BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Google Warns of Iranian Hackers Targeting Affiliates of Both US Presidential Campaigns
/in General NewsIranian hackers linked to the government of Iran have increased their phishing attacks on high-profile individuals in the U.S. and Israel, including those affiliated with U.S. presidential campaigns, according to Google.
Cyware News – Latest Cyber News – Read More
IBM to set up ‘full stack’ AI facility at university
/in General NewsLocated at the National University of Singapore, the AI research and development center will focus on sustainability and safety.
Latest stories for ZDNET in Security – Read More
New Banshee Stealer Targets 100+ Browser Extensions on Apple macOS Systems
/in General NewsCybersecurity researchers have uncovered new stealer malware that’s designed to specifically target Apple macOS systems.
Dubbed Banshee Stealer, it’s offered for sale in the cybercrime underground for a steep price of $3,000 a month and works across both x86_64 and ARM64 architectures.
“Banshee Stealer targets a wide range of browsers, cryptocurrency wallets, and around 100 browser
The Hacker News – Read More
Kiteworks Captures $456M at a $1B+ Valuation to Help Secure Sensitive Data
/in General NewsKiteworks (formerly Accellion) secured $456 million in private equity funding. The investment from Insight Partners and Sixth Street Growth will support Kiteworks’ acquisitions, including four smaller enterprise startups since 2022.
Cyware News – Latest Cyber News – Read More
An Analysis of Common Malware Loaders
/in General NewsIn 2024, loaders were involved in nearly 40% of critical security incidents, with popular ones being SocGholish, GootLoader, and Raspberry Robin, aiming to deliver malware like ransomware, according to Reliaquest.
Cyware News – Latest Cyber News – Read More
SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day
/in General NewsThe US cybersecurity agency CISA warns that a recent SolarWinds Web Help Desk vulnerability has been exploited in the wild.
The post SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day appeared first on SecurityWeek.
SecurityWeek – Read More
Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments
/in General NewsCybercriminals are infiltrating organizations’ cloud storage containers, stealing sensitive data, and sometimes being paid off by the victims to keep the data private. According to Palo Alto Networks, the attackers likely used automation techniques.
Cyware News – Latest Cyber News – Read More
Highly-Personalized Phishing Campaign Targets Russian Government Dissidents
/in General NewsA spear-phishing campaign targeting Russian government dissidents and Western organizations, attributed to the Russian FSB and threat actor COLDRIVER, uses personalized social engineering tactics to gain access to online accounts.
Cyware News – Latest Cyber News – Read More
M&A Activity can Amplify Ransomware Insurance Losses, Research Finds
/in General NewsM&A activity can increase ransomware insurance losses, with the severity of claims rising over 400% from 2022 to 2023, according to research by cyber risk company Resilience.
Cyware News – Latest Cyber News – Read More
Copy2Pwn Zero-Day Exploited to Bypass Windows Protections
/in General NewsZDI details a zero-day named Copy2Pwn and tracked as CVE-2024-38213, which cybercriminals exploited to bypass MotW protections in Windows.
The post Copy2Pwn Zero-Day Exploited to Bypass Windows Protections appeared first on SecurityWeek.
SecurityWeek – Read More