BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits
/in General NewsNational Public Data (NPD) is at the center of controversy with allegations of a massive data breach involving 2.9 billion records. Despite media coverage and a class action lawsuit, verifiable proof remains scarce
The post Unconfirmed Hack of 2.9 Billion Records at National Public Data Sparks Media Frenzy Amid Lawsuits appeared first on SecurityWeek.
SecurityWeek – Read More
Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data
/in General NewsAzure Health Bot Service vulnerabilities found by Tenable could have been exploited for lateral movement and may have allowed customer data exposure.
The post Azure Health Bot Service Vulnerabilities Possibly Exposed Sensitive Data appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminal Leader ‘J.P.Morgan’ Busted for Pioneering RaaS Model
/in General NewsMaksim Silnikau and his associates are accused of developing and distributing notorious ransomware strains such as Reveton and Ransom Cartel, amongst other criminal acts.
darkreading – Read More
Prolific Malvertising Scammer Arrested and Extradited to US to Face Charges
/in General NewsMaxim Silnikau, a Belarusian-Ukrainian cybercriminal dubbed one of the most prolific Russian-speaking hackers by the UK’s NCA, has been arrested in Spain and extradited to the US.
Cyware News – Latest Cyber News – Read More
Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA
/in General NewsSecurityWeek spoke with Mike Britton, CISO at Abnormal Security, to understand what the company has learned about current social engineering and phishing attacks.
The post Unlocking the Front Door: Phishing Emails Remain a Top Cyber Threat Despite MFA appeared first on SecurityWeek.
SecurityWeek – Read More
Update: New Windows SmartScreen Bypass Exploited as Zero-Day Since March
/in General NewsA security loophole in Windows SmartScreen, known as CVE-2024-38213, was exploited by attackers as a zero-day to bypass protection. Microsoft patched this vulnerability during the June 2024 Patch Tuesday.
Cyware News – Latest Cyber News – Read More
Cybersecurity’s Real Challenge Is Communication, Not Just Technology
/in General NewsBy nurturing a security-centric work culture that involves everybody, organizations can overcome challenges with greater agility and confidence.
darkreading – Read More
Belarusian-Ukrainian Hacker Extradited to U.S. for Ransomware and Cybercrime Charges
/in General NewsA coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups.
Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,
The Hacker News – Read More
How to Augment Your Password Security with EASM
/in General NewsSimply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered,
The Hacker News – Read More
NIST Formalizes World’s First Post-Quantum Cryptography Standards
/in General NewsThe finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).
Cyware News – Latest Cyber News – Read More