BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
City of Flint Scrambling to Restore Services Following Ransomware Attack
/in General NewsThe City of Flint, Michigan, has been struggling with network and online service disruptions after being hit by ransomware last week.
The post City of Flint Scrambling to Restore Services Following Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
US Lawmakers Want Investigation Into TP-Link Over Chinese Hacking Fears
/in General NewsLawmakers want TP-Link to be investigated by the Department of Commerce over concerns that its routers can be easily hacked to infiltrate US systems.
The post US Lawmakers Want Investigation Into TP-Link Over Chinese Hacking Fears appeared first on SecurityWeek.
SecurityWeek – Read More
Crypto Firm Says Hacker Locked All Employees Out of Google Products for Four Days
/in General NewsA cryptocurrency company reported to the SEC that a hacker breached its systems on August 9, 2024, locking all employees out of Google products for four days by changing the passwords on their G-Suite accounts.
Cyware News – Latest Cyber News – Read More
Oregon Zoo Ticketing Service Hack Impacts 118,000
/in General NewsA web skimmer was likely used to steal names and payment card data from the Oregon Zoo’s online ticketing service.
The post Oregon Zoo Ticketing Service Hack Impacts 118,000 appeared first on SecurityWeek.
SecurityWeek – Read More
How to Automate the Hardest Parts of Employee Offboarding
/in General NewsAccording to recent research on employee offboarding, 70% of IT professionals say they’ve experienced the negative effects of incomplete IT offboarding, whether in the form of a security incident tied to an account that wasn’t deprovisioned, a surprise bill for resources that aren’t in use anymore, or a missed handoff of a critical resource or account. This is despite an average of five
The Hacker News – Read More
Mad Liberator Gang Uses Fake Windows Update Screen to Hide Data Theft
/in General NewsA new cybercrime group named Mad Liberator has been identified by the Sophos X-Ops Incident Response team for targeting AnyDesk users. This ransomware group is using a fake Microsoft Windows update screen to hide their data exfiltration activities.
Cyware News – Latest Cyber News – Read More
Microsoft Announces Mandatory MFA for Azure
/in General NewsMicrosoft is implementing automatic enforcement of multi-factor authentication (MFA) for all Azure users starting October.
The post Microsoft Announces Mandatory MFA for Azure appeared first on SecurityWeek.
SecurityWeek – Read More
CyberGhost vs ExpressVPN (2024): Which VPN Is Better?
/in General NewsWhile CyberGhost VPN presents an impressive amount of servers, ExpressVPN’s consistent VPN speeds and strong third-party audits give it the edge.
Security | TechRepublic – Read More
Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks
/in General NewsMalicious actors are using a cloud attack tool named Xeon Sender to conduct SMS phishing and spam campaigns on a large scale by abusing legitimate services.
“Attackers can use Xeon to send messages through multiple software-as-a-service (SaaS) providers using valid credentials for the service providers,” SentinelOne security researcher Alex Delamotte said in a report shared with The Hacker News.
The Hacker News – Read More
Unfixed Microsoft Entra ID Authentication Bypass Threatens Hybrid IDs
/in General NewsCymulate’s proof-of-concept attack demonstrates how multiple on-premises domains syncing to a single Azure tenant can lead to credential mishandling, potentially allowing unauthorized access to different domains.
Cyware News – Latest Cyber News – Read More