BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
A Vast New Dataset Could Supercharge the AI Hunt for Crypto Money Laundering
/in General NewsBlockchain analysis firm Elliptic, MIT, and IBM, have released a new AI detection model—and the 200-million-transaction dataset it’s trained on—that aims to spot the “shape” of Bitcoin money laundering.
Security Latest – Read More
Are VPNs Legal To Use?
/in General NewsAre virtual private networks legal to use? Discover if VPNs are legal, restricted or banned in your geolocation and what activities are legal vs. illegal when using a VPN.
Security | TechRepublic – Read More
CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen
/in General NewsSecurityWeek interviews Geoff Belknap, CISO at LinkedIn, and Guy Rosen, CISO at Facebook parent company Meta.
The post CISO Conversations: Talking Cybersecurity With LinkedIn’s Geoff Belknap and Meta’s Guy Rosen appeared first on SecurityWeek.
SecurityWeek – Read More
Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server
/in General NewsThe new Wpeeper Android trojan ceased operations after a week and has zero detections in VirusTotal.
The post Wpeeper Android Trojan Uses Compromised WordPress Sites to Shield Command-and-Control Server appeared first on SecurityWeek.
SecurityWeek – Read More
ZLoader Malware Evolves with Anti-Analysis Trick from Zeus Banking Trojan
/in General NewsThe authors behind the resurfaced ZLoader malware have added a feature that was originally present in the Zeus banking trojan that it’s based on, indicating that it’s being actively developed.
“The latest version, 2.4.1.0, introduces a feature to prevent execution on machines that differ from the original infection,” Zscaler ThreatLabz researcher Santiago
The Hacker News – Read More
TechRepublic Premium Editorial Calendar: Policies, Checklists, Hiring Kits and Glossaries for Download
/in General NewsTechRepublic Premium content helps you solve your toughest IT issues and jump-start your career or next project.
Security | TechRepublic – Read More
Everyone’s an Expert: How to Empower Your Employees for Cybersecurity Success
/in General NewsThere’s a natural human desire to avoid threatening scenarios. The irony, of course, is if you hope to attain any semblance of security, you’ve got to remain prepared to confront those very same threats.
As a decision-maker for your organization, you know this well. But no matter how many experts or trusted cybersecurity tools your organization has a standing guard,
The Hacker News – Read More
Programming Language R Patches Code Execution Security Flaw
/in General NewsThe vulnerability, tagged CVE-2024-27322, can be exploited by tricking someone into loading a maliciously crafted RDS (R Data Serialization) file into an R-based project, or by fooling them into integrating a poisoned R package into a code base.
Cyware News – Latest Cyber News – Read More
Patched Deserialization Flaw in Siemens Product Allows RCE
/in General NewsResearchers detailed a deserialization vulnerability in Siemens software used to monitor industrial energy consumption and attributed the flaw to the German conglomerate’s decision to use a programming method that has known security risks.
Cyware News – Latest Cyber News – Read More
New Latrodectus Malware Attacks Use Microsoft, Cloudflare Themes
/in General NewsLatrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious.
Cyware News – Latest Cyber News – Read More