BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Attackers Exploit Public .env Files to Breach Cloud and Social Media Accounts
/in General NewsA large-scale extortion campaign has compromised various organizations by taking advantage of publicly accessible environment variable files (.env) that contain credentials associated with cloud and social media applications.
“Multiple security missteps were present in the course of this campaign, including the following: Exposing environment variables, using long-lived credentials, and absence
The Hacker News – Read More
Thousands of Oracle NetSuite E-Commerce Sites Expose Sensitive Customer Data
/in General NewsUsers of Oracle’s ERP for Web storefronts might not be aware of a misconfiguration which could put customer data at risk of exposure.
darkreading – Read More
Report: 56% of Security Professionals Worry About AI-Powered Threats
/in General NewsAI professionals have concerns about their jobs being replaced by AI tools, with 56% of security professionals worried about AI-powered threats, as reported by Pluralsight.
Cyware News – Latest Cyber News – Read More
Security Experts Welcome NIST’s New Encryption Standards For Quantum Computers
/in General NewsAlthough quantum computing is not yet widespread, current encryption methods pose a significant risk of cyberattacks, the agency said.
Security | TechRepublic – Read More
A ‘very large percentage’ of Pixel phones have a hidden security vulnerability
/in General NewsAn app for store employees to show off devices had privileges it didn’t need. A fix is on the way.
Latest stories for ZDNET in Security – Read More
Russian Hacker Jailed 3+ Years for Selling Stolen Credentials on Dark Web
/in General NewsA 27-year-old Russian national has been sentenced to over three years in prison for peddling financial information, login credentials, and other personally identifying information (PII) on a now-defunct dark web marketplace called Slilpp.
Georgy Kavzharadze, 27, of Moscow, Russia, pleaded guilty to one count of conspiracy to commit bank fraud and wire fraud earlier this February. In addition to
The Hacker News – Read More
The AI Balancing Act: Unlocking Potential, Dealing with Security Issues, Complexity
/in General NewsMany organizations struggle with AI literacy, cautious adoption, and risks of immature implementation, leading to disruptions in security, including data threats and AI misuse.
Cyware News – Latest Cyber News – Read More
Report: Ransomware Gangs Rake in More Than $450 Million in First Half of 2024
/in General NewsRansomware groups have earned over $450 million in H1 2024 by extorting victims through cryptocurrency payments, according to a report by Chainalysis. It has risen from the previous year, with a record ransom payment of $75 million reported.
Cyware News – Latest Cyber News – Read More
Russian Hackers Using Fake Brand Sites to Spread DanaBot and StealC Malware
/in General NewsCybersecurity researchers have shed light on a sophisticated information stealer campaign that impersonates legitimate brands to distribute malware like DanaBot and StealC.
The activity cluster, orchestrated by Russian-speaking cybercriminals and collectively codenamed Tusk, is said to encompass several sub-campaigns, leveraging the reputation of the platforms to trick users into downloading the
The Hacker News – Read More
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
/in General NewsSecurity researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek.
SecurityWeek – Read More