BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Authentication Bypass
- [webapps] Elber ESE DVB-S/S2 Satellite Receiver 1.5.x - Device Config
- [webapps] Elber Wayber Analog/Digital Audio STL 4.00 - Authentication Bypass
The CISO Role Is Changing. Can CISOs Themselves Keep Up?
/in General NewsWhat happens to security leaders that don’t communicate security well enough? “Ask SolarWinds.”
darkreading – Read More
Ivanti Breach Prompts CISA to Take Systems Offline
/in General NewsCISA has not confirmed which two systems it took offline or what kind of data was accessed.
darkreading – Read More
Sophisticated Vishing Campaigns Take World by Storm
/in General NewsOne South Korean victim gave up $3 million to cybercriminals, thanks to convincing law-enforcement impersonation scams that combine both psychology and technology.
darkreading – Read More
State Dept-backed report provides action plan to avoid catastrophic AI risks
/in General NewsWhile providing technical details on the risks of AI, the action plan also introduces policy proposals that can help the U.S. and its allies mitigate these risks.Read More
Security News | VentureBeat – Read More
The best security keys of 2024: Expert tested
/in General NewsWe tested the best security keys that can help keep your online accounts safe from hackers and phishing attacks.
Latest stories for ZDNET in Security – Read More
The 4 Big Questions the Pentagon’s New UFO Report Fails to Answer
/in General NewsThe Pentagon says it’s not hiding aliens, but it stops notably short of saying what it is hiding. Here are the key questions that remain unanswered—some answers could be weirder than UFOs.
Security Latest – Read More
Broadcom Merges Symantec and Carbon Black Into New Business Unit
/in General NewsFresh off its $69 billion acquisition of VMware, Broadcom creates an Enterprise Security Group unit that merges Symantec and Carbon Black.
The post Broadcom Merges Symantec and Carbon Black Into New Business Unit appeared first on SecurityWeek.
SecurityWeek – Read More
BianLian Group Exploits JetBrains TeamCity Bugs in Ransomware Attacks
/in General NewsThe BianLian ransomware group exploited vulnerabilities in JetBrains TeamCity software to gain initial access to target environments. The group attempted to execute a custom GO backdoor but switched to LotL and utilized a PowerShell backdoor instead.
Cyware News – Latest Cyber News – Read More
Fake Leather Wallet App on Apple App Store is a Crypto Drainer
/in General NewsThe developers of the Leather cryptocurrency wallet have issued a warning about a counterfeit app on the Apple App Store. This fake app has led to users reporting that it drains their wallets and steals their digital assets.
Cyware News – Latest Cyber News – Read More
New Banking Trojan CHAVECLOAK Targets Brazilian Users via Phishing Tactics
/in General NewsUsers in Brazil are the target of a new banking trojan known as CHAVECLOAK that’s propagated via phishing emails bearing PDF attachments.
“This intricate attack involves the PDF downloading a ZIP file and subsequently utilizing DLL side-loading techniques to execute the final malware,” Fortinet FortiGuard Labs researcher Cara Lin said.
The attack chain involves the use of
The Hacker News – Read More