BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
New ‘Brokewell’ Android Malware Spread Through Fake Browser Updates
/in General NewsFake browser updates are being used to push a previously undocumented Android malware called Brokewell.
“Brokewell is a typical modern banking malware equipped with both data-stealing and remote-control capabilities built into the malware,” Dutch security firm ThreatFabric said in an analysis published Thursday.
The malware is said to be in active development,
The Hacker News – Read More
Researchers Found 18 Vulnerabilities in Brocade SANnav
/in General NewsThree of the vulnerabilities could allow an attacker to send malicious data, intercept credentials sent in clear text, and potentially compromise the entire Fibre Channel infrastructure.
Cyware News – Latest Cyber News – Read More
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
/in General NewsPalo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation.
The vulnerability, tracked as CVE-2024-3400 (CVSS score: 10.0), could be weaponized to obtain unauthenticated remote shell command execution on susceptible devices. It has been addressed in
The Hacker News – Read More
10 Critical Endpoint Security Tips You Should Know
/in General NewsIn today’s digital world, where connectivity is rules all, endpoints serve as the gateway to a business’s digital kingdom. And because of this, endpoints are one of hackers’ favorite targets.
According to the IDC, 70% of successful breaches start at the endpoint. Unprotected endpoints provide vulnerable entry points to launch devastating cyberattacks. With IT
The Hacker News – Read More
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors
/in General NewsA vulnerability in the WordPress Automatic plugin is being exploited to inject backdoors and web shells into websites.
The post Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors appeared first on SecurityWeek.
SecurityWeek – Read More
ThreatLocker Raises $115M in Series D Funding
/in General NewsThe round was led by existing investor General Atlantic, with participation from other major investors StepStone Group and the D. E. Shaw group. The company intends to use the funds to drive product innovation and accelerate its global expansion.
Cyware News – Latest Cyber News – Read More
Autodesk Hosting PDF Files Used in Microsoft Phishing Attacks
/in General NewsResearchers discovered a sophisticated phishing campaign that is using compromised email accounts and Autodesk’s file sharing platform to steal Microsoft login credentials from victims.
Cyware News – Latest Cyber News – Read More
Researchers Sinkhole PlugX Malware Server With 2.5 Million Unique IPs
/in General NewsResearchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses.
Cyware News – Latest Cyber News – Read More
Hackers Exploiting WP-Automatic Plugin Bug to Create Admin Accounts on WordPress Sites
/in General NewsThreat actors are attempting to actively exploit a critical security flaw in the WP‑Automatic plugin for WordPress that could allow site takeovers.
The shortcoming, tracked as CVE-2024-27956, carries a CVSS score of 9.9 out of a maximum of 10. It impacts all versions of the plugin prior to 3.9.2.0.
“This vulnerability, a SQL injection (SQLi) flaw, poses a severe threat as
The Hacker News – Read More
PCI Launches Payment Card Cybersecurity Effort in the Middle East
/in General NewsThe payment card industry pushes for more security in financial transactions to help combat increasing fraud in the region.
darkreading – Read More