BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Cybercriminals Shift Tactics to Pressure More Victims Into Paying Ransoms
/in General NewsCybercriminals’ new tactics led to a 64% increase in ransomware claims in 2023, driven by a 415% rise in “indirect” incidents and remote access vulnerabilities, pressuring more victims to pay ransoms, according to At-Bay.
Cyware News – Latest Cyber News – Read More
Fortinet FortiSIEM Command Injection Flaw (CVE-2023-34992) Deep-Dive
/in General NewsResearchers at Horizon3.ai discovered a critical remote code execution vulnerability (CVE-2023-34992) in Fortinet FortiSIEM, allowing unauthenticated attackers to execute commands as root users and gain access to sensitive information.
Cyware News – Latest Cyber News – Read More
CyberArk Snaps up Venafi for $1.54B to Ramp up in Machine-to-Machine Security
/in General NewsThe acquisition will allow CyberArk to expand its capabilities in securing machine-to-machine communications and address the growing attack surface in the cloud-first, AI-driven, and post-quantum world.
Cyware News – Latest Cyber News – Read More
GitCaught Campaign Leverages GitHub Repositories and Fake Profiles for Malicious Infrastructure
/in General NewsInsikt Group uncovered a sophisticated campaign led by Russian-speaking actors who used GitHub profiles to spoof legitimate software apps and distribute various malware, including Atomic macOS Stealer (AMOS) and Vidar.
Cyware News – Latest Cyber News – Read More
NextGen Healthcare Mirth Connect Under Attack – CISA Issues Urgent Warning
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a security flaw impacting NextGen Healthcare Mirth Connect to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The flaw, tracked as CVE-2023-43208 (CVSS score: N/A), concerns a case of unauthenticated remote code execution arising from an incomplete
The Hacker News – Read More
“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit
/in General NewsCybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution.
The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through
The Hacker News – Read More
DoJ Shakes Up North Korea's Widespread IT Freelance Scam Operation
/in General NewsFraudsters based in the US and Europe indicted for helping North Korea’s nation-state groups establish fake freelancer identities and evade sanctions.
darkreading – Read More
Google Pitches Workspace as Microsoft Email Alternative, Citing CSRB Report
/in General NewsThe new Secure Alternative Program from Google aims to entice customers away from Exchange Online and break Microsoft’s dominance in enterprise.
darkreading – Read More
HP Catches Cybercriminals 'Cat-Phishing' Users
/in General NewsPost Content
darkreading – Read More
Data Breach Response Provider, CyEx, Acquires Settlement Administrator, Simpluris Inc.
/in General NewsPost Content
darkreading – Read More