BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Okta Warns of Unprecedented Surge in Proxy-Driven Credential Stuffing Attacks
/in General NewsIdentity and access management (IAM) services provider Okta has warned of a spike in the “frequency and scale” of credential stuffing attacks aimed at online services.
These unprecedented attacks, observed over the last month, are said to be facilitated by “the broad availability of residential proxy services, lists of previously stolen credentials (‘combo lists’), and scripting tools,” the
The Hacker News – Read More
9 Best Password Managers (2024): Features, Pricing, and Tips
/in General NewsKeep your logins locked down with our favorite password management apps for PC, Mac, Android, iPhone, and web browsers.
Security Latest – Read More
Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw
/in General NewsCybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-year-old flaw in Microsoft Office to deliver Cobalt Strike on compromised systems.
The attack chain, which took place at the end of 2023 according to Deep Instinct, employs a PowerPoint slideshow file (“signal-2023-12-20-160512.ppsx”) as the starting point, with
The Hacker News – Read More
School Employee Allegedly Framed a Principal With Racist Deepfake Rant
/in General NewsPlus: Google holds off on killing cookies, Samourai Wallet founders get arrested, and GM stops driver surveillance program.
Security Latest – Read More
Russia Vetoed a UN Resolution to Ban Space Nukes
/in General NewsA ban on weapons of mass destruction in orbit has stood since 1967. Russia apparently has other ideas.
Security Latest – Read More
FBI: Fraudsters Using Fake Online Dating Verification Apps to Scam Lovers
/in General NewsThe FBI published a warning on Friday about the scam, noting that it was akin to an offshoot of romance scams and pig butchering schemes that have proliferated in recent years.
Cyware News – Latest Cyber News – Read More
DHS Establishes AI Safety Board with Tech Titans and Experts
/in General NewsBy Waqas
The Department of Homeland Security (DHS) has formed an AI Safety Board to ensure secure AI use in critical infrastructure.
This is a post from HackRead.com Read the original post: DHS Establishes AI Safety Board with Tech Titans and Experts
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Zero-Day from 2017 Used Along With Cobalt Strike Loader in Unholy Alliance
/in General NewsThe operation involves a malicious PPSX file that drops a custom loader for the Cobalt Strike Beacon malware. The loader employs various techniques to slow down analysis and bypass security solutions.
Cyware News – Latest Cyber News – Read More
Bogus npm Packages Used to Trick Software Developers into Installing Malware
/in General NewsAn ongoing social engineering campaign is targeting software developers with bogus npm packages under the guise of a job interview to trick them into downloading a Python backdoor.
Cybersecurity firm Securonix is tracking the activity under the name DEV#POPPER, linking it to North Korean threat actors.
“During these fraudulent interviews, the developers are often asked
The Hacker News – Read More
MITRE’s Cyber Resiliency Engineering Framework Aligns With DoD Cyber Maturity Model Cert
/in General NewsPost Content
darkreading – Read More