BackBox News
Latest news and insights on Security
Company Blogs
Hacking Tools
- SafeLine - Serve As A Reverse Proxy To Protect Your Web Services From Attacks And Exploits
- PolyDrop - A BYOSI (Bring-Your-Own-Script-Interpreter) Rapid Payload Deployment Toolkit
- Secator - The Pentester'S Swiss Knife
- Damn-Vulnerable-Drone - An Intentionally Vulnerable Drone Hacking Simulator Based On The Popular ArduPilot/MAVLink Architecture, Providing A Realistic Environment For Hands-On Drone Hacking
- File-Unpumper - Tool That Can Be Used To Trim Useless Things From A PE File Such As The Things A File Pumper Would Add
- Mass-Assigner - Simple Tool Made To Probe For Mass Assignment Vulnerability Through JSON Field Modification In HTTP Requests
- Imperius - Make An Linux Kernel Rootkit Visible Again
- BYOSI - Evade EDR's The Simple Way, By Not Touching Any Of The API's They Hook
- Psobf - PowerShell Obfuscator
- ModTracer - ModTracer Finds Hidden Linux Kernel Rootkits And Then Make Visible Again
Exploit DB
- [webapps] SOPlanning 1.52.01 (Simple Online Planning Tool) - Remote Code Execution (RCE) (Authenticated)
- [webapps] dizqueTV 1.5.3 - Remote Code Execution (RCE)
- [webapps] openSIS 9.1 - SQLi (Authenticated)
- [webapps] reNgine 2.2.0 - Command Injection (Authenticated)
- [dos] Windows TCP/IP - RCE Checker and Denial of Service
- [webapps] Gitea 1.22.0 - Stored XSS
- [webapps] Invesalius3 - Remote Code Execution
- [webapps] NoteMark < 0.13.0 - Stored XSS
New Variant of DLL Search Order Hijacking Bypasses Windows 10 and 11 Protections
/in General NewsSecurity researchers have detailed a new variant of a dynamic link library (DLL) search order hijacking technique that could be used by threat actors to bypass security mechanisms and achieve execution of malicious code on systems running Microsoft Windows 10 and Windows 11.
The approach “leverages executables commonly found in the trusted WinSxS folder and exploits them via the classic DLL
The Hacker News – Read More
New Terrapin Flaw Could Let Attackers Downgrade SSH Protocol Security
/in General NewsSecurity researchers from Ruhr University Bochum have discovered a vulnerability in the Secure Shell (SSH) cryptographic network protocol that could allow an attacker to downgrade the connection’s security by breaking the integrity of the secure channel.
Called Terrapin (CVE-2023-48795, CVSS score: 5.9), the exploit has been described as the “first ever practically exploitable prefix
The Hacker News – Read More
New JinxLoader Targeting Users with Formbook and XLoader Malware
/in General NewsA new Go-based malware loader called JinxLoader is being used by threat actors to deliver next-stage payloads such as Formbook and its successor XLoader.
The disclosure comes from cybersecurity firms Palo Alto Networks Unit 42 and Symantec, both of which highlighted multi-step attack sequences that led to the deployment of JinxLoader through phishing attacks.
“The
The Hacker News – Read More
Microsoft Disables App Installer After Feature is Abused for Malware
/in General NewsBy Deeba Ahmed
According to the Microsoft Threat Intelligence Team, threat actors labeled as ‘financially motivated’ utilize the ms-appinstaller URI scheme for malware distribution.
This is a post from HackRead.com Read the original post: Microsoft Disables App Installer After Feature is Abused for Malware
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Google Fixes Nearly 100 Android Security Issues
/in General NewsPlus: Apple shuts down a Flipper Zero Attack, Microsoft patches more than 30 vulnerabilities, and more critical updates for the last month of 2023.
Security Latest – Read More
Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’
/in General NewsGoogle agreed to settle a $5 billion privacy lawsuit claiming that it continued spying on people who used the “incognito” mode in its Chrome browser.
The post Google Settles $5 Billion Privacy Lawsuit Over Tracking People Using ‘Incognito Mode’ appeared first on SecurityWeek.
SecurityWeek – Read More
China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
/in General NewsBy Deeba Ahmed
The police arrested two suspects in Beijing and two in Inner Mongolia.
This is a post from HackRead.com Read the original post: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks
Hackread – Latest Cybersecurity News, Press Releases & Technology Today – Read More
Beware: Scam-as-a-Service Aiding Cybercriminals in Crypto Wallet-Draining Attacks
/in General NewsCybersecurity researchers are warning about an increase in phishing attacks that are capable of draining cryptocurrency wallets.
“These threats are unique in their approach, targeting a wide range of blockchain networks, from Ethereum and Binance Smart Chain to Polygon, Avalanche, and almost 20 other networks by using a crypto wallet-draining technique,” Check Point researchers Oded Vanunu,
The Hacker News – Read More
Info-Stealing Malware Now Includes Google Session Hijacking
/in General NewsMultiple malware-as-a-service info stealers now have the ability to manipulate authentication tokens to gain persistent access to a victim’s Google account, even after the user has reset their password.
Cyware News – Latest Cyber News – Read More
Kimsuky Hackers Deploying AppleSeed, Meterpreter, and TinyNuke in Latest Attacks
/in General NewsThe North Korean Kimsuky APT has recently been observed using a new variant called AlphaSeed, written in Golang, which uses chromedp for communication with the command-and-control server.
Cyware News – Latest Cyber News – Read More