BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign
/in General NewsSecurity researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables.
The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek.
SecurityWeek – Read More
In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack
/in General NewsNoteworthy stories that might have slipped under the radar: there are 400 CVE Numbering Authorities, crash reports can be a valuable source of information, and Schlatter was hit by a cyberattack.
The post In Other News: 400 CNAs, Crash Reports, Schlatter Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
Russian Citizen Sentenced in US for Selling Stolen Financial Data on Criminal Marketplace
/in General NewsA Russian citizen, known by various online names like “TeRorPP,” has been sentenced to 40 months in a U.S. prison for selling financial data and login credentials on the criminal marketplace Slilpp.
Cyware News – Latest Cyber News – Read More
Why Are Organizations Losing the Ransomware Battle?
/in General NewsInstitutionalizing and sustaining fundamental cybersecurity practices requires a commitment to ongoing vigilance, active management, and a comprehensive understanding of evolving threats.
darkreading – Read More
Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security?
/in General NewsSecurity leaders are facing big decisions about how they use their monetary and people resources to better secure their environments.
The post Consolidation vs. Optimization: Which Is More Cost-Effective for Improved Security? appeared first on SecurityWeek.
SecurityWeek – Read More
Multi-Stage ValleyRAT Targets Chinese Users with Advanced Tactics
/in General NewsChinese-speaking users are the target of an ongoing campaign that distributes malware known as ValleyRAT.
“ValleyRAT is a multi-stage malware that utilizes diverse techniques to monitor and control its victims and deploy arbitrary plugins to cause further damage,” Fortinet FortiGuard Labs researchers Eduardo Altares and Joie Salvio said.
“Another noteworthy characteristic of this malware is its
The Hacker News – Read More
It’s Time to Stop Thinking of Threat Groups as Supervillains, Experts Say
/in General NewsCISA Director Jen Easterly highlighted the importance of not glamorizing threat actors, urging defenders to focus on detecting and responding to malicious tactics rather than being fixated on the threat groups themselves.
Cyware News – Latest Cyber News – Read More
New Banshee Stealer macOS Malware Priced at $3,000 Per Month
/in General NewsRussian cybercriminals are advertising a new macOS malware, Banshee Stealer, capable of stealing passwords, browser data, and crypto wallets.
The post New Banshee Stealer macOS Malware Priced at $3,000 Per Month appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Attackers Introduce New EDR Killer to Disable Protection on Compromised Hosts
/in General NewsA cybercrime group linked to RansomHub ransomware has been seen using a new EDR-killing tool, named EDRKillShifter, to disable endpoint detection and response software on compromised hosts.
Cyware News – Latest Cyber News – Read More
The Hidden Security Gaps in Your SaaS Apps: Are You Doing Due Diligence?
/in General NewsSaaS applications have become indispensable for organizations aiming to enhance productivity and streamline operations. However, the convenience and efficiency these applications offer come with inherent security risks, often leaving hidden gaps that can be exploited. Conducting thorough due diligence on SaaS apps is essential to identify and mitigate these risks, ensuring the protection of your
The Hacker News – Read More