BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
New Details on TinyTurla’s Post-Compromise Activity Reveal Full Kill Chain
/in General NewsTalos’ analysis, in coordination with CERT.NGO, reveals that Turla infected multiple systems in the compromised network of a European non-governmental organization (NGO).
Cyware News – Latest Cyber News – Read More
Large-Scale StrelaStealer Campaign in Early 2024
/in General NewsRecently, Unit 42 researchers have identified a wave of large-scale StrelaStealer campaigns impacting over 100 organizations across the EU and U.S. These campaigns deliver spam emails with attachments that eventually launch the DLL payload.
Cyware News – Latest Cyber News – Read More
Luxury Yacht Dealer Attack Claimed by Rhysida Gang
/in General NewsMarineMax, which posted multibillion-dollar revenues last year, disclosed a cyberattack to the Securities and Exchange Commission (SEC) on March 10, saying portions of its business were disrupted as a result of the containment measures it enacted.
Cyware News – Latest Cyber News – Read More
In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap
/in General NewsNoteworthy stories that might have slipped under the radar: Google’s post-quantum cryptography threat model, keyboard typing sounds can expose data, DHS publishes AI roadmap.
The post In Other News: Google’s PQC Threat Model, Keyboard Sounds Expose Data, AI Roadmap appeared first on SecurityWeek.
SecurityWeek – Read More
Fake Data Breaches: Countering the Damage
/in General NewsAmid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions.
Cyware News – Latest Cyber News – Read More
Jacksonville Beach Report Data Breach Following Cyberattacks
/in General NewsThe city government of Jacksonville Beach was just the latest to report such an incident, disclosing Wednesday evening that 48,949 people had personal information accessed during a January cyberattack.
Cyware News – Latest Cyber News – Read More
Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors
/in General NewsVulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors.
The post Saflok Lock Vulnerability Can Be Exploited to Open Millions of Doors appeared first on SecurityWeek.
SecurityWeek – Read More
API Environments Becoming Hotspots for Exploitation
/in General NewsA total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai.
Cyware News – Latest Cyber News – Read More
Red Teaming in the AI Era
/in General NewsUnlike previous types of software, AI models become more intelligent over time. This constant change means new risks can emerge at any moment, making them incredibly difficult to anticipate. A one-and-done approach to red teaming simply won’t work.
Cyware News – Latest Cyber News – Read More
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
/in General NewsSysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using network vulnerabilities and other methods.
Cyware News – Latest Cyber News – Read More