BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Mastermind Behind Biden AI Deepfake Indicted for Robocall Scheme
/in General NewsThe political consultant who wrote the script and paid for the deepfake audio used in robocalls was fined $6 million by the FCC.
darkreading – Read More
Exploit for Fortinet Critical RCE Bug Allows SIEM Root Access
/in General NewsCorporate admins should patch the max-severity CVE-2024-23108 immediately, which allows unauthenticated command injection.
darkreading – Read More
Cybercriminals Abuse StackOverflow to Promote Malicious Python Package
/in General NewsCybersecurity researchers have warned of a new malicious Python package that has been discovered in the Python Package Index (PyPI) repository to facilitate cryptocurrency theft as part of a broader campaign.
The package in question is pytoileur, which has been downloaded 316 times as of writing. Interestingly, the package author, who goes by the name PhilipsPY, has uploaded a new version of the
The Hacker News – Read More
Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered
/in General NewsBy Waqas
Cybersecurity researchers at Bitdefender have found a surge in malware and phishing attacks on Discord, noting 50,000 malicious…
This is a post from HackRead.com Read the original post: Surge in Discord Malware Attacks as 50,000 Malicious Links Uncovered
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Check Point Warns of Zero-Day Attacks on its VPN Gateway Products
/in General NewsCheck Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild.
Tracked as CVE-2024-24919, the issue impacts CloudGuard Network, Quantum Maestro, Quantum Scalable Chassis, Quantum Security Gateways, and Quantum Spark appliances.
“The vulnerability potentially allows an attacker to read certain information on
The Hacker News – Read More
BlackSuit Claims Dozens of Victims With Carefully Curated Ransomware
/in General NewsResearchers went in-depth on an attack by the threat group, which mainly targets US companies in the education and industrial goods sectors, specifically to maximize financial gain.
darkreading – Read More
Transcend Raises $40 Million for Data Privacy Platform
/in General NewsSan Francisco data privacy startup Transcend secures 40 million in a Series B funding round that brings the total raised to $90 million.
The post Transcend Raises $40 Million for Data Privacy Platform appeared first on SecurityWeek.
SecurityWeek – Read More
Brazilian Banks Targeted by New AllaKore RAT Variant Called AllaSenha
/in General NewsBrazilian banking institutions are the target of a new campaign that distributes a custom variant of the Windows-based AllaKore remote access trojan (RAT) called AllaSenha.
The malware is “specifically aimed at stealing credentials that are required to access Brazilian bank accounts, [and] leverages Azure cloud as command-and-control (C2) infrastructure,” French cybersecurity company HarfangLab
The Hacker News – Read More
Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution
/in General NewsVulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution.
The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek.
SecurityWeek – Read More
US Sanctions Three Chinese Men for Operating 911 S5 Botnet
/in General NewsThe US government has announced sanctions against three Chinese nationals accused of creating and operating the 911 S5 proxy botnet.
The post US Sanctions Three Chinese Men for Operating 911 S5 Botnet appeared first on SecurityWeek.
SecurityWeek – Read More