BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
Siemens Working on Fix for Device Affected by Palo Alto Firewall Bug
/in General NewsGrowing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.
darkreading – Read More
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
/in General NewsAn utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
darkreading – Read More
Russian APT28 Group in New “GooseEgg” Hacking Campaign
/in General NewsA notorious Russian APT group has been stealing credentials for years by exploiting a Windows Print Spooler bug and using a novel post-compromise tool known as “GooseEgg,” Microsoft has revealed.
Cyware News – Latest Cyber News – Read More
Vulnerability Exploitation on the Rise as Attackers Ditch Phishing
/in General NewsIn a move away from traditional phishing scams, attackers are increasingly exploiting vulnerabilities in computer systems to gain initial network access, according to Mandiant’s M-Trends 2024 Report.
Cyware News – Latest Cyber News – Read More
$10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors
/in General NewsFour Iranians are accused of hacking into critical systems at the Departments of Treasury and State and dozens of private US companies.
The post $10 Million Bounty on Iranian Hackers for Cyber Attacks on US Gov, Defense Contractors appeared first on SecurityWeek.
SecurityWeek – Read More
Back from the Brink: UnitedHealth Offers Sobering Post-Attack Update
/in General NewsThe company reports most systems are functioning again but that analysis of the data affected will take months to complete.
darkreading – Read More
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
/in General NewsThe GuptiMiner malware campaign, discovered by Avast, involved hijacking an eScan antivirus update mechanism to distribute backdoors and coinminers. The campaign was orchestrated by a threat actor with possible ties to Kimsuky.
Cyware News – Latest Cyber News – Read More
Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together
/in General NewsThe judge with Spain’s National Court said there is reason to believe that the new information provided by France can “allow the investigations to advance.”
The post Spain Reopens a Probe Into a Pegasus Spyware Case After a French Request to Work Together appeared first on SecurityWeek.
SecurityWeek – Read More
CISA to Issue List of Software Products Critical to Agency Security by End of September
/in General NewsThe Cybersecurity and Infrastructure Security Agency is targeting a September 30 deadline to give federal agencies a list of example software products deemed critical for the federal government’s cyber posture.
Cyware News – Latest Cyber News – Read More
Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins
/in General NewsBy Waqas
Coffee with Double Brew of Trouble!
This is a post from HackRead.com Read the original post: Nespresso Domain Hijacked in Phishing Attack Targeting Microsoft Logins
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More