# Latest Podcast
Today, learn about CloudRecon for SSL certificate-based asset discovery, a script for detecting Ivanti Connect Secure vulnerabilities, explore Web LLM attack techniques, apply Linux hardening techniques, understand crypto drainer risks in account takeovers, use Xeol Scanner to find outdated software, set up Caldera for cyber attack simulations, discover Linikatzv2 for Active Directory attacks, Ken Shirriff’s exploration of the Bendix CADC, and Ivanti’s critical security vulnerabilities requiring immediate mitigation.
Tradecraft
cloudrecon identifies hidden assets via ssl certificate scanning for red teamers and bug hunters.
http://www.kitploit.com/2024/01/cloudrecon-finding-assets-from.html
script detects ivanti connect secure vulnerabilities, use ivanti’s mitigations and integrity checker for safety.
https://github.com/yoryio/cve-2023-46805_cve-2024-21887_scanner
explore web llm attack techniques and defenses in new lab environments designed to mimic real-world scenarios.
https://www.reddit.com/r/netsec/comments/1985oxe/web_llm_attacks_techniques_labs/
enhance linux system security by applying distribution-agnostic hardening techniques like kernel and access control configuration, sandboxes, firewalls, and encryption.
https://madaidans-insecurities.github.io/guides/linux-hardening.html
account takeovers using crypto drainers are growing; protect with 2fa/mfa and be cautious of social engineering.
https://www.sentinelone.com/blog/the-rise-of-drainer-as-a-service-understanding-daas/
xeol scanner detects outdated software in container images, filesystems, and sboms, crucial for patching vulnerabilities.
https://securityonline.info/xeol-scanner-for-end-of-life-software-in-container-images-filesystems-and-sboms/
learn how to set up caldera for cyber attack simulations and improve your security defenses by adding agents and running operations.
https://infosecwriteups.com/adversary-simulation-detection-with-caldera-red-teamers-guide-8c1a5250d223
linikatzv2 is a unix tool for attacking active directory, providing credential theft and lateral movement capability.
https://securityonline.info/linikatzv2-a-tool-to-attack-active-directory-on-unix/
ken shirriff continues exploring the bendix cadc, focusing on mechanical pressure transducers converting air pressures into shaft rotations for aircraft data.
http://www.righto.com/2024/01/bendix-cadc-pressure-transducers.html
ivanti’s authentication bypass and command injection vulnerabilities allow unpatched remote attacks, apply interim xml mitigation immediately.
https://attackerkb.com/topics/aduh6by52k/cve-2023-46805/rapid7-analysis
News
majorca’s city calvià faces a €2m ransomware demand, collaboration with law enforcement and backups are critical for recovery.
https://www.bleepingcomputer.com/news/security/majorca-city-calvi-extorted-for-11m-in-ransomware-attack/
remcos rat malware spreads in south korea via adult games on webhards, stealing data with keylogging and other spy tactics.
https://thehackernews.com/2024/01/remcos-rat-spreading-through-adult.html
vmware aria automation critical vulnerability found, update systems with provided patches to secure data and operations.
https://securityonline.info/cve-2023-34063-cvss-9-9-a-critical-flaw-in-vmware-aria-automation/
grub vulnerability cve-2023-4001 allows password bypass; red hat’s fix limits uuid scanning to initial boot device.
https://securityonline.info/bypassing-grub-security-how-cve-2023-4001-exploits-uefi-systems/
over 178,000 sonicwall firewalls risk dos and rce; update and isolate management interface recommended.
https://thehackernews.com/2024/01/alert-over-178000-sonicwall-firewalls.html
anonymous sudan claims cyberattack on london internet exchange in response to uk’s yemen airstrikes.
https://www.hackread.com/anonymous-sudan-london-internet-exchange-attack/
us court documents reveal phishing scams using bogus antivirus renewals.
https://www.bleepingcomputer.com/news/security/us-court-docs-expose-fake-antivirus-renewal-phishing-tactics/
macos users need updated antivirus to detect silent info-stealing malware threats.
https://securityonline.info/the-silent-threat-unmasking-undetected-macos-infostealers/
retail giant avoids hefty gdpr fines by fixing cookie consent mishaps with reflectiz’s exposure management solution.
https://thehackernews.com/2024/01/case-study-cookie-privacy-monster-in.html
attackers exploit patched windows smartscreen bug to install phemedrone stealer; update systems and monitor for compromise.
https://thehackernews.com/2024/01/hackers-weaponize-windows-flaw-to.html
atlassian alerts users to patch critical rce vulnerability in legacy confluence versions.
https://www.bleepingcomputer.com/news/security/atlassian-warns-of-critical-rce-flaw-in-older-confluence-versions/
southeast asia sees a surge in cyberfraud and money laundering linked to illegal online casinos and cryptocurrency.
https://go.theregister.com/feed/www.theregister.com/2024/01/16/un_asia_tech_crime_report/
nine newly discovered security flaws in tianocore’s uefi edk ii network stack could let attackers hijack network boot operations if left unpatched.
http://blog.quarkslab.com/pixiefail-nine-vulnerabilities-in-tianocores-edk-ii-ipv6-network-stack.html
confluence data center and server critical rce vulnerability, patch immediately to prevent exploitation.
https://securityonline.info/cve-2023-22527-cvss-10-critical-rce-flaw-in-confluence-data-center-and-server/
vmware and atlassian release patches for critical security vulnerabilities; immediate update recommended.
https://go.theregister.com/feed/www.theregister.com/2024/01/16/patch_vmware_atlassian/
fincantieri’s u.s. firm suffered a ransomware attack exposing thousands of personal data records.
https://www.scmagazine.com/brief/data-breach-hits-navy-contractor-fincantieri-marine-group
fbi warns androxgh0st malware botnet targets aws, microsoft accounts for credential theft.
https://www.bleepingcomputer.com/news/security/fbi-androxgh0st-malware-botnet-steals-aws-microsoft-credentials/
firmware update fixes uefi bug causing insecure hvci configurations on windows.
https://tandasat.github.io/blog/2024/01/15/cve-2024-21305.html
pixiefail vulnerabilities affect pxe network booting in corporate environments, update needed.
https://www.bleepingcomputer.com/news/security/pixiefail-flaws-impact-pxe-network-boot-in-enterprise-systems/
inferno drainer malware scam nets $87 million, prompts vigilance against phishing and spoofed web3 protocols.
https://thehackernews.com/2024/01/inferno-malware-masqueraded-as-coinbase.html