BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
LilacSquid APT Employs Open Source Tools, QuasarRAT
/in General NewsThe previously unknown threat actor uses tools similar to those used by North Korean APT groups, according to Cisco Talos.
darkreading – Read More
CISO Corner: Federal Cyber Deadlines Loom; Private Chatbot Danger
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: fighting cybersecurity burnout; BlackSuit ransomware; the SEC breach rules and risk management.
darkreading – Read More
BBC Breach Puts 25K Pension Scheme Members at Risk
/in General NewsThough information such as dates of birth, email addresses, and home addresses were compromised, “the Beeb” assures individuals that financial information is still protected.
darkreading – Read More
Keep your iPhone super secure. This app shows you how
/in General NewsThis iOS security scanner delivers a crash course in protecting your iPhone or iPad. In fact, iVerify does a much better job of explaining new iOS features and security than Apple does.
Latest stories for ZDNET in Security – Read More
OpenAI Disrupts 5 AI-Powered, State-Backed Influence Ops
/in General NewsMost of the operations were feckless efforts with little impact, but they illustrate how AI is changing the game for inauthentic content on both the adversary and defense sides.
darkreading – Read More
Mysterious Cyber Attack Took Down 600,000+ Routers in the U.S.
/in General NewsMore than 600,000 small office/home office (SOHO) routers are estimated to have been bricked and taken offline following a destructive cyber attack staged by unidentified cyber actors, disrupting users’ access to the internet.
The mysterious event, which took place between October 25 and 27, 2023, and impacted a single internet service provider (ISP) in the U.S., has been codenamed Pumpkin
The Hacker News – Read More
FlyingYeti APT Serves Up Cookbox Malware Using WinRAR
/in General NewsThe Russia-aligned FlyingYeti’s phishing campaign exploited Ukrainian citizens’ financial stress to spread Cookbox malware.
darkreading – Read More
The NSA advises you to turn your phone off and back on once a week – here’s why
/in General NewsPowering off your phone regularly, disabling Bluetooth when it’s not needed, and using only trusted accessories are just some of the NSA’s security recommendations.
Latest stories for ZDNET in Security – Read More
Microsoft Warns of Surge in Cyber Attacks Targeting Internet-Exposed OT Devices
/in General NewsMicrosoft has emphasized the need for securing internet-exposed operational technology (OT) devices following a spate of cyber attacks targeting such environments since late 2023.
“These repeated attacks against OT devices emphasize the crucial need to improve the security posture of OT devices and prevent critical systems from becoming easy targets,” the Microsoft Threat Intelligence team said.
The Hacker News – Read More
Data Privacy in the Age of GenAI
/in General NewsConsumer data is still a prime target for threat actors, and organizational consumption of data must be aligned to protecting it. The new rights act seeks to do some of this, but it still needs tweaking.
darkreading – Read More