BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
CISO Corner: Evil SBOMs; Zero-Trust Pioneer Slams Cloud Security; MITRE’s Ivanti Issue
/in General NewsOur collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: security license mandates; a move to four-day remediation requirements; lessons on OWASP for LLMs.
darkreading – Read More
Held Back: What Exclusion Looks Like in Cybersecurity
/in General NewsYou can’t thinking about inclusion in the workplace without first understanding what kinds of exclusive behaviors prevent people from advancing in their careers.
darkreading – Read More
BeyondTrust Report: Microsoft Security Vulnerabilities Decreased by 5% in 2023
/in General NewsRefreshed software and collaboration with the security researcher community may have contributed to the 5% drop.
Security | TechRepublic – Read More
Philippines Pummeled by Assortment of Cyberattacks & Misinformation Tied to China
/in General NewsThe volume of malicious cyber activity against the Philippines quadrupled in the first quarter of 2024 compared to the same period in 2023.
darkreading – Read More
Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software
/in General NewsAttackers will likely use software bills-of-material (SBOMs) for searching for software potentially vulnerable to specific software flaws.
darkreading – Read More
Severe Flaws Disclosed in Brocade SANnav SAN Management Software
/in General NewsSeveral security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances.
The 18 flaws impact all versions up to and including 2.3.0, according to independent security researcher Pierre Barre, who discovered and reported them.
The issues range from incorrect firewall rules,
The Hacker News – Read More
Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices
/in General NewsA new Android trojan named Brokewell can steal user’s sensitive information and allows attackers to take over devices.
The post Powerful ‘Brokewell’ Android Trojan Allows Attackers to Takeover Devices appeared first on SecurityWeek.
SecurityWeek – Read More
Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses
/in General NewsMore than 90,000 unique IPs are still infected with a PlugX worm variant that spreads via infected flash drives.
The post Self-Spreading PlugX USB Drive Malware Plagues Over 90k IP Addresses appeared first on SecurityWeek.
SecurityWeek – Read More
Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering
/in General NewsBy Waqas
The official website of Samourai Wallet has been seized, while its official app on the Apple Store and Google Play has been removed.
This is a post from HackRead.com Read the original post: Feds Bust Privacy-Centric Samourai Wallet Over BTC Money Laundering
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Minimum Viable Compliance: What You Should Care About and Why
/in General NewsUnderstand what security measures you have in place, what you need to keep secure, and what rules you have to show compliance with.
darkreading – Read More