BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Ransomware Attack Disrupts Seattle Public Library Services
/in General NewsThe Seattle Public Library is scrambling to bring systems online after shutting them down to contain a ransomware attack.
The post Ransomware Attack Disrupts Seattle Public Library Services appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Dismantles World’s Largest 911 S5 Botnet, with 19 Million Infected Devices
/in General NewsThe U.S. Department of Justice (DoJ) on Wednesday said it dismantled what it described as “likely the world’s largest botnet ever,” which consisted of an army of 19 million infected devices that was leased to other threat actors to commit a wide array of offenses.
The botnet, which has a global footprint spanning more than 190 countries, functioned as a residential proxy service known as 911 S5.
The Hacker News – Read More
Check Point VPN Attacks Involve Zero-Day Exploited Since April
/in General NewsThe recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.
The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.
SecurityWeek – Read More
Okta Warns of Credential Stuffing Attacks Targeting Customer Identity Cloud
/in General NewsOkta is warning that a cross-origin authentication feature in Customer Identity Cloud (CIC) is susceptible to credential stuffing attacks orchestrated by threat actors.
“We observed that the endpoints used to support the cross-origin authentication feature being attacked via credential stuffing for a number of our customers,” the Identity and access management (IAM) services provider said.
The
The Hacker News – Read More
9 Tips to Avoid Burnout in Cybersecurity
/in General NewsWhen security professionals are at the end of their rope — feeling both mentally and physically exhausted — it’s often because of burnout. Here are ways to combat it.
darkreading – Read More
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem
/in General NewsPost Content
darkreading – Read More
Leak Site BreachForums Springs Back to Life Weeks After FBI Takedown
/in General NewsIt’s unclear whether a dataset for sale on the site allegedly containing data from more than 500 million TicketMaster users is real or just law enforcement bait.
darkreading – Read More
‘Largest Botnet Ever’ Tied to Billions in Stolen Covid-19 Relief Funds
/in General NewsThe US says a Chinese national operated the “911 S5” botnet, which included computers worldwide and was used to file hundreds of thousands of fraudulent Covid claims and distribute CSAM, among other crimes.
Security Latest – Read More
BforeAI Launches PreCrime™ Guarantee Program for Seamless Cyber Risk Coverage
/in General NewsPost Content
darkreading – Read More
Microsoft: ‘Moonstone Sleet’ APT Melds Espionage, Financial Goals
/in General NewsNorth Korea’s newest threat actor uses every trick in the nation-state APT playbook, and most of cybercrime’s tricks, too. It also developed a whole video game company to hide malware.
darkreading – Read More