BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Judge Denies Class Certification in Blackbaud Hack Lawsuit
/in General NewsThe judge said the plaintiffs did not show an “administratively feasible” way for the court to determine whether a particular individual is a class member without extensive and individualized fact-finding.
Cyware News – Latest Cyber News – Read More
US SEC Approves Wall Street Data Breach Reporting Regs
/in General NewsThe SEC has approved new regulations that require broker-dealers and investment firms to notify their clients within 30 days of detecting a data breach, in an effort to modernize and enhance the protection of consumers’ financial data.
Cyware News – Latest Cyber News – Read More
Latrodectus Malware Loader Emerges as Potential Replacement for IcedID
/in General NewsResearchers have observed a surge in email phishing campaigns delivering Latrodectus, a new malware loader believed to be the successor to the IcedID malware, which is capable of deploying additional payloads such as QakBot, DarkGate, and PikaBot.
Cyware News – Latest Cyber News – Read More
The Importance of Access Controls in Incident Response
/in General NewsAdequate IAM policies are essential for incident management tooling to ensure the right people can quickly address issues without being blocked. Authentication verifies a person’s identity, while authorization manages permissions and access levels.
Cyware News – Latest Cyber News – Read More
What American Enterprises Can Learn From Europe's GDPR Mistakes
/in General NewsAs the US braces for a data privacy overhaul, companies need to update data practices, train staff, and ensuring compliance from the outset to avoid Europe’s costly missteps.
darkreading – Read More
Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies
/in General NewsLinguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE.
The post Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies appeared first on SecurityWeek.
SecurityWeek – Read More
New Antidot Android Malware Poses as Google Update to Steal Funds
/in General NewsBy Waqas
New Android Malware “Antidot” disguises itself as Google Update to steal banking info. Don’t click suspicious update links! Download apps only from Google Play & keep software updated.
This is a post from HackRead.com Read the original post: New Antidot Android Malware Poses as Google Update to Steal Funds
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Kinsing Hacker Group Expands its Cryptoming Botnet Network with More Vulnerability Exploits
/in General NewsThe Kinsing hacker group has demonstrated its ability to continuously evolve and adapt, quickly integrating newly disclosed vulnerabilities into its exploit arsenal to expand its cryptojacking botnet across various operating systems and platforms.
Cyware News – Latest Cyber News – Read More
Android Banking Trojan Antidot Disguised as Google Play Update
/in General NewsAntidot uses overlay attacks and keylogging to target users’ financial data.
darkreading – Read More
Grandoreiro Banking Trojan is Back With Major Updates
/in General NewsThe Grandoreiro banking Trojan has resurfaced with major updates, including enhanced functionality and the ability to target over 1500 global banking applications and websites in more than 60 countries, making it a more potent threat.
Cyware News – Latest Cyber News – Read More