BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
Nations Direct Mortgage Alerts 83,000 to Personal Data Breach From December 2023 Cyberattack
/in General NewsIn filings with regulators in Maine and California, the company said it discovered a cybersecurity incident on December 30 that prompted an investigation. Law enforcement and other governmental agencies were notified of the cyberattack.
Cyware News – Latest Cyber News – Read More
Chinese APT Hacks 48 Government Organizations
/in General NewsEarth Krahang, likely a penetration team of Chinese government contractor I-Soon, has compromised 48 government entities worldwide.
The post Chinese APT Hacks 48 Government Organizations appeared first on SecurityWeek.
SecurityWeek – Read More
Nations Direct Mortgage Data Breach Impacts 83,000 Individuals
/in General NewsNations Direct informs 83,000 individuals that their personal information was compromised in a data breach.
The post Nations Direct Mortgage Data Breach Impacts 83,000 Individuals appeared first on SecurityWeek.
SecurityWeek – Read More
‘Conversation Overflow’ Cyberattacks Bypass AI Security to Target Execs
/in General NewsCredential-stealing emails are getting past artificial intelligence’s “known good” email security controls by cloaking malicious payloads within seemingly benign emails. The tactic poses a significant threat to enterprise networks.
darkreading – Read More
Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks
/in General NewsThreat actors are leveraging digital document publishing (DDP) sites hosted on platforms like FlipSnack, Issuu, Marq, Publuu, RelayTo, and Simplebooklet for carrying out phishing, credential harvesting, and session token theft, once again underscoring how threat actors are repurposing legitimate services for malicious ends.
“Hosting phishing lures on DDP sites increases the likelihood
The Hacker News – Read More
Update: 133k+ Fortinet Appliances Still Vulnerable to CVE-2024-21762
/in General NewsThe wide geographic distribution of vulnerable SSL VPNs highlights the extensive attack surface for the critical vulnerability, with Asia having the highest number of exposed appliances.
Cyware News – Latest Cyber News – Read More
Crafting and Communicating Your Cybersecurity Strategy for Board Buy-In
/in General NewsIn an era where digital transformation drives business across sectors, cybersecurity has transcended its traditional operational role to become a cornerstone of corporate strategy and risk management. This evolution demands a shift in how cybersecurity leaders—particularly Chief Information Security Officers (CISOs)—articulate the value and urgency of cybersecurity investments to their boards.&
The Hacker News – Read More
PoC Exploit for Critical RCE in Fortra FileCatalyst Tool Released
/in General NewsThe critical vulnerability, tracked as CVE-2024-25153 with a CVSS score of 9.8, allows remote attackers to upload files outside the intended directory and execute arbitrary code.
Cyware News – Latest Cyber News – Read More
Aiohttp Vulnerability in Attacker Crosshairs
/in General NewsA recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group.
The post Aiohttp Vulnerability in Attacker Crosshairs appeared first on SecurityWeek.
SecurityWeek – Read More
UK Defence Secretary Jet Hit by Electronic Warfare Attack in Poland
/in General NewsRussian hackers launched an electronic warfare attack that disabled the GPS and communications systems of UK Defence Secretary Grant Shapps’ RAF Dassault Falcon 900 jet while flying near Kaliningrad.
Cyware News – Latest Cyber News – Read More