HAQ.NEWS

// jared folkins

# Latest Podcast

Today, explore ChopChopGo for rapid Linux log threat hunting, Novaldr’s Rust-based malware techniques, Ghidra for Android app reverse engineering, basics of Hashcat for ethical password cracking, FalconHound as a Blue Team multitool, ADCsync for NTLM hash extraction, and Evernote’s MacOS flaw with Electroniz3r detection.

Tradecraft

chopchopgo is a tool for fast threat hunting in linux logs using sigma rules.
https://securityonline.info/chopchopgo-rapidly-search-and-hunt-through-linux-forensics-artifacts/

novaldr is a rust-based malware tool showcasing advanced evasion techniques and code encryption for educational purposes.
https://securityonline.info/novaldr-threadless-module-stomping-in-rust/

learn to reverse engineer and decrypt strings in android apps with ghidra using emulation and python automation.
https://blog.nviso.eu/2024/01/15/deobfuscating-android-arm64-strings-with-ghidra-emulating-patching-and-automating/

learn the basics of using hashcat for ethical password cracking, including installation, commands, and attack modes.
https://infosecwriteups.com/unraveling-hashcat-a-beginners-guide-to-password-cracking-1628b839710b

falconhound is a multi-tool for blue teams to automate and enhance bloodhound data analysis.
http://www.kitploit.com/2024/01/falconhound-blue-team-multi-tool-it.html

adcsync tool uses esc1 exploit to extract ntlm hashes without direct drsuapi or volume shadow copy methods.
http://www.kitploit.com/2024/01/adcsync-use-esc1-to-perform-makeshift.html

evernote for macos critical flaw allows remote code execution, use electroniz3r to detect and exploit.
https://securityonline.info/cve-2023-50643-evernote-remote-code-execution-flaw-poc-published/

News

google clarifies incognito mode preserves device-level privacy, not against websites, amid lawsuit.
https://www.malwarebytes.com/blog/news/2024/01/google-changes-wording-for-incognito-browsing-in-chrome

nigerian cybersecurity specialist suggests training online fraudsters for legit tech jobs instead of jailing them.
https://www.darkreading.com/cybersecurity-operations/nigerian-law-enforcement-agency-advised-to-retrain-african-cybercriminals

vmware’s vcenter critical rce bug cve-2023-34048 actively exploited, patch immediately.
https://securityonline.info/vmware-confirms-cve-2023-34048-rce-flaw-in-vcenter-exploited-in-the-wild/

new nft scam uses spoofed transactions and phishing sites to steal wallet funds, verify sources before engaging.
https://research.checkpoint.com/2024/check-point-research-alerts-on-a-new-nft-airdrop-campaign/

npm oscompatible package contained a rat, misused a signed microsoft binary, quickly revoked after discovery.
https://www.reddit.com/r/netsec/comments/19a9634/npm_package_found_delivering_rat_through_signed/

avoid pirated macos software to prevent backdoor malware infections from chinese sites.
https://thehackernews.com/2024/01/experts-warn-of-macos-backdoor-hidden.html

slippy-book rce affects linux distros; users should update and patch systems immediately.
https://securityonline.info/breaking-down-slippy-book-the-new-rce-flaw-in-linux-distros/

new malicious python script on macos replaces wallet apps with rogue versions, check and secure your system.
https://isc.sans.edu/diary/rss/30572

mit researchers show ambient light sensors in phones could stealthily record gestures; suggest slowing sensor rates for privacy.
https://www.darkreading.com/endpoint-security/iphone-android-ambient-light-sensors-stealthy-spying

vf corporation cyberattack affects 35.5 million customers; attackers’ stolen data type unknown, core customer financials secure.
https://go.theregister.com/feed/www.theregister.com/2024/01/19/vf_corp_ransomware_impact/

vmware announces critical updates for vcener server to patch remote code execution and data leak vulnerabilities.
https://www.vmware.com/security/advisories/vmsa-2023-0023.html

npm “oscompatible” package installs trojan and remote access tools; remove if downloaded and strengthen open-source software security practices.
https://thehackernews.com/2024/01/npm-trojan-bypasses-uac-installs.html

cisa warns agencies to fix ivanti epmm vulnerability cve-2023-35082 by february 8 to prevent unauthorized access and data leaks.
https://securityaffairs.com/157746/hacking/cisa-ivanti-epmm-actively-exploited.html

new outlook calendar exploit leaks ntlm v2 passwords; patch your systems now.
https://securityonline.info/new-outlook-exploit-unveiled-cve-2023-35636-leads-to-ntlm-v2-password-breach/

microsoft uncovers new sophisticated phishing tactics by iranian group mint sandstorm targeting academics in middle eastern affairs.
https://www.microsoft.com/en-us/security/blog/2024/01/17/new-ttps-observed-in-mint-sandstorm-campaign-targeting-high-profile-individuals-at-universities-and-research-orgs/

iran’s mint sandstorm campaign targets israel with sophisticated phishing to support hamas.
https://www.hackread.com/iran-mint-sandstorm-hamas-israel-phishing-scam/

german it consultant fined for exposing and reporting a password-protected database’s security flaws.
https://go.theregister.com/feed/www.theregister.com/2024/01/19/germany_fine_security/

upgrade apache activemq to fix critical vulnerability and prevent godzilla webshell attacks.
https://securityonline.info/a-stealthy-godzilla-webshell-a-new-threat-targeting-apache-activemq/

youtube crypto scams use deepfakes and qr codes, so always verify claims and use 2fa on accounts.
https://www.hackread.com/youtube-crypto-con-scammers-deepfakes-qr-codes/

the ftc prohibits another data broker from selling personal location data.
https://www.bleepingcomputer.com/news/security/ftc-bans-one-more-data-broker-from-selling-your-location-info/

the 7777 botnet exploits vulnerabilities in tp-link, xiongmai, and hikvision devices, require immediate firmware updates.
https://securityonline.info/the-7777-botnet-exploit-a-new-threat-to-tp-link-xiongmai-and-hikvision/

ransomware attackers now exploit teamviewer to infiltrate networks, ensure strong authentication and monitoring to counter.
https://www.bleepingcomputer.com/news/security/teamviewer-abused-to-breach-networks-in-new-ransomware-attacks/

over 2,100 ivanti vpns were hacked using cve-2024-21887 and cve-2023-46805; apply patches and check system integrity.
https://securityonline.info/over-2100-ivanti-vpns-compromised-the-giftedvisitor-webshell-threat/

chinese hackers used a vmware vulnerability as a zero-day for two years for espionage.
https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-vmware-bug-as-zero-day-for-two-years/

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-01-20

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins