BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
CERT-UA Warns of Malware Campaign Conducted by Threat Actor UAC-0006
/in General NewsSmokeLoader acts as a loader for other malware, once it is executed it will inject malicious code into the currently running explorer process (explorer.exe) and download another payload to the system.
Cyware News – Latest Cyber News – Read More
Researchers Warn of CatDDoS Botnet and DNSBomb DDoS Attack Technique
/in General NewsThe threat actors behind the CatDDoS malware botnet have exploited over 80 known security flaws in various software over the past three months to infiltrate vulnerable devices and co-opt them into a botnet for conducting distributed denial-of-service (DDoS) attacks.
“CatDDoS-related gangs’ samples have used a large number of known vulnerabilities to deliver samples,” the QiAnXin XLab team
The Hacker News – Read More
What is an Infosec Audit and Why Does Your Company Need One?
/in General NewsBy Uzair Amir
Uncover IT security weaknesses and ensure compliance with infosec audits. Regular audits protect your data from breaches &…
This is a post from HackRead.com Read the original post: What is an Infosec Audit and Why Does Your Company Need One?
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Data Stolen From MediSecure for Sale on Dark Web
/in General NewsA threat actor is asking $50,000 for data allegedly stolen from Australian digital prescription services provider MediSecure.
The post Data Stolen From MediSecure for Sale on Dark Web appeared first on SecurityWeek.
SecurityWeek – Read More
2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx
/in General NewsPharmacy prescription services provider Sav-Rx says the personal information of 2.8 million was stolen in a cyberattack.
The post 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx appeared first on SecurityWeek.
SecurityWeek – Read More
Cops Are Just Trolling Cybercriminals Now
/in General NewsPolice are using subtle psychological operations against ransomware gangs to sow distrust in their ranks—and trick them into emerging from the shadows.
Security Latest – Read More
Digital ID Adoption: Implementation and Security Concerns
/in General NewsAs digital transformation accelerates, understanding how businesses are preparing for and implementing digital ID technologies is crucial for staying ahead in security and efficiency, according to Regula.
Cyware News – Latest Cyber News – Read More
SingCERT Warns Critical Vulnerabilities Found in Multiple WordPress Plugins
/in General NewsSecurity updates have been promptly released to address these critical vulnerabilities in multiple WordPress plugins. SingCERT reported 9 critical plugin vulnerabilities and shared the mitigation strategies to avoid exploration by threat actors.
Cyware News – Latest Cyber News – Read More
White House Announces Plans to Revamp Data Routing Security by Year-End
/in General NewsThe augmentations concern the Border Gateway Protocol, a backbone data transmission algorithm that determines the optimal path for data packets to move across networks, said National Cyber Director Harry Coker
Cyware News – Latest Cyber News – Read More
Usage of TLS in DDNS Services leads to Information Disclosure in Multiple Vendors
/in General NewsWhen DDNS is combined with automatic TLS certificate generation using ACME clients, the public Certificate Transparency logs can be abused by attackers to find vulnerable devices en masse.
Cyware News – Latest Cyber News – Read More