BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon
/in General NewsAs a security industry, we need to focus our energies on those professionals among us who know how to walk the walk.
The post Navigating Vendor Speak: A Security Practitioner’s Guide to Seeing Through the Jargon appeared first on SecurityWeek.
SecurityWeek – Read More
Fortify AI Training Datasets From Malicious Poisoning
/in General NewsJust like you should check the quality of the ingredients before you make a meal, it’s critical to ensure the integrity of AI training data.
darkreading – Read More
Hackers Publish Fake Story About Ukrainians Attempting To Assassinate Slovak President
/in General NewsAn unidentified attacker hacked a Czech news service’s website and published a fake story on Tuesday claiming that an assassination attempt had been made against the newly elected Slovak president Petr Pellegrini.
Cyware News – Latest Cyber News – Read More
Patch Now: CrushFTP Zero-Day Cloud Exploit Targets US Orgs
/in General NewsAn exploit for the vulnerability allows unauthenticated attackers to escape a virtual file system sandbox to download system files and potentially achieve RCE.
darkreading – Read More
Tines Bags $50 Million Funding for Security Workflow Automation
/in General NewsIrish startup Tines raises $50 million in new venture capital funding as investors make big bets on automation and orchestration startups.
The post Tines Bags $50 Million Funding for Security Workflow Automation appeared first on SecurityWeek.
SecurityWeek – Read More
U.S. Treasury Sanctions Iranian Firms and Individuals Tied to Cyber Attacks
/in General NewsThe U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) on Monday sanctioned two firms and four individuals for their involvement in malicious cyber activities on behalf of the Iranian Islamic Revolutionary Guard Corps Cyber Electronic Command (IRGC-CEC) from at least 2016 to April 2021.
This includes the front companies Mehrsam Andisheh Saz Nik (MASN) and Dadeh
The Hacker News – Read More
Researchers Detail Multistage Attack Hijacking Systems with SSLoad, Cobalt Strike
/in General NewsCybersecurity researchers have discovered an ongoing attack campaign that’s leveraging phishing emails to deliver malware called SSLoad.
The campaign, codenamed FROZEN#SHADOW by Securonix, also involves the deployment of Cobalt Strike and the ConnectWise ScreenConnect remote desktop software.
“SSLoad is designed to stealthily infiltrate systems, gather sensitive
The Hacker News – Read More
5 Best VPN Services (2024): For Routers, PC, iPhone, Android, and More
/in General NewsIt won’t solve all of your privacy problems, but a virtual private network can make you a less tempting target for hackers.
Security Latest – Read More
Major Security Flaws Expose Keystrokes of Over One Billion Chinese Keyboard App Users
/in General NewsThe vulnerabilities could be exploited to “completely reveal the contents of users’ keystrokes in transit,” researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert said.
Cyware News – Latest Cyber News – Read More
Report: Attacker Dwell Time Down, Ransomware up in 2023
/in General NewsAccording to a new report by Mandiant, which is based on Mandiant Consulting investigations during 2023, the global median dwell time for attackers fell to its lowest point since the company began tracking the metric in 2011.
Cyware News – Latest Cyber News – Read More