BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
USDoD Hacker Behind $3 Billion SSN Leak Reveals Himself as Brazilian Citizen
/in General NewsInfamous hacker USDoD, linked to major data breaches, reveals his identity as a Brazilian citizen. Discover the implications…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI
/in General NewsNoteworthy stories that might have slipped under the radar: FAA improving cyber rules for airplanes, NGate Android malware used to steal cash from ATMs, abusing Slack AI to steal data.
The post In Other News: FAA Improving Cyber Rules, Android Malware Enables ATM Withdrawals, Data Theft via Slack AI appeared first on SecurityWeek.
SecurityWeek – Read More
Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform
/in General NewsLet’s be honest. The world of cybersecurity feels like a constant war zone. You’re bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It’s exhausting, isn’t it?
But what if there was a better way?
Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is
The Hacker News – Read More
Leveraging Ancient Tactics for Modern Malware
/in General NewsThe HYAS Threat Intelligence team has detected threat actors using Steam for malicious activities, like hosting C2 domain addresses and exploiting user accounts. One actor used a Substitution Cipher to hide C2 domains.
Cyware News – Latest Cyber News – Read More
Focus on What Matters Most: Exposure Management and Your Attack Surface
/in General NewsRead the full article for key points from Intruder’s VP of Product, Andy Hornegold’s recent talk on exposure management. If you’d like to hear Andy’s insights first-hand, watch Intruder’s on-demand webinar. To learn more about reducing your attack surface, reach out to their team today.
Attack surface management vs exposure management
Attack surface management (ASM) is the ongoing
The Hacker News – Read More
New Phishing Campaign Targets US Government Organizations
/in General NewsThe attackers have become more sophisticated in their approach, specifically targeting email addresses from 338 US government entities. The phishing links redirect victims to a fake Microsoft Teams login page.
Cyware News – Latest Cyber News – Read More
Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say
/in General NewsKentucky man attempted to fake his death to avoid paying child support obligations by hacking into state registries and falsifying official records.
The post Hacker Tried to Dodge Child Support by Breaking Into Registry to Fake His Death, Prosecutors Say appeared first on SecurityWeek.
SecurityWeek – Read More
US, Allies Release Guidance on Event Logging and Threat Detection
/in General NewsGovernment agencies in the US and allied countries have released guidance on how organizations can define a baseline for event logging best practices.
The post US, Allies Release Guidance on Event Logging and Threat Detection appeared first on SecurityWeek.
SecurityWeek – Read More
New Qilin Ransomware Attack Uses VPN Credentials, Steals Chrome Data
/in General NewsThe threat actors behind a recently observed Qilin ransomware attack have stolen credentials stored in Google Chrome browsers on a small set of compromised endpoints.
The use of credential harvesting in connection with a ransomware infection marks an unusual twist, and one that could have cascading consequences, cybersecurity firm Sophos said in a Thursday report.
The attack, detected in July
The Hacker News – Read More
Degraded Performance Issue Sparks Concern Among CrowdStrike Customers
/in General NewsCrowdStrike has addressed a cloud service issue causing degraded performance and boot times for some of its customers.
The post Degraded Performance Issue Sparks Concern Among CrowdStrike Customers appeared first on SecurityWeek.
SecurityWeek – Read More