BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
IT Pros Targeted with Malicious Google Ads for PuTTY, FileZilla
/in General NewsAn ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application).
Cyware News – Latest Cyber News – Read More
LastPass Employee Targeted With Deepfake Calls
/in General NewsLastPass this week revealed that one of its employees was targeted in a phishing attack involving deepfake technology.
The post LastPass Employee Targeted With Deepfake Calls appeared first on SecurityWeek.
SecurityWeek – Read More
Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker
/in General NewsCybersecurity researchers have discovered a credit card skimmer that’s concealed within a fake Meta Pixel tracker script in an attempt to evade detection.
Sucuri said that the malware is injected into websites through tools that allow for custom code, such as WordPress plugins like Simple Custom CSS and JS or the “Miscellaneous Scripts” section of the Magento admin panel.
”
The Hacker News – Read More
U.S. Federal Agencies Ordered to Hunt for Signs of Microsoft Breach and Mitigate Risks
/in General NewsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday issued an emergency directive (ED 24-02) urging federal agencies to hunt for signs of compromise and enact preventive measures following the recent compromise of Microsoft’s systems that led to the theft of email correspondence with the company.
The attack, which came to light earlier this year, has been
The Hacker News – Read More
AT&T blasts email to 70M customers, causes massive traffic spike at Experian. Here’s what happened
/in General NewsCustomers won’t be able to enroll in Experian’s identity theft monitoring in the near term, and they have AT&T to thank for that.
Latest stories for ZDNET in Security – Read More
Best Paid and Free OSINT Tools for 2024
/in General NewsBy Waqas
In this article, we will explore 12 paid and free OSINT tools that are publicly available and can be very useful when utilized properly and for appropriate purposes.
This is a post from HackRead.com Read the original post: Best Paid and Free OSINT Tools for 2024
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Sisense Password Breach Triggers ‘Ominous’ CISA Warning
/in General NewsWith stores of mega-corporate business intelligence, a Sisense compromise could potentially mushroom into supply chain cyberattack disaster, experts fear.
darkreading – Read More
DPRK Exploits 2 MITRE Sub-Techniques: Phantom DLL Hijacking, TCC Abuse
/in General NewsNorth Korean hackers break ground with new exploitation techniques for Windows and macOS.
darkreading – Read More
DuckDuckGo’s Privacy Pro bundles a VPN with personal data removal and identity theft restoration
/in General NewsData brokers, look out. The company best known for its privacy-focused browser unveils several new security tools. Here’s how to try them out.
Latest stories for ZDNET in Security – Read More
Cohesity Extends Collaboration to Strengthen Cyber Resilience With IBM Investment in Cohesity
/in General NewsPost Content
darkreading – Read More