BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
North Korea APT Triumvirate Spied on South Korean Defense Industry For Years
/in General NewsLazarus, Kimsuky, and Andariel all got in on the action, stealing “important” data from firms responsible for defending their southern neighbors (from them).
darkreading – Read More
KnowBe4 Plans to Acquire Egress for Email Security Tech
/in General NewsKnowBe4 boasts that the merger will create “the largest, advanced AI-driven cybersecurity platform for managing human risk.”
The post KnowBe4 Plans to Acquire Egress for Email Security Tech appeared first on SecurityWeek.
SecurityWeek – Read More
Iran Dupes US Military Contractors, Gov’t Agencies in Cyber Campaign
/in General NewsAn Iranian state-sponsored hacking group successfully infiltrated hundreds of thousands of employee accounts at US companies and government agencies, including the US Treasury and State Department, as part of a five-year cyber espionage campaign.
Cyware News – Latest Cyber News – Read More
Google yet again delays killing third-party cookies in Chrome. Here’s what you need to know
/in General NewsGoogle now hopes to start phasing out third-party cookies in early 2025, instead of late 2024 as previously planned.
Latest stories for ZDNET in Security – Read More
‘ArcaneDoor’ Cyberspies Hacked Cisco Firewalls to Access Government Networks
/in General NewsSources suspect China is behind the targeted exploitation of two zero-day vulnerabilities in Cisco’s security appliances.
Security Latest – Read More
North Korean Hackers Hijack Antivirus Updates for Malware Delivery
/in General NewsA North Korea-linked threat actor hijacked the update mechanism of eScan antivirus to deploy backdoors and cryptocurrency miners.
The post North Korean Hackers Hijack Antivirus Updates for Malware Delivery appeared first on SecurityWeek.
SecurityWeek – Read More
Iran Dupes US Military Contractors, Gov’t Agencies in Years-Long Cyber Campaign
/in General NewsA state-sponsored hacking team employed a clever masquerade and elaborate back-end infrastructure as part of a five-year info-stealing campaign that compromised the US State and Treasury Departments, and hundreds of thousands of accounts overall.
darkreading – Read More
2023: A ‘Good’ Year for OT Cyberattacks
/in General NewsAttacks increased by “only” 19% last year. But that number is expected to grow significently.
darkreading – Read More
Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon
/in General NewsAs a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.
The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
SecurityWeek – Read More
Fortify AI Training Datasets From Malicious Poisoning
/in General NewsJust like you should check the quality of the ingredients before you make a meal, it’s critical to ensure the integrity of AI training data.
darkreading – Read More