BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Cybersecurity Training Resources Often Limited to Developers
/in General NewsWith a lack of cybersecurity awareness training resources for all employees, organizations are more susceptible to being breached or falling short when it comes to preventing threats.
darkreading – Read More
Vishing, Mishing Go Next-Level With FakeCall Android Malware
/in General NewsA new variant of the sophisticated attacker tool gives cybercriminals even more control over victim devices to conduct various malicious activities, including fraud and cyber espionage.
darkreading – Read More
‘We’re a Fortress Now’: The Militarization of US Elections Is Here
/in General NewsFrom bulletproof glass, drones, and snipers to boulders blocking election offices, the US democratic system is bracing for violent attacks in 2024.
Security Latest – Read More
North Korean Group Collaborates with Play Ransomware in Significant Cyber Attack
/in General NewsThreat actors in North Korea have been implicated in a recent incident that deployed a known ransomware family called Play, underscoring their financial motivations.
The activity, observed between May and September 2024, has been attributed to a threat actor tracked as Jumpy Pisces, which is also known as Andariel, APT45, DarkSeoul, Nickel Hyatt, Onyx Sleet (formerly Plutonium), Operation Troy,
The Hacker News – Read More
Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding
/in General NewsMIND has emerged from stealth mode with a data loss prevention (DLP) solution and $11 million in seed funding.
The post Data Loss Prevention Startup MIND Emerges From Stealth With $11M in Funding appeared first on SecurityWeek.
SecurityWeek – Read More
New “Scary” FakeCall Malware Captures Photos and OTPs on Android
/in General NewsA new, more sophisticated variant of the FakeCall malware is targeting Android devices. Learn about the advanced features…
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations
/in General NewsMicrosoft says a new spear-phishing campaign by Russia’s Midnight Blizzard uses RDP files, a new vector for this threat group.
The post Microsoft Warns of Russian Spear-Phishing Attacks Targeting Over 100 Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
When Cybersecurity Tools Backfire
/in General NewsOutages are inevitable. Our focus should be on minimizing their scope, addressing underlying causes, and understanding that protecting systems is about keeping bad actors out while maintaining stability and reliability.
darkreading – Read More
FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities
/in General NewsThe FakeCall Android banking trojan now employs advanced evasion tactics and expanded surveillance capabilities, posing heightened risks for banks and enterprises.
The post FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Colorado Accidentally Put Voting System Passwords Online, but Officials Say Election Is Secure
/in General NewsVoting system passwords were mistakenly put on the Colorado Secretary of State’s website for several months before being spotted and taken down.
The post Colorado Accidentally Put Voting System Passwords Online, but Officials Say Election Is Secure appeared first on SecurityWeek.
SecurityWeek – Read More