BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Common API Security Issues: From Exposed Secrets To Unauthorized Access
/in General NewsAPI security is a major concern due to issues like exposed secrets and unauthorized access, leading to serious vulnerabilities for many organizations. A recent report shoed 35% of exposed API keys are still active, posing significant security risks.
Cyware News – Latest Cyber News – Read More
UK: NCSC Opens Cyber Resilience Audit Scheme to Applicants
/in General NewsThe NCSC has launched the Cyber Resilience Audit (CRA) scheme to find auditors for a new cyber-resilience initiative. It focuses on conducting independent audits based on the Cyber Assessment Framework (CAF) to support nationally critical sectors.
Cyware News – Latest Cyber News – Read More
Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover
/in General NewsA critical vulnerability in the GiveWP WordPress plugin could be exploited for remote code execution and arbitrary file deletion.
The post Critical Flaw in Donation Plugin Exposed 100,000 WordPress Sites to Takeover appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Resilience Drives Down Cyber Insurance Claims
/in General NewsRansomware resilience is leading to a decrease in cyber insurance claims, as reported by UK backup solutions provider Databarracks. While more organizations are investing in cyber insurance, the number of claims has dropped significantly.
Cyware News – Latest Cyber News – Read More
Digital Wallets can Allow Purchases With Stolen Credit Cards
/in General NewsOnce a stolen card is added to the attacker’s wallet, they can use it to make purchases without being detected, even after the original card has been canceled. Recurring transactions are also vulnerable to abuse, allowing payments with locked cards.
Cyware News – Latest Cyber News – Read More
x64dbg: Open-Source Binary Debugger for Windows
/in General Newsx64dbg is an open-source binary debugger for Windows, perfect for malware analysis and reverse engineering executables. It has a user-friendly UI that simplifies navigation and provides context on the process.
Cyware News – Latest Cyber News – Read More
Hackers Could Exploit Microsoft Teams on macOS to Steal Data
/in General NewsCisco Talos reveals 8 vulnerabilities in Microsoft’s macOS apps, exploiting TCC framework weaknesses. Hackers can bypass security, inject…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Xeon Sender Enables Large-Scale SMS Spam Attacks Using Legitimate SaaS Providers
/in General NewsXeon Senderallows attackers to conduct large-scale SMS spam and phishing campaigns using legitimate SaaS providers. Distributed through Telegram and hacking forums, it requires API credentials from popular providers like Amazon SNS and Twilio.
Cyware News – Latest Cyber News – Read More
Three-Quarters of Companies Retain An Increasing Amount of Sensitive Data, Report Finds
/in General NewsPerforce reveals that companies are struggling with increased sensitive data in non-production environments, leading to higher breach risks and compliance challenges.
Security | TechRepublic – Read More
Most Ransomware Attacks Occur When Security Staff Are Asleep, Study Finds
/in General NewsThreatDown 2024 Report: Malwarebytes reveals ransomware trends, showing most attacks occur at night when security staff are off duty.
Security | TechRepublic – Read More