BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Dick’s Sporting Goods Discloses Cyberattack
/in General NewsThe sporting goods retail chain said hte incident exposed portions of the its IT systems containing confidential information.
The post Dick’s Sporting Goods Discloses Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Cybersecurity Maturity: A Must-Have on the CISO’s Agenda
/in General NewsUndertaking a cybersecurity maturity review helps leaders establish a benchmark from which to build a proactive improvement strategy.
The post Cybersecurity Maturity: A Must-Have on the CISO’s Agenda appeared first on SecurityWeek.
SecurityWeek – Read More
Marketing Trends: How to Use Big Data Effectively
/in General NewsWhat are the benefits of big data in marketing and SEO? Learn and find effective tactics for implementing…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
/in General NewsThe Pioneer Kitten attackers are monetizing their access to compromised organizations’ networks by selling domain admin credentials and full domain control privileges on cybercrime marketplaces.
Cyware News – Latest Cyber News – Read More
Dragos Expands Asset Visibility in Latest Platform Update
/in General NewsThe latest release of the Dragos Platform provide industrial and critical infrastructure organizations with complete and enriched view of their OT environment.
darkreading – Read More
Critical Fortra FileCatalyst Workflow Vulnerability Patched (CVE-2024-6633)
/in General NewsThe flaw, known as CVE-2024-6633, involves the use of default credentials for the HSQL database, which could compromise the software’s confidentiality, integrity, and availability.
Cyware News – Latest Cyber News – Read More
Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa
/in General NewsGoogle TAG publishes evidence showing identical or striking similarities between exploits using by Russia’s APT29 and commercial spyware vendors.
The post Google Catches Russian APT Reusing Exploits From Spyware Merchants NSO Group, Intellexa appeared first on SecurityWeek.
SecurityWeek – Read More
How AitM Phishing Attacks Bypass MFA and EDR—and How to Fight Back
/in General NewsAttackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks.
AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering.
In this article, we’re going to look at what AitM phishing
The Hacker News – Read More
NordVPN vs Proton VPN (2024): Which VPN Should You Choose?
/in General NewsWhile Proton VPN’s strong focus on privacy is enticing, NordVPN’s fast-performing and all-around
VPN service is the better overall package between the two.
Security | TechRepublic – Read More
Unpatched AVTECH IP Camera Flaw Exploited by Hackers for Botnet Attacks
/in General NewsA years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet.
CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a “command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE),” Akamai researchers Kyle
The Hacker News – Read More