BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Ransomware Group Claims Cyberattack on Frontier Communications
/in General NewsThe RansomHub ransomware group claims to have stolen the information of over 2 million Frontier Communications customers.
The post Ransomware Group Claims Cyberattack on Frontier Communications appeared first on SecurityWeek.
SecurityWeek – Read More
Snowflake Warns: Targeted Credential Theft Campaign Hits Cloud Customers
/in General NewsCloud computing and analytics company Snowflake said a “limited number” of its customers have been singled out as part of a targeted campaign.
“We have not identified evidence suggesting this activity was caused by a vulnerability, misconfiguration, or breach of Snowflake’s platform,” the company said in a joint statement along with CrowdStrike and Google-owned Mandiant.
“We have not identified
The Hacker News – Read More
AI Is Your Coworker Now. Can You Trust It?
/in General NewsGenerative AI tools such as OpenAI’s ChatGPT and Microsoft’s Copilot are becoming part of everyday business life. But they come with privacy and security considerations you should know about.
Security Latest – Read More
Inside the Biggest FBI Sting Operation in History
/in General NewsWhen a drug kingpin named Microsoft tried to seize control of an encrypted phone company for criminals, he was playing right into its real owners’ hands.
Security Latest – Read More
Cybersecurity M&A Roundup: 28 Deals Announced in May 2024
/in General NewsRoundup of the more than two dozen cybersecurity-related merger and acquisition (M&A) deals announced in May 2024.
The post Cybersecurity M&A Roundup: 28 Deals Announced in May 2024 appeared first on SecurityWeek.
SecurityWeek – Read More
Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking
/in General NewsCox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems.
The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek.
SecurityWeek – Read More
Russians Love YouTube. That’s a Problem for the Kremlin
/in General NewsYouTube remains the only major US-based social media platform available in Russia. It’s become “indispensable” to everyday people, making a ban tricky. Journalists and dissidents are taking advantage.
Security Latest – Read More
37 Vulnerabilities Patched in Android
/in General NewsAndroid’s June 2024 security update resolves 37 vulnerabilities, including high-severity flaws in Framework and System.
The post 37 Vulnerabilities Patched in Android appeared first on SecurityWeek.
SecurityWeek – Read More
DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks
/in General NewsCyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve.
The updates have been observed in version 6 of DarkGate released in March 2024 by its developer RastaFarEye, who
The Hacker News – Read More
Oracle WebLogic Server OS Command Injection Flaw Under Active Attack
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Oracle WebLogic Server to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2017-3506 (CVSS score: 7.4), the issue concerns an operating system (OS) command injection vulnerability that could be exploited to obtain unauthorized
The Hacker News – Read More