BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Turla Group Deploys LunarWeb and LunarMail Backdoors in Diplomatic Missions
/in General NewsAn unnamed European Ministry of Foreign Affairs (MFA) and its three diplomatic missions in the Middle East were targeted by two previously undocumented backdoors tracked as LunarWeb and LunarMail.
ESET, which identified the activity, attributed it with medium confidence to the Russia-aligned cyberespionage group Turla (aka Iron Hunter, Pensive Ursa, Secret Blizzard, Snake, Uroburos, and Venomous
The Hacker News – Read More
Santander Data Breach Impacts Customers, Employees
/in General NewsThe Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.
The post Santander Data Breach Impacts Customers, Employees appeared first on SecurityWeek.
SecurityWeek – Read More
Scammers are Getting Creative Using Malvertising, Deepfakes, and YouTube
/in General NewsThe Avast Q1 2024 Threat Report highlighted a massive surge in social engineering scams, with a staggering 90% of all mobile and 87% of desktop threats falling into this category.
Cyware News – Latest Cyber News – Read More
Apple Fixes Safari WebKit Zero-Day Flaw Exploited at Pwn2Own
/in General NewsApple patched a zero-day vulnerability (CVE-2024-27834) in Safari that was exploited at the Pwn2Own hacking competition. The vulnerability allowed an attacker to bypass Pointer Authentication Codes (PACs) and potentially execute remote code.
Cyware News – Latest Cyber News – Read More
400,000 Linux Servers Hit by Ebury Botnet
/in General NewsThe Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.
The post 400,000 Linux Servers Hit by Ebury Botnet appeared first on SecurityWeek.
SecurityWeek – Read More
How to Set Up & Use a VPN on Android (A Step-by-Step Guide)
/in General NewsTrying to configure or set up a VPN on your Android? Learn how to get started with our step-by-step guide.
Security | TechRepublic – Read More
Ebury Botnet Compromised 400K Linux Servers for Crypto Theft and Financial Gain
/in General NewsThe malware modules spread via Ebury are used for various nefarious activities, such as proxying traffic, redirecting HTTP traffic, exfiltrating sensitive information, and intercepting HTTP requests.
Cyware News – Latest Cyber News – Read More
DeRusha Stepping Down From Federal CISO Role
/in General NewsChris DeRusha is leaving his position as the federal CISO, a role he has held since January 2021.
He is also departing from his role as the deputy national cyber director at the Office of the National Cyber Director (ONCD).
Cyware News – Latest Cyber News – Read More
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
/in General NewsBy Deeba Ahmed
Is FIDO2 truly unbreachable? Recent research exposes a potential vulnerability where attackers could use MITM techniques to bypass FIDO2 security keys.
This is a post from HackRead.com Read the original post: MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Unwanted Tracking Alerts Rolling Out to iOS, Android
/in General NewsApple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek.
SecurityWeek – Read More