaC2 Infostealer Resurfaces with Obfuscated PowerShell Tactics
/in General NewsThe latest variant employs obfuscated PowerShell commands to download and execute malicious payloads, utilizing Windows binaries like Mshta.exe and Dllhost.exe for stealth.
Cyware News – Latest Cyber News – Read More
US Government Issues Advisory on Ransomware Group Blamed for Halliburton Cyberattack
/in General NewsThe RansomHub ransomware group, which has made at least 210 victims, is believed to be behind the attack on oil giant Halliburton.
The post US Government Issues Advisory on Ransomware Group Blamed for Halliburton Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Fortra Patches Critical Vulnerability in FileCatalyst Workflow
/in General NewsFortra limits access to FileCatalyst Workflow database after vendor knowledgebase article leaks default credentials.
The post Fortra Patches Critical Vulnerability in FileCatalyst Workflow appeared first on SecurityWeek.
SecurityWeek – Read More
Buffer Overflow Flaw in TP-Link Routers Opens Door to RCE
/in General NewsA critical vulnerability, CVE-2024-42815, with a CVSS score of 9.8, has been discovered in TP-Link RE365 V1_180213 series routers, allowing for remote exploitation and potential takeover.
Cyware News – Latest Cyber News – Read More
US Election-Themed Phishing Scams Rely on Fake Donation Sites
/in General NewsThe domain actsblue[.]com is posing as the legitimate actblue[.]com, a platform for Democratic Party donations. The malicious site is registered anonymously with Namecheap, making it difficult to trace back to the threat actors.
Cyware News – Latest Cyber News – Read More
2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress
/in General NewsA former US president and several members of Congress were targets of a plot carried out by two European men to intimidate and threaten dozens of people by calling in bogus reports of police emergencies at their homes.
The post 2 Men From Europe Charged With ‘Swatting’ Plot Targeting Former US President and Members of Congress appeared first on SecurityWeek.
SecurityWeek – Read More
Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise
/in General NewsCensys warns of over 1,200 internet-accessible WhatsUp Gold instances potentially exposed to malicious attacks.
The post Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise appeared first on SecurityWeek.
SecurityWeek – Read More
Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns
/in General NewsThreat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence Server to conduct illicit cryptocurrency mining on susceptible instances.
“The attacks involve threat actors that employ methods such as the deployment of shell scripts and XMRig miners, targeting of SSH endpoints, killing competing crypto mining processes,
The Hacker News – Read More