BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Malicious npm Packages Found Using Image Files to Hide Backdoor Code
/in General NewsCybersecurity researchers have identified two malicious packages on the npm package registry that concealed backdoor code to execute malicious commands sent from a remote server.
The packages in question – img-aws-s3-object-multipart-copy and legacyaws-s3-object-multipart-copy – have been downloaded 190 and 48 times each. As of writing, they have been taken down by the npm security team.
“They
The Hacker News – Read More
Hackers Exploit Flaw in Squarespace Migration to Hijack Domains
/in General NewsHackers exploited a flaw to hijack cryptocurrency domains that were migrated from Google Domains to Squarespace.
The post Hackers Exploit Flaw in Squarespace Migration to Hijack Domains appeared first on SecurityWeek.
SecurityWeek – Read More
One of the best-looking hybrid smartwatches is 20% off for Prime Day
/in General NewsPininfarina’s hybrid entry boasts excellent hardware and watch software, with a design that will make you look twice. The Amazon Prime Day deal won’t last as long as the battery.
Latest news – Read More
DNS Hijacks Target Cryptocurrency Platforms Registered With Squarespace
/in General NewsA coordinated wave of DNS hijacking attacks recently targeted decentralized finance (DeFi) cryptocurrency domains. Attackers used the Squarespace registrar to redirect visitors to phishing sites that aimed to steal cryptocurrency and NFTs.
Cyware News – Latest Cyber News – Read More
Disney Investigating Hacker Group’s Data Theft Claims
/in General NewsDisney has launched an investigation after a hacker group named NullBulge leaked data allegedly stolen from the company.
The post Disney Investigating Hacker Group’s Data Theft Claims appeared first on SecurityWeek.
SecurityWeek – Read More
Realm: Open-Source Adversary Emulation Framework
/in General NewsRealm is an open-source adversary emulation framework focused on scalability, reliability, and automation. It features a custom interpreter in Rust, enabling the creation of complex TTPs as code.
Cyware News – Latest Cyber News – Read More
Void Banshee APT Exploits Microsoft MHTML Flaw to Spread Atlantida Stealer
/in General NewsAn advanced persistent threat (APT) group called Void Banshee has been observed exploiting a recently disclosed security flaw in the Microsoft MHTML browser engine as a zero-day to deliver an information stealer called Atlantida.
Cybersecurity firm Trend Micro, which observed the activity in mid-May 2024, the vulnerability – tracked as CVE-2024-38112 – was used as part of a multi-stage attack
The Hacker News – Read More
Three reasons why gamers should be paying close attention to Apple
/in General NewsThe new Game Mode feature turns iPhones and iPads into veritable gaming handhelds, and many new titles look to be coming soon.
Latest news – Read More
Cloudflare reports almost 7% of internet traffic is malicious
/in General NewsFortunately, there are things you can do to help protect yourself and your websites.
Latest news – Read More
Kaspersky Leaving US Following Government Ban
/in General NewsKaspersky is shutting down operations in the US and laying off employees following the recent Commerce Department ban.
The post Kaspersky Leaving US Following Government Ban appeared first on SecurityWeek.
SecurityWeek – Read More