BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Investigation Uncovers Substantial Spyware Exports to Indonesia
/in General NewsAn investigation by Amnesty International’s Security Lab revealed that Indonesia has been procuring powerful and invasive commercial spyware and surveillance products from international vendors, brokers, and resellers.
Cyware News – Latest Cyber News – Read More
Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals
/in General NewsA botnet dismantled in January and used by Russia-linked APT28 consisted of more than just Ubiquiti Edge OS routers.
The post Botnet Disrupted by FBI Still Used by Russian Spies, Cybercriminals appeared first on SecurityWeek.
SecurityWeek – Read More
AI-Driven Phishing Attacks Deceive Even the Most Aware Users
/in General NewsBy automating and personalizing various aspects of the attack process, such as crafting convincing emails and creating realistic phishing pages, threat actors can deceive even the most aware users.
Cyware News – Latest Cyber News – Read More
CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities
/in General NewsCISA and the FBI warn of threat actors abusing path traversal software vulnerabilities in attacks targeting critical infrastructure.
The post CISA, FBI Urge Organizations to Eliminate Path Traversal Vulnerabilities appeared first on SecurityWeek.
SecurityWeek – Read More
Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster
/in General NewsSaaS-based, AI-assisted penetration service allows proactive defensive action against exploitation of new vulnerabilities.
The post Horizon3.ai Introduces AI-Assisted Service to Prioritize and Patch Vulnerabilities Faster appeared first on SecurityWeek.
SecurityWeek – Read More
US Charges 16 Over ‘Depraved’ Grandparent Scams
/in General NewsThe scam involved call center workers impersonating the victims’ relatives, claiming they were in legal trouble or had been in an accident, and convincing the victims to send thousands of dollars to help them.
Cyware News – Latest Cyber News – Read More
Cybercriminals and Nation-State Actors Found Sharing Compromised Networks
/in General NewsNation-state threat actors like Sandworm used their own dedicated proxy botnets, while APT group Pawn Storm had access to a criminal proxy botnet of Ubiquiti EdgeRouters.
Cyware News – Latest Cyber News – Read More
New Guide Explains How to Eliminate the Risk of Shadow SaaS and Protect Corporate Data
/in General NewsSaaS applications are dominating the corporate landscape. Their increased use enables organizations to push the boundaries of technology and business. At the same time, these applications also pose a new security risk that security leaders need to address, since the existing security stack does not enable complete control or comprehensive monitoring of their usage.
The Hacker News – Read More
NSA, FBI Alert on N. Korean Hackers Spoofing Emails from Trusted Sources
/in General NewsThe U.S. government on Thursday published a new cybersecurity advisory warning of North Korean threat actors’ attempts to send emails in a manner that makes them appear like they are from legitimate and trusted parties.
The joint bulletin was published by the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Department of State.
“The
The Hacker News – Read More
Attack Report: Custom QR Code Phishing Templates
/in General NewsHackers are using custom QR code templates that are personalized for each target organization, making the attacks appear more legitimate and increasing their chances of success.
Cyware News – Latest Cyber News – Read More