BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Fake Funeral Live Stream Scams Target Grieving Users on Facebook
/in General NewsThis type of scam typically starts with a comment on a funeral home’s Facebook notification, promoting a fake live stream of the funeral service or soliciting donations on behalf of the deceased family.
Cyware News – Latest Cyber News – Read More
SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access
/in General NewsSonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant malicious actors unauthorized access to the devices.
The vulnerability, tracked as CVE-2024-40766 (CVSS score: 9.3), has been described as an improper access control bug.
“An improper access control vulnerability has been identified in the SonicWall SonicOS
The Hacker News – Read More
Over 3400 High and Critical Cyber Alerts Recorded in First Half 2024
/in General NewsA report from Critical Start’s Cyber Research Unit revealed over 3400 high and critical cyber alerts in the first half of 2024, marking a 46.15% increase in attacks in the US compared to 2023.
Cyware News – Latest Cyber News – Read More
Georgia Tech Sued Over Alleged False Cybersecurity Reports to Win DoD Contracts
/in General NewsComplaint alleges that defendants submitted a false and fraudulent cybersecurity assessment score.
The post Georgia Tech Sued Over Alleged False Cybersecurity Reports to Win DoD Contracts appeared first on SecurityWeek.
SecurityWeek – Read More
CISA’s $524M headquarters slated for DHS campus in 2027
/in General NewsCISA’s new $524M headquarters, set to be completed in 2027, will be located at the DHS campus in Washington. Construction is expected to begin in the fall, consolidating the agency’s workforce currently spread across five office rentals.
Cyware News – Latest Cyber News – Read More
Russian Laundering Millions for Lazarus Hackers Arrested in Argentina
/in General NewsA 29-year-old Russian national has been arrested in Buenos Aires, Argentina by the federal police on charges of money laundering for North Korean Lazarus hackers using cryptocurrency.
Cyware News – Latest Cyber News – Read More
WordPress Websites Used to Distribute ClearFake Trojan Malware
/in General NewsWordPress websites were found distributing the ClearFake Trojan malware, a dangerous threat that can lead to ransomware infections. The malware was disguised as a prompt to install a root certificate.
Cyware News – Latest Cyber News – Read More
Aggressively Monitoring for Changes Is a Key Aspect of Cybersecurity
/in General NewsEmployees and management must fully support change detection and file integrity monitoring, allowing a proactive approach with definitive security controls to be implemented against threat actors.
darkreading – Read More
Telecom Company Hit with $1 Million Penalty Over AI-Generated Fake Robocalls
/in General NewsLingo Telecom failed to comply with caller ID rules before the New Hampshire primary. FCC is seeking a $6 million fine against political consultant Steve Kramer for arranging the calls.
Cyware News – Latest Cyber News – Read More
US Authorities Warn Healthcare Sector of Everest Ransomware Threats
/in General NewsThe group, which has been active since 2020, specializes in data extortion and ransomware attacks. They have targeted at least 20 healthcare entities since 2021 and claim to have stolen patient information.
Cyware News – Latest Cyber News – Read More