BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Update your Chrome browser ASAP. Google has confirmed a zero-day exploited in the wild
/in General NewsA new Chrome JavaScript security hole is nasty, so don’t waste any time patching your systems.
Latest stories for ZDNET in Security – Read More
‘TunnelVision’ Attack Leaves Nearly All VPNs Vulnerable to Spying
/in General NewsTunnelVision is an attack developed by researchers that can expose VPN traffic to snooping or tampering.
Security Latest – Read More
Ascension Healthcare Suffers Major Cyberattack
/in General NewsThe attack cut off access to electronic healthcare records (EHRs) and ordering systems, plunging the organization and its health services into chaos.
darkreading – Read More
Dark Reading Confidential: The CISO and the SEC
/in General NewsEpisode 1 of Dark Reading Confidential brings Frederick “Flee” Lee, CISO of Reddit, Beth Burgin Waller, a practicing cyber attorney who represents many CISOs, and Ben Lee, Chief Legal Officer of Reddit, to the table.
darkreading – Read More
Dark Reading ‘Drops’ Its First Podcast
/in General NewsOur brand-new podcast, Dark Reading Confidential, has officially launched. You don’t want to miss our first episode with the CISO and chief legal officer from Reddit and a cybersecurity attorney, who share their thoughts and advice for CISOs on the new SEC breach disclosure rules.
darkreading – Read More
North Korean Hackers Deploy New Golang Malware ‘Durian’ Against Crypto Firms
/in General NewsThe North Korean threat actor tracked as Kimsuky has been observed deploying a previously undocumented Golang-based malware dubbed Durian as part of highly-targeted cyber attacks aimed at South Korean cryptocurrency firms.
“Durian boasts comprehensive backdoor functionality, enabling the execution of delivered commands, additional file downloads and exfiltration of files,” Kaspersky&
The Hacker News – Read More
Telus Acquires Cybersecurity Services Firm Vumetric
/in General NewsTelus announced Tuesday its acquisition of Vumetric Cybersecurity, a Toronto-based cybersecurity provider that specializes in advanced penetration testing designed to identify cyber vulnerabilities and threats to companies across North America.
Cyware News – Latest Cyber News – Read More
New LLMjacking Attack Uses Stolen Cloud Credentials to Target Cloud-Hosted AI Models
/in General NewsSysdig researchers discovered evidence of a reverse proxy for LLMs being used to provide access to the compromised accounts, suggesting a financial motivation. However, another possible motivation is to extract LLM training data.
Cyware News – Latest Cyber News – Read More
Report: Global Ransomware Crisis Worsens
/in General NewsAccording to NTT Security Holdings’ 2024 Global Threat Intelligence report, ransomware and extortion incidents increased by 67% in 2023, with over 5,000 victims detected or posted across social channels, up from 3,000 in 2022.
Cyware News – Latest Cyber News – Read More
How Can Businesses Defend Themselves Against Common Cyberthreats?
/in General NewsTechRepublic consolidated expert advice on how businesses can defend themselves against the most common cyberthreats, including zero-days, ransomware and deepfakes.
Security | TechRepublic – Read More