BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Russian-Linked Hackers Target Eastern European NGOs and Media
/in General NewsRussian and Belarusian non-profit organizations, Russian independent media, and international non-governmental organizations active in Eastern Europe have become the target of two separate spear-phishing campaigns orchestrated by threat actors whose interests align with that of the Russian government.
While one of the campaigns – dubbed River of Phish – has been attributed to COLDRIVER, an
The Hacker News – Read More
How Can Organizations Navigate SEC’s Cyber Materiality Disclosures?
/in General NewsInconsistencies and lack of information in cybersecurity disclosures highlight the need for organizations to establish a robust materiality assessment framework.
darkreading – Read More
Nearly All Google Pixel Phones Are Left Exposed by Unpatched Flaw in Hidden Android App
/in General NewsA fix is coming, but data analytics giant Palantir says it’s ditching Android devices altogether because Google’s response to the vulnerability has been troubling.
Security Latest – Read More
SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability
/in General NewsSolarWinds has released a hotfix for a critical Java deserialization remote code execution vulnerability in Web Help Desk.
The post SolarWinds Issues Hotfix for Critical Web Help Desk Vulnerability appeared first on SecurityWeek.
SecurityWeek – Read More
Google Disrupts Iranian Hacking Activity Targeting US Presidential Election
/in General NewsGoogle says it blocked Iranian APT42 hackers from accessing the personal email accounts of individuals affiliated with the US elections.
The post Google Disrupts Iranian Hacking Activity Targeting US Presidential Election appeared first on SecurityWeek.
SecurityWeek – Read More
Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR
/in General NewsPalo Alto Networks has patched multiple vulnerabilities, including ones rated high severity, in several products.
The post Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR appeared first on SecurityWeek.
SecurityWeek – Read More
Identity Threat Detection and Response Solution Guide
/in General NewsThe Emergence of Identity Threat Detection and Response
Identity Threat Detection and Response (ITDR) has emerged as a critical component to effectively detect and respond to identity-based attacks. Threat actors have shown their ability to compromise the identity infrastructure and move laterally into IaaS, Saas, PaaS and CI/CD environments. Identity Threat Detection and Response solutions help
The Hacker News – Read More
RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks
/in General NewsA cybercrime group with links to the RansomHub ransomware has been observed using a new tool designed to terminate endpoint detection and response (EDR) software on compromised hosts, joining the likes of other similar programs like AuKill (aka AvNeutralizer) and Terminator.
The EDR-killing utility has been dubbed EDRKillShifter by cybersecurity company Sophos, which discovered the tool in
The Hacker News – Read More
South Korea Says DPRK Hackers Stole Spy Plane Technical Data
/in General NewsSouth Korea’s ruling party, the People Power Party (PPP), has reported that hackers from North Korea have stolen important technical data related to the country’s main battle tank, the K2, as well as its spy planes known as “Baekdu” and “Geumgang.”
Cyware News – Latest Cyber News – Read More
Private Internet Access (PIA) vs ExpressVPN (2024): Which VPN Is Better?
/in General NewsExpressVPN’s overall polish, fast performance and wider server network give it a slight edge over PIA VPN’s feature-rich and affordable package.
Security | TechRepublic – Read More