BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
An American Company Enabled a North Korean Scam That Raised Money for WMDs
/in General NewsWyoming’s secretary of state has proposed ways of “preventing fraud and abuse of corporate filings by commercial registered agents” in the aftermath of the scheme’s exposure.
Security Latest – Read More
London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack
/in General NewsSeveral hospitals in London have canceled operations and appointments after being hit in a ransomware attack.
The post London Hospitals Cancel Operations and Appointments After Being Hit in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
The Age of the Drone Police Is Here
/in General NewsA WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone program in the US—and why your city could be next.
Security Latest – Read More
Cisco Patches Webex Bugs Following Exposure of German Government Meetings
/in General NewsCisco has released a security advisory after researchers discovered that the German government’s Webex meetings were exposed.
The post Cisco Patches Webex Bugs Following Exposure of German Government Meetings appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Gang Leaks Data From Australian Mining Company
/in General NewsThe BianLian ransomware gang has leaked data allegedly stolen from Australian mining company Northern Minerals.
The post Ransomware Gang Leaks Data From Australian Mining Company appeared first on SecurityWeek.
SecurityWeek – Read More
Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models
/in General NewsZyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that have currently reached end-of-life (EoL) status.
Successful exploitation of three of the five vulnerabilities could permit an unauthenticated attacker to execute operating system (OS) commands and arbitrary code on affected installations.
Impacted models include NAS326
The Hacker News – Read More
Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
/in General NewsPopular video-sharing platform TikTok has acknowledged a security issue that has been exploited by threat actors to take control of high-profile accounts on the platform.
The development was first reported by Semafor and Forbes, which detailed a zero-click account takeover campaign that allows malware propagated via direct messages to compromise brand and celebrity accounts without having to
The Hacker News – Read More
Africa Ranks Low on Phishing Cyber Resilience
/in General NewsAs threats to Africa’s cybersphere continue to grow, the continent faces high risks to its society and economy with a growing cyber skills gap and lack of preparedness.
darkreading – Read More
Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
/in General NewsThe campaign uses a multistage payload-delivery process and various mechanisms for evasion and persistence.
darkreading – Read More
‘Fog’ Ransomware Rolls in to Target Education, Recreation Sectors
/in General NewsA new group of hackers is encrypting data in virtual machines, leaving ransom notes, and calling it a day.
darkreading – Read More