BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Ongoing Campaign Bombarded Enterprises with Spam Emails and Phone Calls
/in General NewsCybersecurity researchers have uncovered an ongoing social engineering campaign that bombards enterprises with spam emails with the goal of obtaining initial access to their environments for follow-on exploitation.
“The incident involves a threat actor overwhelming a user’s email with junk and calling the user, offering assistance,” Rapid7 researchers Tyler McGraw, Thomas Elkins, and
The Hacker News – Read More
Mallox Ransomware Deployed via MS-SQL Honeypot Attack
/in General NewsUpon analyzing Mallox samples, researchers identified two distinct affiliates using different approaches. One focused on exploiting vulnerable assets, while the other aimed at broader compromises of information systems on a larger scale.
Cyware News – Latest Cyber News – Read More
Google is planning on a fix to prevent accidental password deletion in Chrome
/in General NewsA default Google Chrome setting in Android could delete credentials saved in the Password Manager. But a potential fix is on the way.
Latest stories for ZDNET in Security – Read More
Student, Personnel Information Stolen in City of Helsinki Cyberattack
/in General NewsThe City of Helsinki says usernames, email addresses, and personal information was stolen in a recent cyberattack.
The post Student, Personnel Information Stolen in City of Helsinki Cyberattack appeared first on SecurityWeek.
SecurityWeek – Read More
FCC Reveals Royal Tiger, its First Tagged Robocall Threat Actor
/in General NewsThe FCC’s new robocall bad actor classification system, called Consumer Communications Information Services Threat (C-CIST), aims to help authorities identify and track threat actors abusing telecommunications infrastructure.
Cyware News – Latest Cyber News – Read More
Researchers Identify New Campaigns from Scattered Spider
/in General NewsThe Scattered Spider, a group of hackers, has been actively attacking the finance and insurance industries worldwide, using tactics like domain impersonation, SIM swapping, and partnering with the BlackCat ransomware group to breach high-value firms.
Cyware News – Latest Cyber News – Read More
AI’s Rapid Growth Puts Pressure on CISOs to Adapt to New Security Risks
/in General NewsThe increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to a report by Trellix.
Cyware News – Latest Cyber News – Read More
MITRE EMB3D Threat Model Officially Released
/in General NewsMITRE announced the public availability of the EMB3D threat model for embedded devices used in critical infrastructure.
The post MITRE EMB3D Threat Model Officially Released appeared first on SecurityWeek.
SecurityWeek – Read More
FCC Warns of ‘Royal Tiger’ Robocall Scammers
/in General NewsThe FCC has issued a public notice on robocall scammer group ‘Royal Tiger’, the first designated threat actor.
The post FCC Warns of ‘Royal Tiger’ Robocall Scammers appeared first on SecurityWeek.
SecurityWeek – Read More
Cybercriminals Steal One-Time Passcodes for SIM Swap Attacks and Raiding Bank Accounts
/in General NewsCybercriminals are using an automated service called “Estate” to steal one-time passcodes and hijack user accounts, including bank accounts, crypto wallets, and other sensitive services, by tricking them into revealing the codes over the phone.
Cyware News – Latest Cyber News – Read More