BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
New Cyberattack Targets Chinese-Speaking Businesses with Cobalt Strike Payloads
/in General NewsChinese-speaking users are the target of a “highly organized and sophisticated attack” campaign that is likely leveraging phishing emails to infect Windows systems with Cobalt Strike payloads.
“The attackers managed to move laterally, establish persistence and remain undetected within the systems for more than two weeks,” Securonix researchers Den Iuzvyk and Tim Peck said in a new report.
The
The Hacker News – Read More
North Korean Hackers Target Developers with Malicious npm Packages
/in General NewsThreat actors with ties to North Korea have been observed publishing a set of malicious packages to the npm registry, indicating “coordinated and relentless” efforts to target developers with malware and steal cryptocurrency assets.
The latest wave, which was observed between August 12 and 27, 2024, involved packages named temp-etherscan-api, ethersscan-api, telegram-con, helmet-validate, and
The Hacker News – Read More
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments
/in General NewsA comprehensive guide authored by Dean Parsons emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats.
With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its essential new strategy guide, “ICS Is the Business: Why Securing
The Hacker News – Read More
Cobalt Appoints Sonali Shah as CEO
/in General NewsPost Content
darkreading – Read More
Iran’s ‘Fox Kitten’ Group Aids Ransomware Attacks on US Targets
/in General NewsIn a joint advisory, CISA and the FBI described the activity as a likely attempt by the group to monetize access to networks it already has compromised.
darkreading – Read More
Cyber Insurance: A Few Security Technologies, a Big Difference in Premiums
/in General NewsRansomware attacks and email-based fraud account for 80% to 90% of all claims processed by cyber insurers, but a handful of cybersecurity technologies can help prevent big damages.
darkreading – Read More
Nvidia’s ‘Eagle’ AI sees the world in Ultra-HD, and it’s coming for your job
/in General NewsNvidia’s Eagle AI model revolutionizes visual understanding with high-resolution processing and multiple vision encoders, advancing document comprehension and visual question answering across industries.Read More
Security News | VentureBeat – Read More
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024
/in General NewsPost Content
darkreading – Read More
Threat Actors Exploit Microsoft Sway to Host QR Code Phishing Campaigns
/in General NewsThreat actors are abusing Microsoft Sway to host QR Code phishing campaigns.
Security | TechRepublic – Read More
Brazilian Ad Fraud Network ‘Camu’ Hits 2B+ Daily Bid Requests
/in General NewsThe global Internet helps just about everything to scale more easily, including piracy and ad fraud.
darkreading – Read More