BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
FCC Imposes $200 Million in Fines on Four US Carriers
/in General NewsThe FCC has fined four major U.S. wireless carriers – AT&T, Sprint, T-Mobile, and Verizon – a total of nearly $200 million for unlawfully selling access to their customers’ real-time location data without consent.
Cyware News – Latest Cyber News – Read More
Google Rejected 2.28 Million Risky Android Apps From Play Store in 2023
/in General NewsAdditionally, the tech giant reports that it identified and blocked 333,000 Google Play accounts that uploaded malware, fraudulent apps, or engaged in repeated grave policy violations.
Cyware News – Latest Cyber News – Read More
Thoma Bravo to take UK cybersecurity company Darktrace private in $5B deal
/in General NewsThoma Bravo, a private equity firm, is set to acquire the U.K.-based cybersecurity company Darktrace in a deal valued at around $5 billion. The deal is pending shareholder approval and is expected to be finalized by the end of 2024.
Cyware News – Latest Cyber News – Read More
The Darkgate Menace: Leveraging Autohotkey & Attempt to Evade SmartScreen
/in General NewsResearchers found a novel infection chain associated with the DarkGate malware, which is a Remote Access Trojan (RAT) developed using Borland Delphi and marketed as a Malware-as-a-Service (MaaS) offering on a Russian-language cybercrime forum.
Cyware News – Latest Cyber News – Read More
Security Flaws in IRS Systems Pose Risk to Financial Statements, GAO Says
/in General NewsIn its report, the GAO highlighted “new and continuing” shortcomings with information systems and the safeguarding of assets, issues that increase the likelihood of unauthorized access to sensitive IRS data.
Cyware News – Latest Cyber News – Read More
New U.K. Law Bans Default Passwords on Smart Devices Starting April 2024
/in General NewsThe U.K. National Cyber Security Centre (NCSC) is calling on manufacturers of smart devices to comply with new legislation that prohibits them from using default passwords, effective April 29, 2024.
“The law, known as the Product Security and Telecommunications Infrastructure act (or PSTI act), will help consumers to choose smart devices that have been designed to
The Hacker News – Read More
Zloader Learns Old Tricks
/in General NewsZloader, a modular trojan based on the leaked ZeuS source code, has recently introduced a new anti-analysis feature in versions 2.4.1.0 and 2.5.1.0 to prevent execution on machines that differ from the original infection.
Cyware News – Latest Cyber News – Read More
Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas
/in General NewsCEOs of major tech companies are joining a new artificial intelligence safety board to advise the federal government on how to protect the nation’s critical services from “AI-related disruptions.”
The post Tech CEOs Altman, Nadella, Pichai and Others Join Government AI Safety Board Led by DHS’ Mayorkas appeared first on SecurityWeek.
SecurityWeek – Read More
R Programming Bug Exposes Orgs to Vast Supply Chain Risk
/in General NewsThe CVE-2024-27322 security vulnerability in R’s deserialization process gives attackers a way to execute arbitrary code in target environments via specially crafted files.
darkreading – Read More
Okta: Credential-Stuffing Attacks Spike via Proxy Networks
/in General NewsOkta warns users that the attack requests are made through an anonymizing service like Tor or various commercial proxy networks.
darkreading – Read More