BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
New Sysrv Botnet Variant Makes Use of Google Subdomain to Spread XMRig Miner
/in General NewsSysrv is a well-documented botnet first identified in 2020, with the main payload being a worm written in Golang. It drops a cryptominer onto infected hosts before attempting to propagate itself using network vulnerabilities and other methods.
Cyware News – Latest Cyber News – Read More
Russian Hackers Target Ukrainian Telecoms with Upgraded ‘AcidPour’ Malware
/in General NewsThe data wiping malware called AcidPour may have been deployed in attacks targeting four telecom providers in Ukraine, new findings from SentinelOne show.
The cybersecurity firm also confirmed connections between the malware and AcidRain, tying it to threat activity clusters associated with Russian military intelligence.
“AcidPour’s expanded capabilities would enable it to better
The Hacker News – Read More
Tesla Hack Team Wins $200K and a New Car
/in General NewsZero Day Initiative awarded a total of $732,000 to researchers who found 19 unique cybersecurity vulnerabilities during the first day of Pwn2Own.
darkreading – Read More
Cross Tenant Microsoft 365 Migration
/in General NewsBy Uzair Amir
With the massive adoption of Microsoft 365, encountering complex environments involving multiple tenants is becoming increasingly common.
This is a post from HackRead.com Read the original post: Cross Tenant Microsoft 365 Migration
Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News – Read More
Ivanti Keeps Security Teams Scrambling With 2 More Vulns
/in General NewsSince the beginning of this year, the company has disclosed some seven critical bugs so far, almost all of which attackers have quickly exploited in mass attacks.
darkreading – Read More
NIST’s Vuln Database Downshifts, Prompting Questions About Its Future
/in General NewsNVD may be in peril, and while alternatives exist, enterprise security managers will need to plan accordingly to stay on top of new threats.
darkreading – Read More
Changing Concepts of Identity Underscore ‘Perfect Storm’ of Cyber Risk
/in General NewsForgepoint Capital’s Alberto Yépez discusses how the concept of identity is changing: It doesn’t just mean “us” anymore.
darkreading – Read More
Apple’s iMessage Encryption Puts Its Security Practices in the DOJ’s Crosshairs
/in General NewsPrivacy and security are an Apple selling point. But the DOJ’s new antitrust lawsuit argues that Apple selectively embraces privacy and security features in ways that hurt competition—and users.
Security Latest – Read More
New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio
/in General NewsKey provisions in the legislation would require AI developers to identify content created using their products with digital watermarks or metadata.
The post New Bipartisan Bill Would Require Online Identification, Labeling of AI-Generated Videos and Audio appeared first on SecurityWeek.
SecurityWeek – Read More
How Can We Reduce Threats From the Initial Access Brokers Market?
/in General NewsThe ready-made access IABs offer has become an integral part of the ransomware ecosystem. Here’s how to stop them before they can profit from your assets.
darkreading – Read More