Month: November 2018

NEW TOOLSJavaScriptFuzzerXSSParameterXSS PayloadsXSSFuzzer

XSSFuzzer – A Tool Which Generates XSS Payloads Based On User-Defined Vectors And Fuzzing Lists

XSS Fuzzer is a simple application written in plain HTML/JavaScript/CSS which generates XSS payloads based on user-defined vectors using multiple placeholders which are replaced with fuzzing lists.It offers the possibility to just generate the payloads as plain-text or to execute them inside an iframe. Inside iframes, it is possible to send GET or POST requests from the browser to arbitrary URLs using generated payloads.Why?XSS Fuzzer is a generic tool that can be useful for multiple purposes, including:Finding new XSS vectors, for any browserTesting XSS…


CommBank Brandjacked In Phishing Email Scam.

Exercise caution if you receive an email claiming to be from the Commonwealth Bank (CommBank). It is part of a phishing scam designed to trick bank customers into giving up their confidential details. Having incorporated the logo and branding of the bank, the email uses a display name of “CommBank”. MailGuard discovered the email actually comes from a compromised email address belonging to a Research Institute in Sweden. The body of the email is relatively simple and short, notifying the recipient that some error(s)…

Cyber ThreatsEDITOR’S NEWS

Researchers at Tenable discover a serious vulnerability in Zoom Conferencing

Yesterday, cybersecurity company Tenable announced that its research team has discovered a serious vulnerability in Zoom’s Desktop Conferencing Application [CVE-2018-15715] that would allow a remote attacker or rogue meeting attendee to hijack screen controls, impersonate meeting attendees via chat messages and kick attendees out of meetings. The flaw exposes up to 750,000 companies around the world that use Zoom to conduct day-to-day business. A cyber criminal could leverage the vulnerability to: Hijack screen control: Bypass screen control permissions during remote attendee screen share to…

Cyber ThreatsNEWS

BlackBerry To Help Improve Digital Infrastructure For Healthcare.

BlackBerry Limited (NYSE: BB; TSX: BB) announced today it has become a HIMSS Analytics Certified Consultant to help address the digital infrastructure needs of healthcare organizations around the world. As a Certified Consultant, BlackBerry will guide healthcare organizations through the stages of the Infrastructure Adoption Model (INFRAM), HIMSS Analytics’ newest Maturity Model. Professionally trained on the INFRAM, BlackBerry’s cybersecurity experts can assess a healthcare organization’s infrastructure architecture and help them achieve their desired INFRAM score. Similar to the HIMSS Analytics Electronic Medical Record Adoption…


Three Steps To Justifying An Investment In IT Security.

By Matt Middleton-Leal, EMEA General Manager at Netwrix As there is no such thing as 100 percent secure and as data breaches continue to hit the headlines, investments in IT security never seem to be quite enough. When it comes to budgeting, the role of a Chief Information Security Officer (CISO) is to prioritise available resources based on the IT risks the organisation faces and justify additional investments when and where needed to executives. Of course, this is easier said than done. Many CISOs…

NEW TOOLSMacAcousticEavesdropKbd-AudioMicrophone Audio Capture

Kbd-Audio – Tools For Capturing And Analysing Keyboard Input Paired With Microphone Capture

This is a collection of command-line and GUI tools for capturing and analyzing audio data. The most interesting tool is called keytap - it can guess pressed keyboard keys only by analyzing the audio captured from the computer's microphone.Build instructionsDependencies:SDL2 - used to capture audio and to open GUI windows libsdlFFTW3 - some of the helper tools perform Fourier transformations fftwLinux and Mac OSgit clone kbd-audiogit submodule update --initmkdir build && cd buildcmake ..makeWindows(todo, PRs welcome)Toolsrecord-fullRecord audio to a raw binary file on…

NEW TOOLSMacShodanKamerka

Kamerka – Build Interactive Map Of Cameras From Shodan

Build an interactive map of cameras from Shodan.The script creates a map of Shodan cameras based on your address or coordinates. install -r requirements.txtChange API_KEY in line 14RestrictionsIt can be used only with a paid Shodan plan. Build with Python 2.Usageroot@kali: python --address "White House"White House, 1600, Pennsylvania Avenue Northwest, Golden Triangle, Washington, D.C., 20500, USAFound 81 resultsIP:,,,, map as White --coordinates "x.y,x.y" --dark --radius 4 OtherDo not test on devices you don't…

Security FeedsAPTTargeted AttacksSpear PhishingConferences

First Annual Cyberwarcon

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. “CyberwarCon is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our society through cyber capabilities. We are increasingly concerned that aggressive behavior in this space is not abating and public discourse is necessary to shore up our defenses and prepare for inevitable incidents”. The list of speakers was diverse in their interests, from big data…

Cyber ThreatsVIEWPOINT

Businesses Not Investing Enough In Endpoint Security.

Tony Lee, Managing Director, Panda Security UK For decades, firewalls were considered the principal method of online security; providing a threat originated from outside a business’ security network, the firewall would intercept it and manage it accordingly. However, while cyber attacks have evolved and become more sophisticated in their execution, the basic function of a firewall has remained the same: prevent unauthorised access to or from a private network. So what if a threat originates from inside the network perimeter and via an endpoint…