XSS-LOADER : Xss Payload Generator, Scanner & Dork Finder

From kalilinuxtutorials.com

XSS-LOADER : Xss Payload Generator, Scanner & Dork Finder

XSS-LOADER is a all in one tools for XSS PAYLOAD GENERATOR -XSS SCANNER-XSS DORK FINDER and this is written by Hulya Karabag.

  • This tool creates payload for use in xss injection
  • Select default payload tags from parameter or write your payload
  • It makes xss inj. with Xss Scanner parameter
  • It finds vulnerable sites url with Xss Dork Finder parameter

Read more…

Week in review: Python backdoor attacks, Windows zero-days under attack, crowdsourced pentesting

From helpnetsecurity.com

Here’s an overview of some of last week’s most interesting news and articles:

Government-backed cyber attackers increasingly targeting journalists
Since the start of the year, journalists and news outlets have become preferred targets of government-backed cyber attackers, Google’s Threat Analysis Group (TAG) has noticed.

Windows users under attack via two new RCE zero-days
Attackers are exploiting two new zero-days in the Windows Adobe Type Manager Library to achieve remote code execution on targeted Windows systems. While waiting for Microsoft to provides fixes, ACROS Security has released micropatches that can prevent remote attackers from exploiting the flaws.

Read more…

envizon-network visualization & vulnerability management/reporting

From github.com

This tool is designed, developed and supported by evait security. In order to give something back to the security community, we publish our internally used and developed, state of the art network visualization and vulnerability reporting tool, ‘envizon’. We hope your feedback will help to improve and hone it even further.

Read more…

SauronEye – Search Tool To Find Specific Files Containing Specific Words, I.E. Files Containing Passwords

From kitploit.com

Features:

  • Search multiple (network) drives
  • Search contents of files
  • Search contents of Microsoft Office files (.doc.docx.xls.xlsx)
  • Find VBA macros in old 2003 .xls and .doc files
  • Search multiple drives multi-threaded for increased performance
  • Supports regular expressions in search keywords
  • Compatible with Cobalt Strike’s execute-assembly

Read more…

FIN7 hackers target enterprises with weaponized USB drives via USPS

From securityaffairs.co

The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged into a computer.

“Recently, the cybercriminal group FIN7,1 known for targeting such businesses through phishing emails, deployed an additional tactic of mailing USB devices via the United States Postal Service (USPS).” reads the alert issued by the FBI. “The mailed packages sometimes include items like teddy bears or gift cards to employees of target companies working in the Human Resources (HR), Information Technology (IT), or Executive Management (EM) roles,”

Read more…

Home Routers Hijacked to Deliver Info-Stealing Malware “Oski”

From ehackingnews.com

The spread of malware through apps being downloaded by users in the name of ‘the latest information and instructions about COVID-19’ is amongst one of the most prevalent threats that have been observed since the outbreak of the novel Coronavirus. As a result, users were forced to download apps such as COVID19Tracker or Covid Lock from a website, the app locked victims outside their smartphones and asked for a ransom of $100 in Bitcoin for the release of their data. Consequently, attackers threatened them to leak all their contacts, media, and social media accounts online in case they failed to pay the ransom in due time.

Read more…