BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated
/in General NewsAn analysis conducted by Honeywell shows that much of the USB-borne malware targeting industrial organizations can still cause OT disruption.
The post Honeywell: USB Malware Attacks on Industrial Orgs Becoming More Sophisticated appeared first on SecurityWeek.
SecurityWeek – Read More
Report: 73% of SME Security Professionals Missed or Ignored Critical Alerts
/in General NewsIT staff at SMEs is overwhelmed by the complexity and demands of managing multiple tools in their security stack, leading them to miss critical severity events and weaken their company’s security posture, according to Coro.
Cyware News – Latest Cyber News – Read More
DHS Announces AI Safety Board with OpenAI Founder, CEOs of Microsoft, Nvidia, IBM
/in General NewsMembers will include representatives of tech companies, critical infrastructure entities, academia, and government agencies, as well as “leaders in the civil rights, civil liberties, and privacy communities,” DHS Secretary Alejandro Mayorkas said.
Cyware News – Latest Cyber News – Read More
Navigating the Threat Landscape: Understanding Exposure Management, Pentesting, Red Teaming and RBVM
/in General NewsIt comes as no surprise that today’s cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many
The Hacker News – Read More
Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies
/in General NewsOkta warned of a spike in credential stuffing attacks using anonymizing services such as Tor, DataImpulse, Luminati, and NSocks.
The post Okta Warns of Credential Stuffing Attacks Using Tor, Residential Proxies appeared first on SecurityWeek.
SecurityWeek – Read More
Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover
/in General NewsMultiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited to obtain code execution on the target system.
The three flaws, all critical in nature, allow an “adversary with sufficient access to perform a sandbox escape and obtain root permissions on the host machine,” Australian
The Hacker News – Read More
Know-Your-Customer Executive Order Facing Stiff Opposition From Cloud Industry
/in General NewsA controversial executive order that would require U.S. cloud companies to closely monitor the identities of their customers will move one step closer to the finish line next week amid opposition from the industry.
Cyware News – Latest Cyber News – Read More
Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank
/in General NewsBy Deeba Ahmed
New Android malware alert! Brokewell steals data, takes over devices & targets your bank. Learn how this sneaky malware works & what you can do to protect yourself. Stop Brokewell before it stops you!
This is a post from HackRead.com Read the original post: Fake Chrome Updates Hide Android Brokewell Malware Targeting Your Bank
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
/in General NewsBy Deeba Ahmed
Beware! Agent Tesla & Taskun Malware are targeting US Education & Gov. This cyberattack steals data & exploits vulnerabilities. Learn how to protect schools & government agencies from this double threat!
This is a post from HackRead.com Read the original post: Agent Tesla and Taskun Malware Targeting US Education and Govt Entities
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Most People Still Rely on Memory or Pen and Paper for Password Management
/in General NewsA Bitwarden survey showed that 25% of respondents globally reuse passwords across 11-20+ accounts, and 36% admit to using personal information in their credentials publicly accessible on social media (60%) platforms and online forums (30%).
Cyware News – Latest Cyber News – Read More