BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Update: Ransomware Attack on Indian Payment System Traced Back to Jenkins Bug
/in General NewsA recent ransomware attack on Indian payment systems has been traced back to a vulnerability in the widely used Jenkins automation system. The attack targeted a digital payment system used by many Indian banks.
Cyware News – Latest Cyber News – Read More
Hackers Exploit PHP Vulnerability to Deploy Stealthy Msupedge Backdoor
/in General NewsA previously undocumented backdoor named Msupedge has been put to use against a cyber attack targeting an unnamed university in Taiwan.
“The most notable feature of this backdoor is that it communicates with a command-and-control (C&C) server via DNS traffic,” the Symantec Threat Hunter Team, part of Broadcom, said in a report shared with The Hacker News.
The origins of the backdoor are
The Hacker News – Read More
How Exceptional CISOs Are Igniting the Security Fire in Their Development Team
/in General NewsFor years, many CISOs have struggled to influence their development cohort on the importance of putting security first.
The post How Exceptional CISOs Are Igniting the Security Fire in Their Development Team appeared first on SecurityWeek.
SecurityWeek – Read More
Multiple Microsoft Apps for macOS Vulnerable to Library Injection Attacks
/in General NewsMicrosoft has classified the issue as low-severity and has not issued any fixes, except for Teams and OneNote apps. Excel, Outlook, PowerPoint, and Word apps remain vulnerable.
Cyware News – Latest Cyber News – Read More
CISA Adds Jenkins CLI Bug to its Known Exploited Vulnerabilities Catalog
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a Jenkins Command Line Interface (CLI) Path Traversal vulnerability, known as CVE-2024-23897 with a CVSS score of 9.8, to its Known Exploited Vulnerabilities catalog.
Cyware News – Latest Cyber News – Read More
Microsoft Mandates MFA for all Azure Sign-Ins
/in General NewsPhase 1 in October 2024 will require MFA for accessing Azure portal, Microsoft Entra admin center, and Intune admin center, with Phase 2 in early 2025 extending enforcement to Azure CLI, Azure PowerShell, mobile app, and Infrastructure as Code tools.
Cyware News – Latest Cyber News – Read More
Update: US Agencies Attribute Presidential Campaign Cyberattacks to Iran
/in General NewsThe statement — which came Monday from the FBI, CISA, and the Office of the Director of National Intelligence (ODNI) — specifically attributes the recently announced cyberattack on the campaign of former President Donald Trump to Iranian actors.
Cyware News – Latest Cyber News – Read More
FBI and CISA Assure Public on Election Ransomware Security
/in General NewsFBI and CISA issued a PSA reassuring the public about the security of the 2024 election cycle against ransomware attacks. While attacks on government networks could cause temporary delays, voting systems’ integrity remains intact.
Cyware News – Latest Cyber News – Read More
CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding
/in General NewsClark Construction has been tasked with building the 630,000 square foot sustainable state-of-the-art facility for CISA.
The post CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Exploit Paris Olympics With Fake Domains
/in General NewsAccording to a report by cybersecurity researchers at BforeAI, threat actors used fake social media accounts, stores, ticketing systems, and fraudulent cryptocurrencies to target unsuspecting victims.
Cyware News – Latest Cyber News – Read More