BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Dozens of Google Products Targeted by Scammers via Malicious Search Ads
/in General NewsScammers have been targeting dozens of Google products through malicious search ads. They impersonated Google’s product line and used Looker Studio to lock up Windows and Mac users’ browsers.
Cyware News – Latest Cyber News – Read More
OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda
/in General NewsOpenAI on Friday said it banned a set of accounts linked to what it said was an Iranian covert influence operation that leveraged ChatGPT to generate content that, among other things, focused on the upcoming U.S. presidential election.
“This week we identified and took down a cluster of ChatGPT accounts that were generating content for a covert Iranian influence operation identified as
The Hacker News – Read More
Server-Side Template Injection: Transforming Web Applications from Assets to Liabilities – Check Point Research
/in General NewsServer-Side Template Injection (SSTI) vulnerabilities are a growing concern in web applications, allowing attackers to inject malicious code into templates and gain control over servers.
Cyware News – Latest Cyber News – Read More
A Deep Dive Into a New ValleyRAT Campaign Targeting Chinese Speakers
/in General NewsThe malware masquerades as legitimate applications like Microsoft Office and creates an empty file to lure users. It also checks for virtual machines and uses sleep obfuscation to evade memory scanners.
Cyware News – Latest Cyber News – Read More
CISA Warns Critical Vulnerabilities in Vonets WiFi Bridge Devices, No Patch Available
/in General NewsThese vulnerabilities could allow attackers to execute arbitrary code, disclose sensitive information, or disrupt device functionality, posing a significant threat to industrial and commercial networks relying on these devices.
Cyware News – Latest Cyber News – Read More
PrestaShop GTAG Websocket Skimmer
/in General NewsA recent investigation uncovered a credit card skimmer using a web socket connection to steal credit card details from an infected PrestaShop website. Attackers use web sockets for obfuscation, making it difficult to analyze traffic.
Cyware News – Latest Cyber News – Read More
Sophos X-Ops: Ransomware gangs escalating tactics, going to ‘chilling’ lengths
/in General NewsWhether targeting executives’ family members or snitching on those that don’t pay, ransomware gangs are taking their tactics to new heights.Read More
Security News | VentureBeat – Read More
Iran Reportedly Grapples With Major Cyberattack on Banking Systems
/in General NewsThe last known cyberattack waged against Iranian infrastructure took place last December with the blame placed on Israel and the US.
darkreading – Read More
The Slow-Burn Nightmare of the National Public Data Breach
/in General NewsSocial Security numbers, physical addresses, and more—all available online. After months of confusion, leaked information from a background-check firm underscores the long-term risks of data breaches.
Security Latest – Read More
Are 2024 US Political Campaigns Prepared for the Coming Cyber Threats?
/in General NewsWhen it comes to this year’s candidates and political campaigns fending off major cyberattacks, a lot has changed since the 2016 election cycle.
darkreading – Read More