BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Cybersecurity Job Market Stagnates, Dissatisfaction Abounds
/in General NewsThe 2024 ISC2 Cybersecurity Workforce Study found that amid a tightening job market and dynamic cyber-threat environment, ongoing staffing and skills shortages are putting organizations at serious risk. Can AI move the needle in defenders’ favor?
darkreading – Read More
FBI: Iranian cyber group targeted Summer Olympics with attack on French display provider
/in General NewsThe hacking group’s goal was to “display photo montages denouncing the participation of Israeli athletes in the 2024 Olympic and Paralympic Games,” the FBI said.
The Record from Recorded Future News – Read More
Microsoft delays its troubled AI-powered Recall feature yet again
/in General NewsMicrosoft needs ‘additional time to refine’ Recall. Here’s the new target date for rollout and what else we know.
Latest stories for ZDNET in Security – Read More
Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations
/in General NewsRussian hackers, known as Midnight Blizzard, launch targeted spear-phishing on U.S. officials, exploiting RDP files to gain access to data.
Security | TechRepublic – Read More
Canada Grapples With ‘Second-to-None’ PRC-Backed Threat Actors
/in General NewsChinese APTs lurked in Canadian government networks for five years — and that’s just one among a whole host of threats from Chinese bad actors.
darkreading – Read More
SecjuiceCon 2025
/in General NewsThe first Secjuice conference is an online event for those interested in any aspect of information security, and we’d love for you to attend the virtual conference and learn!
Secjuice is a non-profit, independent and volunteer led publication in the information security space. We are a private members writing club focused on cybersecurity, information security, network security, hacking, cyberwar, and open source intelligence gathering.
We believe that our value as professionals lies in our ability to share our research and knowledge with others through the written word. We mentor hackers, help them prepare their research, polish their articles and translate their skills into commercial writing experience and freelance writing opportunities. Our members feel a strong sense of civic duty, it’s what drives us to spread our knowledge and experiences with our community. Defending the interests of those who hack is within our remit.
Dates
Sunday, March 30, 2025
Venue
An online conference. Registration information will become available in early 2025.
Topics
The conference will cover the following topics:
Call for Presenters
Please visit https://sessionize.com/SecjuiceCon2025/ to submit an abstract. The deadline to submit is 12/31/2024.
Our Sponsors
We thank the following sponsors:
Become a Sponsor
Want to sponsor SecjuiceCon? Please email conference at secjuice dot com to get more details.
Secjuice – Read More
New Xiū gǒu Phishing Kit Hits UK, US, Japan, Australia Across Key Sectors
/in General NewsCybersecurity researchers uncovered the “Xiū gǒu” phishing kit targeting users in the UK, US, Spain, Australia, and Japan.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Shopping scam sprawled across thousands of websites, bilked ‘tens of millions of dollars’
/in General NewsThe crooks hacked legitimate shopping websites and redirected people to fake online shops that sold, but never shipped, hard-to-find items.
The Record from Recorded Future News – Read More
How To Create a Complete GitHub Backup
/in General NewsThe issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days
/in General NewsBritish EDR vendor Sophos details a years-long “cat-and-mouse” tussle with sophisticated Chinese government-backed hackers.
The post Sophos Used Custom Implants to Surveil Chinese Hackers Targeting Firewall Zero-Days appeared first on SecurityWeek.
SecurityWeek – Read More