BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Major Security Update: Chrome Patches Critical Out-of-Bounds Vulnerability
/in General NewsNot too long ago, we discovered a critical security flaw in Firefox. This week, Chrome is addressing fixes for yet more critical vulnerabilities. Google recently patched vulnerabilities in its Chrome browser, one of which was marked as critical, tracked as CVE-2024-10487. The vulnerability allowed remote attackers to perform out-of-bounds memory access via a crafted HTML page.
Source
TechSplicer – Read More
New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites
/in General NewsCybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024.
Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services
The Hacker News – Read More
Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar
/in General NewsDid you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day.
These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage.
Cybersecurity and IT
The Hacker News – Read More
Stop LUCR-3 Attacks: Learn Key Identity Security Tactics in This Expert Webinar
/in General NewsDid you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day.
These attackers exploit vulnerabilities in SaaS and cloud environments, using compromised identities to move laterally within networks, causing widespread damage.
Cybersecurity and IT
The Hacker News – Read More
New Phishing Kit Xiū gǒu Targets Users Across Five Countries With 2,000 Fake Sites
/in General NewsCybersecurity researchers have disclosed a new phishing kit that has been put to use in campaigns targeting Australia, Japan, Spain, the U.K., and the U.S. since at least September 2024.
Netcraft said more than 2,000 phishing websites have been identified the kit, known as Xiū gǒu, with the offering used in attacks aimed at a variety of verticals, such as public sectors, postal, digital services
The Hacker News – Read More
A Step-by-Step Guide to How Threat Hunting Works
/in General NewsStay ahead of cybercrime with proactive threat hunting. Learn how threat hunters identify hidden threats, protect critical systems,…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Facebook Businesses Targeted in Infostealer Phishing Campaign
/in General NewsThe threat actors deceive their victims by impersonating the legal teams of companies, well-known Web stores, and manufacturers.
darkreading – Read More
Cybersecurity Job Market Stagnates, Dissatisfaction Abounds
/in General NewsThe 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders’ favor?
darkreading – Read More
FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider
/in General NewsThe hacking group’s goal was to “display photo montages denouncing the participation of Israeli athletes in the 2024 Olympic and Paralympic Games,” the FBI said.
The Record from Recorded Future News – Read More
Microsoft delays its troubled AI-powered Recall feature yet again
/in General NewsMicrosoft needs ‘additional time to refine’ Recall. Here’s the new target date for rollout and what else we know.
Latest stories for ZDNET in Security – Read More