BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users
/in General NewsSecurity vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users’ keystrokes to nefarious actors.
The findings come from the Citizen Lab, which discovered weaknesses in eight of nine apps from vendors like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only vendor whose keyboard app did not have any security
The Hacker News – Read More
People Doubt Their Own Ability to Spot AI-Generated Deepfakes
/in General NewsThe actual number of people exposed to political and other deepfakes is expected to be much higher given many Americans are not able to decipher what is real versus fake, thanks to the sophistication of AI technologies.
Cyware News – Latest Cyber News – Read More
Swedish Signals Intelligence Agency to Take Over National Cybersecurity Center
/in General NewsAfter failing to achieve “expected results,” Sweden’s National Cyber Security Center (NCSC) is facing a range of reforms, including being brought under the control of the country’s cyber and signals intelligence agency.
Cyware News – Latest Cyber News – Read More
ShotSpotter Keeps Listening for Gunfire After Contracts Expire
/in General NewsInternal emails suggest that the company continued to provide gunshot data to police in cities where its contracts had been canceled.
Security Latest – Read More
Pentagon Launches DIB Vulnerability Disclosure Program
/in General NewsThe DIB Vulnerability Disclosure Program (DIB-VDP), a joint venture between the DoD Cyber Crime Center (DC3), the Defense Counterintelligence and Security Agency (DCSA), and HackerOne, will bring better vulnerability disclosure practices to the DIB.
Cyware News – Latest Cyber News – Read More
eScan Antivirus Update Mechanism Exploited to Spread Backdoors and Miners
/in General NewsA new malware campaign has been exploiting the updating mechanism of the eScan antivirus software to distribute backdoors and cryptocurrency miners like XMRig through a long-standing threat codenamed GuptiMiner targeting large corporate networks.
Cybersecurity firm Avast said the activity is the work of a threat actor with possible connections to a North Korean hacking group dubbed
The Hacker News – Read More
Study: GPT-4 Agent can Exploit Unpatched Vulnerabilities
/in General NewsAcademics at a U.S. university found that if you feed a GPT-4 artificial intelligence agent public security advisories, it can exploit unpatched “real-world” vulnerabilities without precise technical information.
Cyware News – Latest Cyber News – Read More
CoralRaider Malware Campaign Exploits CDN Cache to Spread Info-Stealers
/in General NewsA new ongoing malware campaign has been observed distributing three different stealers, such as CryptBot, LummaC2, and Rhadamanthys hosted on Content Delivery Network (CDN) cache domains since at least February 2024.
Cisco Talos has attributed the activity with moderate confidence to a threat actor tracked as CoralRaider, a suspected Vietnamese-origin
The Hacker News – Read More
CompTIA Supports Department of Defense Efforts to Strengthen Cyber Knowledge and Skills
/in General NewsPost Content
darkreading – Read More
5 Hard Truths About the State of Cloud Security 2024
/in General NewsDark Reading talks cloud security with John Kindervag, the godfather of zero trust.
darkreading – Read More