BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Get on Cybersecurity Certification Track With $145 Off These Courses
/in General NewsThis $50 bundle can get you five courses to enable you to earn CompTIA, NIST and more leading cybersecurity certifications that will help you build a career.
Security | TechRepublic – Read More
Cloud Security Incidents Make Organizations Turn to AI-Powered Prevention
/in General NewsOrganizations are increasingly using AI-powered measures to address the rise in cloud security incidents, as traditional tools struggle to keep up with rapid technological advancements and sophisticated cyber threats.
Cyware News – Latest Cyber News – Read More
Microsoft Has Yet to Patch 7 Pwn2Own Zero-Days
/in General NewsA number of serious Windows bugs still haven’t made their way into criminal circles, but that won’t remain the case forever — and time is running short before ZDI releases exploit details.
darkreading – Read More
Microsoft Quick Assist Tool Abused for Ransomware Delivery
/in General NewsThe Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.
The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.
SecurityWeek – Read More
Remote-Access Tools the Intrusion Point to Blame for Most Ransomware Attacks
/in General NewsAs per cybersecurity insurance firm At-Bay, remote-access tools, particularly self-managed VPNs from Cisco and Citrix, were the primary intrusion point for most ransomware attacks in 2023, accounting for over 60% of incidents.
Cyware News – Latest Cyber News – Read More
Critical Git Vulnerability Allows RCE When Cloning Repositories With Submodules
/in General NewsThe vulnerability can be exploited on multi-user machines, where an attacker can prepare a local repository to look like a partial clone that is missing an object, causing Git to execute arbitrary code during the clone operation.
Cyware News – Latest Cyber News – Read More
New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data
/in General NewsThe Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.
The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek.
SecurityWeek – Read More
Kimsuky APT Deploying Linux Backdoor Gomir in South Korean Cyber Attacks
/in General NewsThe Kimsuky (aka Springtail) advanced persistent threat (APT) group, which is linked to North Korea’s Reconnaissance General Bureau (RGB), has been observed deploying a Linux version of its GoBear backdoor as part of a campaign targeting South Korean organizations.
The backdoor, codenamed Gomir, is “structurally almost identical to GoBear, with extensive sharing of code between
The Hacker News – Read More
Cybersecurity Analysis Exposes High-Risk Assets in Power and Healthcare Sectors
/in General NewsTraditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty.
Cyware News – Latest Cyber News – Read More
GhostSec Announces Shift in Operations from Ransomware to Hacktivism
/in General NewsThe cybercriminal group GhostSec has shifted from ransomware to hacktivism, stating they’ve gathered enough funds and will now focus on promoting social and political agendas through hacking.
Cyware News – Latest Cyber News – Read More