BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
/in General NewsA newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations’ cloud environments.
“A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume,
The Hacker News – Read More
New Cyber Threat Targets Azerbaijan and Israel Diplomats, Stealing Sensitive Data
/in General NewsA previously unknown threat actor has been attributed to a spate of attacks targeting Azerbaijan and Israel with an aim to steal sensitive data.
The attack campaign, detected by NSFOCUS on July 1, 2024, leveraged spear-phishing emails to single out Azerbaijani and Israeli diplomats. The activity is being tracked under the moniker Actor240524.
“Actor240524 possesses the ability to steal secrets
The Hacker News – Read More
New Gafgyt Botnet Variant Targets Weak SSH Passwords for GPU Crypto Mining
/in General NewsCybersecurity researchers have discovered a new variant of the Gafgyt botnet that’s targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power.
This indicates that the “IoT botnet is targeting more robust servers running on cloud native environments,” Aqua Security researcher Assaf Morag said in a Wednesday analysis.
The Hacker News – Read More
Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity
/in General NewsCisco had 84,900 employees as of July 2023. Based on that figure, the number of jobs cut would be about 5,900.
The post Cisco Cuts Thousands of Jobs, 7% of Workforce, As It Shifts Focus to AI, Cybersecurity appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Group Behind Major Indonesian Attack Wears Many Masks
/in General NewsBrain Cipher made a loud entry to the ransomware scene, but it doesn’t seem to be quite as sophisticated as its accomplishment would suggest.
darkreading – Read More
A Single Iranian Hacker Group Targeted Both Presidential Campaigns, Google Says
/in General NewsAPT42, which is believed to work for Iran’s Revolutionary Guard Corps, targeted about a dozen people associated with both Trump’s and Biden’s campaigns this spring, according to Google’s Threat Analysis Group.
Security Latest – Read More
Risk Management Strategies: Incorporating Cloud WAFs into Your Plan
/in General NewsIn today’s digital world, protecting your online assets is more critical than ever. As cyber threats grow increasingly…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
‘EastWind’ Cyber-Spy Campaign Combines Various Chinese APT Tools
/in General NewsThe likely China-linked campaign is deploying CloudSorcerer and other proprietary binaries belonging to known state-sponsored groups, showing how advanced persistent threat groups often collaborate with each other.
darkreading – Read More
CBA’s x15ventures Set to Lead in Fintech AI Innovation
/in General NewsCBA’s x15ventures is transforming fintech AI with its Xccelerate program, boosting innovation and setting new industry benchmarks in AI technology.
Security | TechRepublic – Read More
Microsoft Patched 6 Actively Exploited Zero-Day Flaws
/in General NewsPatch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium.
Security | TechRepublic – Read More