BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log Issues
/in General NewsNoteworthy stories that might have slipped under the radar: China making claims about encryption cracking and Intel backdoors, ConfusedPilot AI attack, Microsoft loses security logs.
The post In Other News: China Making Big Claims, ConfusedPilot AI Attack, Microsoft Security Log Issues appeared first on SecurityWeek.
SecurityWeek – Read More
Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks
/in General NewsThe Adload macOS adware potentially exploits a privacy bypass vulnerability resolved in Sequoia 15 last month.
The post Microsoft: macOS Vulnerability Potentially Exploited in Adware Attacks appeared first on SecurityWeek.
SecurityWeek – Read More
Boston Children’s Health Physicians confirms September data breach
/in General NewsBCHP — which helps pair children with more than 300 doctors through 60 regional offices in New York and Connecticut — said intruders took patient data from its network in early September.
The Record from Recorded Future News – Read More
The Ultimate DSPM Guide: Webinar on Building a Strong Data Security Posture
/in General NewsPicture your company’s data as a vast, complex jigsaw puzzle—scattered across clouds, devices, and networks. Some pieces are hidden, some misplaced, and others might even be missing entirely. Keeping your data secure in today’s fast-evolving landscape can feel like an impossible challenge.
But there’s a game-changing solution: Data Security Posture Management (DSPM). Think of it as a high-tech,
The Hacker News – Read More
North Korean APT Exploited IE Zero-Day in Supply Chain Attack
/in General NewsA Pyongyang-aligned APT was caught exploiting a recent zero-day in Internet Explorer in a supply chain attack.
The post North Korean APT Exploited IE Zero-Day in Supply Chain Attack appeared first on SecurityWeek.
SecurityWeek – Read More
Rising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers Unique
/in General NewsVeracode and Veilid Foundation co-founder discusses the “human rights issue” of accessible privacy and what makes hackers unique.
The post Rising Tides: Christien “DilDog” Rioux on Building Privacy and What Makes Hackers Unique appeared first on SecurityWeek.
SecurityWeek – Read More
North Korean Fake IT Workers Extort Employers After Stealing Data
/in General NewsNorth Korean nationals posing as IT workers have been extorting their employers after gaining insider access.
The post North Korean Fake IT Workers Extort Employers After Stealing Data appeared first on SecurityWeek.
SecurityWeek – Read More
Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report
/in General NewsSANS has published its 2024 State of ICS/OT Cybersecurity report, based on a survey of over 530 critical infrastructure sector professionals.
The post Organizations Faster at Detecting OT Incidents, but Response Still Lacking: Report appeared first on SecurityWeek.
SecurityWeek – Read More
Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike
/in General NewsAn Alabama man has been arrested over his role in the hacking of the SEC’s X account, which led to a Bitcoin price spike.
The post Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike appeared first on SecurityWeek.
SecurityWeek – Read More
Omni Family Health Data Breach Impacts 470,000 Individuals
/in General NewsOmni Family Health has disclosed a data breach impacting nearly 470,000 current and former patients and employees.
The post Omni Family Health Data Breach Impacts 470,000 Individuals appeared first on SecurityWeek.
SecurityWeek – Read More