BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Vietnamese Threat Actor Targeting Financial Data Across Asia
/in General NewsVietnamese financially motivated hackers are targeting businesses across Asia in a campaign to harvest corporate credentials and financial data for resale in online criminal markets.
Cyware News – Latest Cyber News – Read More
New Latrodectus Malware Replaces IcedID in Network Breaches
/in General NewsWhile similar to IcedID, Proofpoint researchers confirmed it is an entirely new malware, likely created by the IcedID developers. Latrodectus shares infrastructure overlap with historic IcedID operations.
Cyware News – Latest Cyber News – Read More
Visa Warns of New JSOutProx Malware Variant Targeting Financial Organizations
/in General NewsFirst encountered in December 2019, JsOutProx is a RAT and highly obfuscated JavaScript backdoor that allows its operators to run shell commands, download additional payloads, execute files, capture screenshots, establish persistence, and more.
Cyware News – Latest Cyber News – Read More
57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
/in General NewsBy Waqas
Hacker group RGB claims responsibility for breaching Kaspersky’s fan club and the Prosecutor’s Office of the Russian Federation, leaking over 100,000 criminal records.
This is a post from HackRead.com Read the original post: 57,000 Kaspersky Fan Club Forum User Data Leaked in Hosting Breach
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
/in General NewsBy Deeba Ahmed
Wiz.io, known for its cloud security expertise, and Hugging Face, a leader in open-source AI tools, are combining their knowledge to develop solutions that address these security concerns. This collaboration signifies a growing focus on securing the foundation of AI advancements.
This is a post from HackRead.com Read the original post: Vulnerabilities Exposed Hugging Face to AI Supply Chain Attacks
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Critical Bugs Put Hugging Face AI Platform in a ‘Pickle’
/in General NewsOne issue would have allowed cross-tenant attacks, and another enabled access to a shared registry for container images; exploitation via an insecure Pickle file showcases emerging risks for AI-as-a-service more broadly.
darkreading – Read More
U.K. and U.S. Agree to Collaborate on the Development of Safety Tests for AI Models
/in General NewsThe U.K. government has formally agreed to work with the U.S. in developing safety tests for advanced AI models.
Security | TechRepublic – Read More
How Do We Integrate LLMs Security Into Application Development?
/in General NewsLarge language models require rethinking how to bake security into the software development process earlier.
darkreading – Read More
Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF
/in General NewsBy Deeba Ahmed
New Byakugan Malware Steals Data, Grants Remote Access & Uses OBS Studio to Spy! Fortinet reveals a phishing campaign distributing Byakugan malware disguised as a PDF. Don’t click! Learn how to stay safe.
This is a post from HackRead.com Read the original post: Beware the Blur: Phishing Scam Drops Byakugan Malware via Fake PDF
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Panera Bread Fuels Ransomware Suspicions With Silence
/in General NewsThe restaurant chain hasn’t provided any information regarding what led to a widespread IT outage, and customers and employees are asking for answers.
darkreading – Read More