BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article
/in General NewsNoteworthy stories that might have slipped under the radar: FBI conducted over 30 ransomware disruption operations this year, Windows Recall delayed until December, CrowdStrike responds to a Bloomberg article.
The post In Other News: FBI’s Ransomware Disruptions, Recall Delayed Again, CrowdStrike Responds to Bloomberg Article appeared first on SecurityWeek.
SecurityWeek – Read More
Young people’s data feared stolen in cyberattack on French government contractor
/in General NewsThe French government said an incident directly impacted an unnamed service provider used by the network of “Local Missions” — places that offer advice and support to people between the ages of 16 and 25 about work and training.
The Record from Recorded Future News – Read More
US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras
/in General NewsThe US and Israel have published an advisory describing the latest activities of Iranian cyber firm Emennet Pasargad, now called Aria Sepehr Ayandehsazan.
The post US, Israel Describe Iranian Hackers’ Targeting of Olympics, Surveillance Cameras appeared first on SecurityWeek.
SecurityWeek – Read More
Massive Git Config Breach Exposes 15,000 Credentials; 10,000 Private Repos Cloned
/in General NewsCybersecurity researchers have flagged a “massive” campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code.
The activity, codenamed EMERALDWHALE, is estimated to have collected over 10,000 private repositories and stored in an Amazon S3 storage bucket belonging to a prior victim. The bucket,
The Hacker News – Read More
Microsoft Warns of Chinese Botnet Exploiting Router Flaws for Credential Theft
/in General NewsMicrosoft has revealed that a Chinese threat actor it tracks as Storm-0940 is leveraging a botnet called Quad7 to orchestrate highly evasive password spray attacks.
The tech giant has given the botnet the name CovertNetwork-1658, stating the password spray operations are used to steal credentials from multiple Microsoft customers.
“Active since at least 2021, Storm-0940 obtains initial access
The Hacker News – Read More
Passkeys are more popular than ever. This research explains why
/in General NewsSome 57% of people surveyed this year for a FIDO Alliance report are aware of passkeys, up from 39% just two years ago.
Latest stories for ZDNET in Security – Read More
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
/in General NewsA vulnerability categorized as “critical” in a photo app installed by default on Synology network-attached storage devices could give attackers the ability to steal data and worse.
Security Latest – Read More
Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets
/in General NewsLottieFiles has confirmed that Lottie-Player has been compromised in a supply chain attack whose goal is cryptocurrency theft.
The post Lottie-Player Supply Chain Attack Targets Cryptocurrency Wallets appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Delays Windows Copilot+ Recall Release Over Privacy Concerns
/in General NewsMicrosoft is further delaying the release of its controversial Recall feature for Windows Copilot+ PCs, stating it’s taking the time to improve the experience.
The development was first reported by The Verge. The artificial intelligence-powered tool was initially slated for a preview release starting in October.
“We are committed to delivering a secure and trusted experience with Recall,” the
The Hacker News – Read More
Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital
/in General NewsBugcrowd has secured $50 million in growth capital facility from Silicon Valley Bank for expansion and innovation.
The post Bug Bounty Platform Bugcrowd Secures $50 Million in Growth Capital appeared first on SecurityWeek.
SecurityWeek – Read More