BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
How to Build Your Autonomous SOC Strategy
/in General NewsSecurity leaders are in a tricky position trying to discern how much new AI-driven cybersecurity tools could actually benefit a security operations center (SOC). The hype about generative AI is still everywhere, but security teams have to live in reality. They face constantly incoming alerts from endpoint security platforms, SIEM tools, and phishing emails reported by internal users. Security
The Hacker News – Read More
Shady ‘Merry-Go-Round’ Ad Fraud Network Leaves Orgs Hemorrhaging Cash
/in General NewsStealthy ad fraud rings turn legitimate marketing into spam at a large scale, creating 200M+ bid requests daily.
darkreading – Read More
4 Security Questions to Ask Your Enterprise Generative AI Provider
/in General NewsSecurity teams should understand their providers’ approach to data privacy, transparency, user guidance, and secure design and development.
darkreading – Read More
8 Degrees of Secure Access Service Edge
/in General NewsAssembling a diverse team, outlining clear objectives, and meticulously assessing your network landscape can enable organizations to successfully navigate SASE migration without hiccups and pitfalls.
The post 8 Degrees of Secure Access Service Edge appeared first on SecurityWeek.
SecurityWeek – Read More
Europol Shuts Down 100+ Servers Linked to IcedID, TrickBot, and Other Malware
/in General NewsEuropol on Thursday said it shut down the infrastructure associated with several malware loader operations such as IcedID, SystemBC, PikaBot, SmokeLoader, Bumblebee, and TrickBot as part of a coordinated law enforcement effort codenamed Operation Endgame.
“The actions focused on disrupting criminal services through arresting High Value Targets, taking down the criminal infrastructures and
The Hacker News – Read More
Number of People Impacted by FBCS Data Breach Increases to 3.2 Million
/in General NewsThe data breach at debt collection agency Financial Business and Consumer Solutions (FBCS) impacts 3.2 million individuals.
The post Number of People Impacted by FBCS Data Breach Increases to 3.2 Million appeared first on SecurityWeek.
SecurityWeek – Read More
Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication
/in General NewsOkta raises the alarm on credential stuffing attacks targeting endpoints used for cross-origin authentication.
The post Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication appeared first on SecurityWeek.
SecurityWeek – Read More
Do VPNs Change or Hide Your IP Address?
/in General NewsWill a virtual private network change your IP address? Find out in this article and discover what a VPN doesn’t hide.
Security | TechRepublic – Read More
The Unusual Espionage Act Case Against a Drone Photographer
/in General NewsIn seemingly the first case of its kind, the US Justice Department has charged a Chinese national with using a drone to photograph a Virginia shipyard where the US Navy was assembling nuclear submarines.
Security Latest – Read More
Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested
/in General NewsThe US announced that the 911 S5 (Cloud Router) botnet, likely the world’s largest, has been dismantled and its administrator arrested.
The post Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested appeared first on SecurityWeek.
SecurityWeek – Read More