BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Novel Phishing Method Used in Android and iOS Financial Fraud Campaigns
/in General NewsThis method was first disclosed by CSIRT KNF in Poland in July 2023 and later observed in Czechia by ESET analysts. Similar campaigns were also observed targeting banks in Hungary and Georgia.
Cyware News – Latest Cyber News – Read More
Don’t panic! It’s only 60 Linux CVE security bulletins a week
/in General NewsIn security circles, Common Vulnerabilities and Exposures security bulletins can be downright scary. In Linux, however, it’s just business as usual.
Latest stories for ZDNET in Security – Read More
Researcher Details Microsoft Outlook Zero-Click Vulnerability (CVE-2024-38021)
/in General NewsThe vulnerability stems from how Outlook handles hyperlink objects in image tags in emails, enabling attackers to exploit a composite moniker to trigger remote code execution.
Cyware News – Latest Cyber News – Read More
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
/in General NewsA vulnerability in Microsoft Copilot Studio exposed information on internal services shared among tenants, potentially impacting multiple customers.
The post Microsoft Copilot Studio Vulnerability Led to Information Disclosure appeared first on SecurityWeek.
SecurityWeek – Read More
Google Play Bug Bounty Program Shutting Down
/in General NewsGoogle is shutting down its Google Play Security Reward Program (GPSRP) after determining that it has achieved its goal.
The post Google Play Bug Bounty Program Shutting Down appeared first on SecurityWeek.
SecurityWeek – Read More
TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset
/in General NewsIran-linked TA453 targeted a religious figure with a fake podcast interview invitation, attempting to deliver the BlackSmith malware toolkit. The initial lure involved an email leading to a malicious link containing the AnvilEcho PowerShell trojan.
Cyware News – Latest Cyber News – Read More
Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue
/in General NewsAs many as 15,000 applications using AWS Application Load Balancer (ALB) could be exposed to ALBeast attacks.
The post Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue appeared first on SecurityWeek.
SecurityWeek – Read More
New macOS Malware TodoSwift Linked to North Korean Hacking Groups
/in General NewsCybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups.
“This application shares several behaviors with malware we’ve seen that originated in North Korea (DPRK) — specifically the threat actor known as BlueNoroff — such as KANDYKORN and RustBucket,” Kandji security
The Hacker News – Read More
It’s Time To Untangle the SaaS Ball of Yarn
/in General NewsIt’s no great revelation to say that SaaS applications have changed the way we operate, both in our personal and professional lives. We routinely rely on cloud-based and remote applications to conduct our basic functions, with the result that the only true perimeter of our networks has become the identities with which we log into these services.
Unfortunately – as is so often the case – our
The Hacker News – Read More
ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk
/in General NewsALBeast is a critical vulnerability that allows attackers to bypass authentication and authorization in AWS ALB-based applications. Learn…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More