HAQ.NEWS

// jared folkins

# Latest Podcast

Today, learn about CloudRecon for SSL certificate-based asset discovery, a script for detecting Ivanti Connect Secure vulnerabilities, explore Web LLM attack techniques, apply Linux hardening techniques, understand crypto drainer risks in account takeovers, use Xeol Scanner to find outdated software, set up Caldera for cyber attack simulations, discover Linikatzv2 for Active Directory attacks, Ken Shirriff’s exploration of the Bendix CADC, and Ivanti’s critical security vulnerabilities requiring immediate mitigation.

Tradecraft

cloudrecon identifies hidden assets via ssl certificate scanning for red teamers and bug hunters.
http://www.kitploit.com/2024/01/cloudrecon-finding-assets-from.html

script detects ivanti connect secure vulnerabilities, use ivanti’s mitigations and integrity checker for safety.
https://github.com/yoryio/cve-2023-46805_cve-2024-21887_scanner

explore web llm attack techniques and defenses in new lab environments designed to mimic real-world scenarios.
https://www.reddit.com/r/netsec/comments/1985oxe/web_llm_attacks_techniques_labs/

enhance linux system security by applying distribution-agnostic hardening techniques like kernel and access control configuration, sandboxes, firewalls, and encryption.
https://madaidans-insecurities.github.io/guides/linux-hardening.html

account takeovers using crypto drainers are growing; protect with 2fa/mfa and be cautious of social engineering.
https://www.sentinelone.com/blog/the-rise-of-drainer-as-a-service-understanding-daas/

xeol scanner detects outdated software in container images, filesystems, and sboms, crucial for patching vulnerabilities.
https://securityonline.info/xeol-scanner-for-end-of-life-software-in-container-images-filesystems-and-sboms/

learn how to set up caldera for cyber attack simulations and improve your security defenses by adding agents and running operations.
https://infosecwriteups.com/adversary-simulation-detection-with-caldera-red-teamers-guide-8c1a5250d223

linikatzv2 is a unix tool for attacking active directory, providing credential theft and lateral movement capability.
https://securityonline.info/linikatzv2-a-tool-to-attack-active-directory-on-unix/

ken shirriff continues exploring the bendix cadc, focusing on mechanical pressure transducers converting air pressures into shaft rotations for aircraft data.
http://www.righto.com/2024/01/bendix-cadc-pressure-transducers.html

ivanti’s authentication bypass and command injection vulnerabilities allow unpatched remote attacks, apply interim xml mitigation immediately.
https://attackerkb.com/topics/aduh6by52k/cve-2023-46805/rapid7-analysis

News

majorca’s city calvià faces a €2m ransomware demand, collaboration with law enforcement and backups are critical for recovery.
https://www.bleepingcomputer.com/news/security/majorca-city-calvi-extorted-for-11m-in-ransomware-attack/

remcos rat malware spreads in south korea via adult games on webhards, stealing data with keylogging and other spy tactics.
https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html

vmware aria automation critical vulnerability found, update systems with provided patches to secure data and operations.
https://securityonline.info/cve-2023-34063-cvss-9-9-a-critical-flaw-in-vmware-aria-automation/

grub vulnerability cve-2023-4001 allows password bypass; red hat’s fix limits uuid scanning to initial boot device.
https://securityonline.info/bypassing-grub-security-how-cve-2023-4001-exploits-uefi-systems/

over 178,000 sonicwall firewalls risk dos and rce; update and isolate management interface recommended.
https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html

anonymous sudan claims cyberattack on london internet exchange in response to uk’s yemen airstrikes.
https://www.hackread.com/anonymous-sudan-london-internet-exchange-attack/

us court documents reveal phishing scams using bogus antivirus renewals.
https://www.bleepingcomputer.com/news/security/us-court-docs-expose-fake-antivirus-renewal-phishing-tactics/

macos users need updated antivirus to detect silent info-stealing malware threats.
https://securityonline.info/the-silent-threat-unmasking-undetected-macos-infostealers/

retail giant avoids hefty gdpr fines by fixing cookie consent mishaps with reflectiz’s exposure management solution.
https://thehackernews.com/2024/01/case-study-cookie-privacy-monster-in.html

attackers exploit patched windows smartscreen bug to install phemedrone stealer; update systems and monitor for compromise.
https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html

atlassian alerts users to patch critical rce vulnerability in legacy confluence versions.
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/

southeast asia sees a surge in cyberfraud and money laundering linked to illegal online casinos and cryptocurrency.
https://go.theregister.com/feed/www.theregister.com/2024/01/16/un_asia_tech_crime_report/

nine newly discovered security flaws in tianocore’s uefi edk ii network stack could let attackers hijack network boot operations if left unpatched.
http://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html

confluence data center and server critical rce vulnerability, patch immediately to prevent exploitation.
https://securityonline.info/cve-2023-22527-cvss-10-critical-rce-flaw-in-confluence-data-center-and-server/

vmware and atlassian release patches for critical security vulnerabilities; immediate update recommended.
https://go.theregister.com/feed/www.theregister.com/2024/01/16/patch_vmware_atlassian/

fincantieri’s u.s. firm suffered a ransomware attack exposing thousands of personal data records.
https://www.scmagazine.com/brief/data-breach-hits-navy-contractor-fincantieri-marine-group

fbi warns androxgh0st malware botnet targets aws, microsoft accounts for credential theft.
https://www.bleepingcomputer.com/news/security/fbi-androxgh0st-malware-botnet-steals-aws-microsoft-credentials/

firmware update fixes uefi bug causing insecure hvci configurations on windows.
https://tandasat.github.io/blog/2024/01/15/cve-2024-21305.html

pixiefail vulnerabilities affect pxe network booting in corporate environments, update needed.
https://www.bleepingcomputer.com/news/security/pixiefail-flaws-impact-pxe-network-boot-in-enterprise-systems/

inferno drainer malware scam nets $87 million, prompts vigilance against phishing and spoofed web3 protocols.
https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-01-17

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins