BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
/in General NewsBy Deeba Ahmed
Is FIDO2 truly unbreachable? Recent research exposes a potential vulnerability where attackers could use MITM techniques to bypass FIDO2 security keys.
This is a post from HackRead.com Read the original post: MITM Attacks Can Still Bypass FIDO2 Security, Researchers Warn
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Unwanted Tracking Alerts Rolling Out to iOS, Android
/in General NewsApple and Google have rolled out a new mobile feature that warns users of unwanted trackers moving with them.
The post Unwanted Tracking Alerts Rolling Out to iOS, Android appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft Fixes Three Zero-Days in May Patch Tuesday
/in General NewsMicrosoft has released a Patch Tuesday update that addresses three zero-day flaws, two of which are actively being exploited in the wild, including an elevation of privilege flaw that could provide system-level access and compromise systems.
Cyware News – Latest Cyber News – Read More
Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
/in General NewsA malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023.
The findings come from Slovak cybersecurity firm ESET, which characterized it as one of the most advanced server-side malware campaigns for financial gain.
“Ebury actors have been pursuing monetization activities […],
The Hacker News – Read More
It’s Time to Master the Lift & Shift: Migrating from VMware vSphere to Microsoft Azure
/in General NewsWhile cloud adoption has been top of mind for many IT professionals for nearly a decade, it’s only in recent months, with industry changes and announcements from key players, that many recognize the time to make the move is now. It may feel like a daunting task, but tools exist to help you move your virtual machines (VMs) to a public cloud provider – like Microsoft Azure
The Hacker News – Read More
900k Impacted by Data Breach at Mississippi Healthcare Provider
/in General NewsSinging River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.
The post 900k Impacted by Data Breach at Mississippi Healthcare Provider appeared first on SecurityWeek.
SecurityWeek – Read More
VMware Fixed Zero-Day Flaws Demonstrated at Pwn2Own2024
/in General NewsVMware addressed four vulnerabilities, including three zero-day flaws demonstrated at the Pwn2Own Vancouver 2024 hacking contest, in its Workstation and Fusion desktop hypervisors.
Cyware News – Latest Cyber News – Read More
PoC Exploit Released for RCE Zero-Day in D-Link EXO AX4800 Routers
/in General NewsThe D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
Cyware News – Latest Cyber News – Read More
Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators
/in General NewsThe threat actors then call the impacted users, posing as members of the organization’s IT team, and attempt to socially engineer the users into providing remote access to their computers through the use of legitimate RMM solutions.
Cyware News – Latest Cyber News – Read More
Senators Urge $32 Billion in Emergency Spending on AI After Finishing Yearlong Review
/in General NewsThe group recommends that Congress draft emergency spending legislation to boost U.S. investments in artificial intelligence, including new R&D and testing standards to understand the technology’s potential harms.
The post Senators Urge $32 Billion in Emergency Spending on AI After Finishing Yearlong Review appeared first on SecurityWeek.
SecurityWeek – Read More