BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Chinese Duo Indicted for Laundering $73m in Pig Butchering Case
/in General NewsTwo Chinese nationals have been indicted for their alleged involvement in a multimillion-dollar “pig butchering” investment fraud scheme, where they laundered over $73 million through US financial institutions and cryptocurrency wallets.
Cyware News – Latest Cyber News – Read More
Too Many ICS Assets are Exposed to the Public Internet
/in General NewsThe enterprise attack surface is rapidly expanding due to the convergence of IT and OT systems, leading to a large number of ICS assets being exposed to the public internet and creating new vulnerabilities that security teams struggle to manage.
Cyware News – Latest Cyber News – Read More
Iranian MOIS-Linked Hackers Behind Destructive Attacks on Albania and Israel
/in General NewsAn Iranian threat actor affiliated with the Ministry of Intelligence and Security (MOIS) has been attributed as behind destructive wiping attacks targeting Albania and Israel under the personas Homeland Justice and Karma, respectively.
Cybersecurity firm Check Point is tracking the activity under the moniker Void Manticore, which is also known as Storm-0842 (formerly DEV-0842) by
The Hacker News – Read More
Judge Denies Class Certification in Blackbaud Hack Lawsuit
/in General NewsThe judge said the plaintiffs did not show an “administratively feasible” way for the court to determine whether a particular individual is a class member without extensive and individualized fact-finding.
Cyware News – Latest Cyber News – Read More
US SEC Approves Wall Street Data Breach Reporting Regs
/in General NewsThe SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers’ financial data.
Cyware News – Latest Cyber News – Read More
Latrodectus Malware Loader Emerges as Potential Replacement for IcedID
/in General NewsResearchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to the IcedID malware, which is capable of deploying additional payloads such as QakBot, DarkGate, and PikaBot.
Cyware News – Latest Cyber News – Read More
The Importance of Access Controls in Incident Response
/in General NewsAdequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person’s identity, while authorization manages permissions and access levels.
Cyware News – Latest Cyber News – Read More
What American Enterprises Can Learn From Europe's GDPR Mistakes
/in General NewsAs the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe’s costly missteps.
darkreading – Read More
Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies
/in General NewsLinguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE.
The post Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies appeared first on SecurityWeek.
SecurityWeek – Read More
New Antidot Android Malware Poses as Google Update to Steal Funds
/in General NewsBy Waqas
New Android Malware “Antidot” disguises itself as Google Update to steal banking info. Don’t click suspicious update links! Download apps only from Google Play & keep software updated.
This is a post from HackRead.com Read the original post: New Antidot Android Malware Poses as Google Update to Steal Funds
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More