BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
You Against the World: The Offenders Dilemma
/in General NewsForeign attackers have many more toolsets at their disposal, so we need to make sure we’re selective about our modeling, preparation and how we assess and fortify ourselves.
The post You Against the World: The Offenders Dilemma appeared first on SecurityWeek.
SecurityWeek – Read More
Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack
/in General NewsThe maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from 0.68 through 0.80 that could be exploited to achieve full recovery of NIST P-521 (ecdsa-sha2-nistp521) private keys.
The flaw has been assigned the CVE identifier CVE-2024-31497, with the discovery credited to researchers Fabian Bäumer and Marcus
The Hacker News – Read More
Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative
/in General NewsKevin O’Connor knew he was a hacker by the time he was in Middle School. He went on to work for the NSA and is now director of threat research at Adlumin.
The post Hacker Conversations: Kevin O’Connor, From Childhood Hacker to NSA Operative appeared first on SecurityWeek.
SecurityWeek – Read More
Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare
/in General NewsThe RansomHub group has started leaking information allegedly stolen from Change Healthcare in February 2024.
The post Ransomware Group Starts Leaking Data Allegedly Stolen From Change Healthcare appeared first on SecurityWeek.
SecurityWeek – Read More
Omni Hotels Says Personal Information Stolen in Ransomware Attack
/in General NewsOmni Hotels says customer information was compromised in a cyberattack claimed by the Daixin Team ransomware group.
The post Omni Hotels Says Personal Information Stolen in Ransomware Attack appeared first on SecurityWeek.
SecurityWeek – Read More
New LockBit Variant Exploits Self-Spreading Features
/in General NewsAccording to researchers, the malware variant exhibits unprecedented features, including impersonation of system administrators and adaptive self-spreading across networks.
Cyware News – Latest Cyber News – Read More
FTC Fines Mental Health Startup Cerebral $7 Million for Major Privacy Violations
/in General NewsThe U.S. Federal Trade Commission (FTC) has ordered the mental telehealth company Cerebral from using or disclosing personal data for advertising purposes.
It has also been fined more than $7 million over charges that it revealed users’ sensitive personal health information and other data to third parties for advertising purposes and failed to honor its easy cancellation policies.
“Cerebral and
The Hacker News – Read More
Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt
/in General NewsPAM company Delinea over the weekend rushed to patch a critical authentication bypass vulnerability after it apparently ignored the researcher who found the flaw.
The post Delinea Scrambles to Patch Critical Flaw After Failed Responsible Disclosure Attempt appeared first on SecurityWeek.
SecurityWeek – Read More
Researchers Stop ‘Credible Takeover Attempt’ Similar to XZ Utils Backdoor Incident
/in General NewsResearchers at the OpenJS Foundation said Monday that they “received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails.”
Cyware News – Latest Cyber News – Read More
Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown
/in General NewsTwo individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT (previously Firebird).
The U.S. Justice Department (DoJ) said the malware “gave the malware purchasers control over victim computers and enabled them to access victims’ private communications, their login credentials, and
The Hacker News – Read More