# Latest Podcast
Today, learn about a Confluence template injection vulnerability enabling remote code execution, a unique Game Boy Advance ROM data glitch, a comprehensive eBook on proactive threat hunting, Uscrapper 2.0 for advanced OSINT web scraping, GraphStrike for command and control via Microsoft Graph API, decrypting AsyncRAT configurations, finding unprotected databases with Netlas.io, Binary Ninja tutorials for reverse engineering, OSINT and GEOINT techniques in a Bodrum counterfeit money case, GAP-Burp-Extension for enhanced parameter testing, mitigating risks from Google Dorking in Belgian web applications, and exploiting SeBackupPrivilege for domain escalation.
Tradecraft
Confluence template injection vulnerability allows unauthenticated remote code execution; detection template found in the following yaml.
https://github.com/projectdiscovery/nuclei-templates/blob/aba6b4ed2d5ba6a7bba776e10e45e792a8349c3c/http/cves/2023/CVE-2023-22527.yaml
Crash-induced sound glitch exposes Game Boy Advance ROM data by preventing audio buffer reset, enabling memory read beyond buffer limits.
https://www.reddit.com/r/ReverseEngineering/comments/19cdru9/dumping_the_rom_of_a_game_boy_advance_game_by/
Learn proactive threat hunting to detect and combat sophisticated cyberattacks with a comprehensive ebook guide.
https://payhip.com/b/xLoEW
Uscrapper 2.0 is an enhanced OSINT webscraper that extracts personal data from websites using advanced anti-web scraping bypass methods and multithreading.
http://www.kitploit.com/2024/01/uscrapper-powerful-osint-webscraper-for.html
GraphStrike uses Microsoft Graph API to stealthily handle command and control traffic for Cobalt Strike’s HTTPS Beacon via SharePoint files.
https://github.com/RedSiege/GraphStrike
Securityinbits details methods for decrypting AsyncRAT configurations and analyzing associated salts to better understand this malware.
https://www.reddit.com/r/ReverseEngineering/comments/19cns6s/asyncrat_config_decryption_techniques_and_salt/
Netlas.io shows how to find unprotected MongoDB, CouchDB, and other databases that may be vulnerable to unauthorized access or attacks.
https://netlas.medium.com/how-to-find-unprotected-databases-with-netlas-io-chapter-2-ba71b07c9630
Check out our latest Binary Ninja tutorials for reversing flows and automating scripts.
http://console-cowboys.blogspot.com/2024/01/learning-binary-ninja-for-reverse.html
The blog describes using OSINT and GEOINT to pinpoint the location of a counterfeit money video in Bodrum, Turkey through various digital investigation tools.
https://medium.com/@ronkaminskyy/geolocating-counterfeit-money-stacks-via-osint-socmint-47fe82ba1c8a
The GAP-Burp-Extension helps find extra potential parameters for testing, links for attempts, and generates custom wordlists for fuzzing.
https://securityonline.info/gap-burp-extension-find-more-potential-parameters-and-potential-links/
Google Dorking can expose vulnerabilities in Belgian web applications, but regular security audits and a well-configured robots.txt can mitigate risks.
https://blog.nviso.eu/2024/01/22/is-the-google-search-bar-enough-to-hack-belgium-companies/
Learn to exploit the SeBackupPrivilege for domain escalation by using tools like RegSave and Impacket to dump and analyze registry hives.
https://pentestlab.blog/2024/01/22/domain-escalation-backup-operator/
News
LockBit ransomware gang claims to have breached Subway’s database and is threatening to sell sensitive data unless the company responds to their demands.
https://go.theregister.com/feed/www.theregister.com/2024/01/22/subways_data_toasted_by_lockbit/
French CNIL fines Yahoo €10M for misleading users who denied cookie tracking, invalidating their refusals.
https://packetstormsecurity.com/news/view/35422/France-Fines-Yahoo-10-Million-Euros-Over-Cookie-Abuses.html
Gambio 4.9.2.0 has a critical insecure deserialization issue, unresolved by the vendor, allowing remote code execution; disabling the Parcelshopfinder’s AddAddressBookEntry function is advised as a temporary fix.
https://herolab.usd.de/security-advisories/usd-2023-0046/
Coldriver, suspected Russian hackers, use spear phishing and a Rust-based backdoor named Spica to target officials, and a YARA rule to detect it is shared.
https://www.malwarebytes.com/blog/news/2024/01/coldriver-threat-group-targets-high-ranking-officials-to-obtain-credentials
Apache ActiveMQ has a critical flaw now exploited to deliver the Godzilla web shell, and users should update to the latest version to prevent attacks.
https://thehackernews.com/2024/01/apache-activemq-flaw-exploited-in-new.html
Hackers can hijack Java and Android apps using MavenGate, targeting abandoned libraries; developers should secure dependencies proactively.
https://thehackernews.com/2024/01/hackers-hijack-popular-java-and-android.html
Ivanti bundled multiple vulnerabilities under one CVE ID, while Juniper didn’t assign CVEs at all for recent security flaws, against industry best practice.
https://go.theregister.com/feed/www.theregister.com/2024/01/22/ivanti_and_juniper_networks_criics_unhappy/
LoanDepot confirms a ransomware attack impacted 16.6 million individuals, now offering free credit monitoring and protection services.
https://www.securityweek.com/loandepot-breach-16-6-million-people-impacted/
The Brave browser will modify its anti-fingerprinting defenses due to usability issues on numerous websites.
https://www.bleepingcomputer.com/news/security/brave-to-end-strict-fingerprinting-protection-as-it-breaks-websites/
Spring Framework versions 6.0.15 and 6.1.2 have a DoS bug, CVE-2024-22233; update to 6.0.16 or 6.1.3 respectively to fix it.
https://securityonline.info/cve-2024-22233-a-high-severity-spring-framework-vulnerability/
Google patched a critical Chrome RCE flaw (CVE-2024-0517); users should update to the latest version immediately.
https://securityonline.info/experts-reveal-details-and-poc-on-chrome-cve-2024-0517-rce-flaw/
Major cyber incidents include a state-sponsored attack on Microsoft, LockBit hitting a semiconductor firm, and hospitals under ransomware siege, with protections available from Check Point.
https://research.checkpoint.com/2024/22nd-january-threat-intelligence-report/
A new JAVA-based malware steals sensitive data through cracked software using Discord, highlighting the urgency for improved cybersecurity.
https://securityonline.info/researcher-warns-java-based-stealer-spreads-via-cracked-software/
Update Python’s Pillow to version 10.2.0 to fix a critical code execution flaw via its ’eval’ function, identified as CVE-2023-50447.
https://securityonline.info/pillows-critical-flaw-cve-2023-50447-exposes-python-projects-to-risk/
Critical vulnerability CVE-2023-40051 in Progress OpenEdge allows unintended file uploads; patch versions 11.7.18, 12.2.13, and 12.8.0 or set a non-existent ‘fileUploadDirectory’ as a workaround.
https://securityonline.info/cve-2023-40051-critical-progress-openedge-vulnerability-threatens-server-security/
The Chae$ 4.1 malware uses advanced polymorphism and a new Chronod module to evade detection and steal sensitive information; update systems and use multi-layered security to protect against it.
https://www.hackread.com/fake-fix-chaes-4-1-malware-hides-driver-downloads/
Kaspersky Labs exposes a multi-stage macOS backdoor in cracked apps that steals cryptocurrency from users’ wallets.
https://securityonline.info/unpacking-the-latest-macos-backdoor-unleashed-by-cracked-apps/
TietoEVRY suffers ransomware attack, affecting Swedish businesses and municipalities, necessitating recovery measures.
https://www.bleepingcomputer.com/news/security/tietoevry-ransomware-attack-causes-outages-for-swedish-firms-cities/
EFF’s Street Surveillance Hub reveals high-tech policing tools often fail and advises supporting local legislation to protect privacy.
https://go.theregister.com/feed/www.theregister.com/2024/01/22/eff_privacy_atlas/
Unit 42 reveals Parrot TDS malware injecting scripts into web pages globally; website admins must audit and monitor PHP files for unusual activity to combat it.
https://securityonline.info/unit-42-exposes-parrot-tds-a-global-malware-menace/
The Web-@nywhere Watch offers a way to access parts of the internet directly from your wrist.
https://www.reddit.com/r/ReverseEngineering/comments/19cj1ew/reversing_the_webnywhere_watch_browse_fragments/
ScarCruft, a North Korean hacker group, is using decoy threat intelligence reports to spread RokRAT malware targeting cyber experts.
https://thehackernews.com/2024/01/north-korean-hackers-weaponize-fake.html
WifiKey AC Gateway has a pre-auth RCE vulnerability exposing devices to remote attacks; vendor patch required.
https://www.reddit.com/r/netsec/comments/19d06rv/how_a_vulnerability_in_wifikeys_ac_gateway_allows/
Cybersecurity experts discuss methods to identify AI bots on social media by their distinct phrases and response behaviors.
https://www.schneier.com/blog/archives/2024/01/ai-bots-on-x-twitter.html
Researchers uncover NS-STEALER malware that uses Discord bots to siphon sensitive data from various browsers.
https://thehackernews.com/2024/01/ns-stealer-uses-discord-bots-to.html
ASUS released an update for Armoury Crate—V4.1.0.8 to patch a critical arbitrary file-write flaw, CVE-2023-5716.
https://securityonline.info/cve-2023-5716-alert-critical-flaw-in-asus-armoury-crate-exposed/
Pirated macOS applications from Chinese sites install backdoors and download payloads to secretly compromise systems.
https://securityaffairs.com/157835/malware/backdoored-pirated-applications-targets-macos.html
Trezor’s fake support page leak exposed personal info of 66,000 users, always verify URLs to avoid phishing.
https://www.bleepingcomputer.com/news/security/trezor-support-site-breach-exposes-personal-data-of-66-000-customers/
UK’s ICO fined LADH Limited £50,000 for sending over 31,000 unsolicited debt help texts without consent, violating the Privacy and Electronic Communications Regulations.
https://go.theregister.com/feed/www.theregister.com/2024/01/22/ico_fines_spam_slinging_financial/
LockBit ransomware gang claimed an attack on Subway, threatening to leak sensitive franchise data by February 2024 unless protected.
https://securityaffairs.com/157852/cyber-crime/lockbit-hacked-sandwich-chain-subway.html
BreachForums’ admin sentenced, new UEFI flaw risks enterprise systems, actively exploited Chrome zero-day, and a simple iOS log file check reveals spyware.
https://go.theregister.com/feed/www.theregister.com/2024/01/22/infosec_news_roundup/
FTC orders InMarket Media to stop selling sensitive location data without user consent and delete existing data collected.
https://thehackernews.com/2024/01/ftc-bans-inmarket-for-selling-precise.html
Massive Thai personal data leaked on dark web, action needed to secure affected systems and monitor for identity theft.
https://securityaffairs.com/157870/data-breach/resecurity-massive-thailand-data-leak.html
Ivanti VPN appliances remain vulnerable if configurations are pushed post-mitigation, necessitating a proper update to secure them.
https://www.bleepingcomputer.com/news/security/ivanti-vpn-appliances-vulnerable-if-pushing-configs-after-mitigation/
Outdated Atlassian Confluence servers are being targeted for remote code execution attacks; update your system to versions after December 5, 2023, to secure it.
https://www.bleepingcomputer.com/news/security/hackers-start-exploiting-critical-atlassian-confluence-rce-flaw/
