HAQ.NEWS

// jared folkins

# Latest Podcast

Today, explore ODAT for Oracle Database security testing, including SID discovery and remote command execution. Discover a GitHub repository with educational malware sample builders, Rayder for automating command-line tasks in bug hunting, new techniques to bypass EDR using LoLBins, and BrowserStealer for extracting sensitive data from web browsers.

Tradecraft

The GitHub repository contains a collection of malware sample builders, educational only, with a reminder of lawful use for research and risk awareness. https://github.com/yuankong666/Ultimate-RAT-Collection

ODAT is a tool for testing Oracle Databases security, allowing SID discovery, privilege escalation, and command execution remotely.
https://github.com/quentinhardy/odat

Rayder is a tool that uses YAML files to automate and organize command-line tasks for bug hunting and pentesting.
http://www.kitploit.com/2024/01/rayder-lightweight-tool-for.html

Discovering new techniques to bypass EDR using lesser-known LoLBins and proving it with hands-on hacker meetups.
https://bishopfox.com/blog/edr-bypass-with-lolbins

BrowserStealer is a tool for extracting passwords, cookies, and other data from various web browsers.
https://github.com/SaulBerrenson/BrowserStealer

News

Baltimore man charged for selling over 5,000 victims’ personal information to fraudsters, faces 20 years in prison without using VPN protection. https://go.theregister.com/feed/www.theregister.com/2024/01/23/serial_data_peddler_faces_prison/

Fortra reveals critical authentication bypass in GoAnywhere MFT; immediate patching recommended. https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/

Cracked macOS apps are siphoning funds by executing scripts obtained from DNS records, highlighting the risk of using pirated software. https://www.bleepingcomputer.com/news/security/cracked-macos-apps-drain-wallets-using-scripts-fetched-from-dns-records/

Malware named “WS” is planting stolen data scripts in PyPI; confirm package integrity to mitigate risk. https://securityonline.info/the-python-package-index-info-stealing-malware-in-open-source-software/

Kasseika ransomware uses BYOVD attacks and PsExec tool to disable antivirus, suggesting actors have BlackMatter ransomware code access; strengthen defenses with updated security products and employee training. https://www.trendmicro.com/en_us/research/24/a/kasseika-ransomware-deploys-byovd-attacks-abuses-psexec-and-expl.html

Australia sanctions Russian Aleksandr Ermakov for Medibank breach, unveils $587m cyber defense boost requiring attack reports, data handling change. https://www.news.com.au/technology/online/hacking/russian-citizen-slapped-with-magnitskystyle-sanctions-over-the-medibank-private-cyber-hack/news-story/26d4ff94994745690cfa0867c7c045ec

Hackers are exploiting TeamViewer to deploy ransomware, so ensure your software is updated and use strong, unique passwords. https://www.hackread.com/teamviewer-exploited-remote-access-ransomware/

Euler Finance lost $197 million due to an exploit, showing the need for precise token burns and improved collateralization oversight. https://infosecwriteups.com/decrypting-the-197-million-euler-finance-exploit-755528b9324a

Apple patches active exploit CVE-2024-23222; update your devices to latest iOS, macOS, tvOS, Safari versions. https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html

Jason’s Deli reports a credential stuffing attack led to a customer data breach; users should change their passwords. https://www.bleepingcomputer.com/news/security/jasons-deli-says-customer-data-exposed-in-credential-stuffing-attack/

Atlassian Confluence servers are under attack exploiting CVE-2023-22527; update to patched versions immediately to secure your systems. https://thehackernews.com/2024/01/40000-attacks-in-3-days-critical.html

Stay private online by using non-Five Eyes services for email, VPNs, and search engines to protect against international surveillance alliances. https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/

Zero-click Bluetooth vulnerabilities allow keystrokes injection; update Android to Dec 2023 patch or turn off Bluetooth to stay safe. https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/

Gcore Radar’s latest report shows DDoS attacks growing in size to 1.6 Tbps; they recommend robust, adaptive protection measures. https://thehackernews.com/2024/01/from-megabits-to-terabits-gcore-radar.html

ScarCruft APT targets media and Korean experts for strategic cyber espionage using RokRAT backdoor. https://securityonline.info/scarcruft-threat-actor-against-media-experts/

VexTrio operates a massive cybercrime network with over 70,000 domains for scams, demanding increased collaboration and proactive measures from security firms and domain registrars. https://www.darkreading.com/threat-intelligence/vextrio-tds-biggest-cybercrime-operation-web

GoAnywhere MFT has a critical CVE-2024-0204 flaw; upgrade to version 7.4.1 and delete InitialAccountSetup.xhtml or replace with an empty file and restart to fix. https://securityonline.info/cve-2024-0204-cvss-9-8-critical-authentication-bypass-flaw-in-goanywhere-mft/

The SEC’s Twitter account was compromised due to a SIM swap attack because multi-factor authentication was disabled. https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/

Asylum seekers in the US are targeted by MetaStealer malware, disguised as a helpful document, stealing personal data; users should avoid opening suspicious email attachments. https://securityonline.info/cril-exposes-asylum-seekers-in-us-hit-by-metastealer-malware-campaign/

AerCap and LoanDepot report major data breaches, with LoanDepot’s affecting 16.6 million individuals and both companies launching investigations with third-party cybersecurity experts. https://go.theregister.com/feed/www.theregister.com/2024/01/22/ransomware_aercap_loandepot/

LockBit ransomware gang hit Subway and threatens to sell stolen data unless ransom is paid by February 2, 2024; Subway is investigating the claim. https://www.hackread.com/lockbit-ransomware-gang-claims-subway-victim/

Over 600 IP addresses are targeting outdated Atlassian Confluence servers with RCE attacks; users should update to patched versions immediately. https://go.theregister.com/feed/www.theregister.com/2024/01/22/atlassian_confluence_server_rce/

Tietoevry IT services in Sweden were hit by a ransomware attack, prompting an apology, police report, and heightened monitoring efforts. https://securityonline.info/tietoevry-faces-service-disruptions-following-ransomware-attack-in-sweden/

Unprecedented 26 billion record leak from compiled breaches advises strong passwords, multi-factor authentication, and diligence against phishing. https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

Trezor reported a breach exposing user emails and names, urging updates and vigilance against phishing. https://www.hackread.com/trezor-data-breach-users-email-names-exposed/

Southern Water’s IT systems were hacked, leaking employee and customer data, and a ransom is demanded within six days to prevent full data exposure. https://go.theregister.com/feed/www.theregister.com/2024/01/23/southern_water_confirms_cyberattack/

FTC mandates Intuit halt “free” tax service ads unless the service is truly free for all or terms are clearly stated. https://www.bleepingcomputer.com/news/technology/ftc-orders-intuit-to-stop-pushing-free-software-that-isnt-really-free/

Hackers, GPT Store AI’s can leak their hidden instructions; use better input/output security to prevent this. https://packetstormsecurity.com/news/view/35427/A-Universal-Prompt-Injection-Attack-In-The-GPT-Store.html

Kasseika ransomware uses BYOVD and Martini driver exploits to dodge antivirus and demands ransom after encrypting data; defend with updated security, backups, and user training. https://securityonline.info/unpacking-kasseika-the-latest-ransomware-to-exploit-byovd-tactics/

New research reveals that PC built-in sensors like microphones can pick up unintended electronic signals, allowing attackers to spy on users’ activities remotely without needing physical access or system privileges. https://www.schneier.com/blog/archives/2024/01/side-channels-are-common.html

Black Basta ransomware group claims to have hacked UK’s Southern Water, threatening to release 750GB of sensitive data. https://securityaffairs.com/157951/cyber-crime/black-basta-gang-claims-the-hack-of-the-uk-water-utility-southern-water.html

A data breach at Trello exposed email addresses, names, and usernames of over 15 million users due to an API vulnerability. https://haveibeenpwned.com/PwnedWebsites#Trello

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-01-24

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins