BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Google Detects 4th Chrome Zero-Day in May Actively Under Attack – Update ASAP
/in General NewsGoogle on Thursday rolled out fixes to address a high-severity security flaw in its Chrome browser that it said has been exploited in the wild.
Assigned the CVE identifier CVE-2024-5274, the vulnerability relates to a type confusion bug in the V8 JavaScript and WebAssembly engine. It was reported by Clément Lecigne of Google’s Threat Analysis Group and Brendon Tiszka of
The Hacker News – Read More
Courtroom Software Backdoored to Deliver RustDoor Malware in Supply Chain Attack
/in General NewsMalicious actors have backdoored the installer associated with courtroom video recording software developed by Justice AV Solutions (JAVS) to deliver malware that’s associated with a known backdoor called RustDoor.
The software supply chain attack, tracked as CVE-2024-4978, impacts JAVS Viewer v8.3.7, a component of the JAVS Suite 8 that allows users to create, manage, publish,
The Hacker News – Read More
US Man Gets 10 Years for Laundering Cash From Online Fraud
/in General NewsGeorgia resident Malachi Mullings received a decade-long sentence for laundering money scored in scams against healthcare providers, private companies, and individuals to the tune of $4.5 million.
Cyware News – Latest Cyber News – Read More
Japanese Experts Warn of BLOODALCHEMY Malware Targeting Government Agencies
/in General NewsCybersecurity researchers have discovered that the malware known as BLOODALCHEMY used in attacks targeting government organizations in Southern and Southeastern Asia is in fact an updated version of Deed RAT, which is believed to be a successor to ShadowPad.
“The origin of BLOODALCHEMY and Deed RAT is ShadowPad and given the history of ShadowPad being utilized in numerous APT
The Hacker News – Read More
Google Patches Fourth Chrome Zero-Day in Two Weeks
/in General NewsExploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine.
The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek.
SecurityWeek – Read More
Pakistani-Aligned APT36 Targets Indian Defense Organizations
/in General NewsA politically motivated hacking group aligned with Pakistani interests is matching the Indian military’s shift away from the Windows operating system with a heavy focus on malware encoded for Linux.
Cyware News – Latest Cyber News – Read More
UK Government in $10.8m Bid to Tackle AI Cyber-Threats
/in General NewsThe research program will be led by researcher Shahar Avin at the government’s AI Safety Institute and delivered in partnership with UK Research and Innovation and The Alan Turing Institute.
Cyware News – Latest Cyber News – Read More
Why Shareable SBOMs are Essential for Software Security
/in General NewsDevelopment teams need to plan ahead and create shareable SBOMs that are standardized in a format that’s readily consumable while also establishing scalable systems for attestation, access management, and data verification, among other factors.
Cyware News – Latest Cyber News – Read More
Report Reveals 341% Rise in Advanced Phishing Attacks
/in General NewsSecurity experts from SlashNext have reported a 341% increase in malicious phishing links, business email compromise (BEC), QR code, and attachment-based threats in the past six months.
Cyware News – Latest Cyber News – Read More
Hacktivists Turn to Ransomware in Attacks on Philippines Government
/in General NewsHacktivist operations are using leaked ransomware builders to launch attacks on critical infrastructure in the Philippines — part of a trend among politically motivated groups who are increasingly trying to disrupt life in the Southeast Asian nation.
Cyware News – Latest Cyber News – Read More