BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Singapore to Phase Out One-Time Passwords in Banking
/in General NewsThis decision comes after a warning from the Singapore Police about phishing scams targeting bank customers. Scammers have managed to defraud individuals of over S$600,000 ($445,000) in just a few weeks.
Cyware News – Latest Cyber News – Read More
Huione Guarantee Exposed as a $11 Billion Marketplace for Cybercrime
/in General NewsHuione Guarantee, an online marketplace, is reportedly being used for money laundering, particularly in “pig butchering” investment scams. Victims are tricked into investing in fake sites with high returns.
Cyware News – Latest Cyber News – Read More
Citrix Fixed Critical and High-Severity Bugs in NetScaler Product
/in General NewsThe most severe flaw is an improper authorization issue (CVE-2024-6235) with a CVSS score of 9.4, allowing attackers to access sensitive information through the NetScaler Console IP.
Cyware News – Latest Cyber News – Read More
New Poco RAT Targets Spanish-Speaking Victims in Phishing Campaign
/in General NewsSpanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024.
The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense.
“The majority of the custom code in the malware appears to be focused on anti-analysis,
The Hacker News – Read More
Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool
/in General NewsPalo Alto Networks patched a critical vulnerability in its Expedition tool and addressed the impact of the recently disclosed BlastRADIUS vulnerability.
The post Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool appeared first on SecurityWeek.
SecurityWeek – Read More
New Malware Campaign Targeting Spanish Language Victims and the Mining Sector
/in General NewsPoco RAT was first categorized on February 7, 2024, and has since targeted customers in multiple sectors, with Mining being the primary focus. One company was the most targeted, responsible for 67% of the total volume of campaigns.
Cyware News – Latest Cyber News – Read More
Diversifying Cyber Teams to Tackle Complex Threats
/in General NewsA diverse workforce brings different perspectives, experiences, and problem-solving approaches to the table, enabling teams to identify vulnerabilities and develop more robust defense strategies.
Cyware News – Latest Cyber News – Read More
Universal Code Execution by Chaining Messages in Browser Extensions
/in General NewsCybersecurity analyst Eugene Lim discovered the risk posed by this vulnerability, which hackers can exploit by chaining messaging APIs in browsers and extensions, bypassing security measures like the Same Origin Policy.
Cyware News – Latest Cyber News – Read More
Apple needs to fix this crazy iPhone annoyance
/in General NewsI use my iPhone a lot. But one feature on the device is a massive annoyance and I seriously hope the issue is fixed in the iPhone 16.
Latest news – Read More
VMware Fixed Critical SQL Injection Flaw in Aria Automation Platform
/in General NewsVMware has fixed a high-severity SQL-Injection vulnerability, known as CVE-2024-22280, in its Aria Automation platform. This flaw could allow authenticated users to execute unauthorized database operations through specially crafted SQL queries.
Cyware News – Latest Cyber News – Read More