# Latest Podcast
# Description
Checkout BOFHound's new LDAP parsing capabilities and SigFinder's binary authentication signature scanning. Learn how Shielder's analysis of ASUS routers impacts real-world security and explore the use of BOF Launcher for varied programming environments.
# Tradecraft
[#]
BOFHound, a Python tool for parsing LDAP data into BloodHound-compatible JSON, now includes session and local group data collection with updated BOFs aiding in stealthy Active Directory mapping without triggering common detection mechanisms.
[#]
SigFinder is a tool for locating binaries with Authenticode digital signatures that are associated with an internal CA or a specific domain, providing options to ignore certain certificates, search directories recursively, and filter by domain keyword, which are actions useful for managing application whitelists in Windows environments.
[#]
Security researchers at Shielder analyzed critical CVEs in ASUS routers, successfully wrote an n-day exploit confirming a format string vulnerability via emulation, but found the reported unauthenticated access does not hold in properly configured real-world devices.
[#] The BOF Launcher is an open-source library that enables the execution of Beacon Object Files in various environments, offering compatibility with Cobalt Strike's Beacon, support for multiple programming languages and systems, and features like asynchronous execution and process injection.
[#] The article reviews multiple vulnerabilities in the Apache OFBiz ERP system, detailing the history, analysis, and mitigation of RCE exploits due to insecure deserialization and authentication bypasses, emphasizing on CVEs -2023-51467, -2023-49070 and -2020-9496.
[#] PurpleKeep is an open-source platform that automates the testing of detection rules for cyber attacks by simulating Tactics, Techniques, and Procedures (TTPs) in an Azure environment, using Atomic Red Team project tactics and integrating with Azure Monitor for logging.
[#] CsWhispers is a source generator for C# projects that automates the addition of D/Invoke and indirect syscall methods, allowing for more advanced interaction with the Windows API without needing manual PInvoke declarations.
[#] SecureCodeBox is an open-source, Kubernetes-based platform that automates continuous security scanning within CI/CD pipelines, integrating popular tools to help developers address vulnerabilities before deployment.
[#] The blog post provides a walkthrough of setting up a Large Language Model (LLM), demonstrating both direct and indirect prompt injection vulnerabilities and how to leverage these for data exfiltration, with practical examples including code snippets and server setup that highlight the importance of understanding and mitigating such security flaws.
[#] Understanding the intricacies of network defense can lead to the strategic deployment of honeypots to deceive and monitor potential attackers, enhancing overall system security.
[#] LEAKEY is a customizable tool for verifying leaked API tokens/keys and can be updated easily by appending new checks in the signatures.json file.
[#] The EO Browser application allows users to access and analyze a variety of satellite data layers, requiring agreement to its terms of service and providing enhanced features upon free user registration.
[#] The repository 'vulnerability-Checklist' on GitHub is a collection of web and API vulnerability checklists, including various attack vectors such as SQL injection, CSRF, and authentication bypasses, providing a resource for ethical hackers to identify and secure potential security flaws.
[#] Enhance your network's security by employing layered defenses, regularly updating systems, using strong multifactor authentication, and conducting ongoing security training.
[#] The GitHub project azureOutlookC2 demonstrates a proof of concept where a compromised Windows device is remotely controlled via commands from an attacker's Outlook mailbox, utilizing Microsoft Graph API for Command & Control (C2) operations, which was also reportedly used by threat actors like North Korean APT InkySquid/ScarCruft/APT37.
[#] This guide details methods to identify and protect against fraud by using advanced online search techniques for emails, phone numbers, and names, as well as employing various tools for verification and detection of scams.
[#] The article describes how to compile an Open Source Intelligence (OSINT)-based Cyber Threat Intelligence report, with a case study focusing on Singapore's cybersecurity threats, and provides structured recommendations on mitigating identified vulnerabilities, such as RDP brute-force attacks and TCP SYN flood attacks.
# News
[#] A database containing personal data of 750 million Indian mobile subscribers was offered on dark web forums, including names, phone numbers, addresses, and Aadhaar details, posing significant risks of financial fraud and identity theft.
[#] GitLab has issued a critical update to fix a CVE-2024-0402 vulnerability that allowed authenticated users to write files to any location on the server, and users should update to the latest patched version immediately to prevent exploitation.
[#] Cybercriminals deploy DarkGate malware using Microsoft Teams group chat invitations, with AT&T Cybersecurity suggesting disabling External Access unless necessary and training users on recognizing unsolicited messages to mitigate phishing risks.
[#] The FBI warns that a tech support courier scam is targeting seniors to steal cash and metals, combining online and offline tactics, and advises vigilance in protecting personal data and avoiding unsolicited communications.
[#] The FBI, sanctioned by the White House, recently disrupted a sophisticated botnet operated by Chinese cyberespionage group Volt Typhoon, which had targeted critical infrastructure across multiple sectors in the United States and its territories.
[#] Blockchain analysis is increasingly used in law enforcement to trace and link cryptocurrency transactions to real-world identities, combatting the false notion of anonymity in Bitcoin and similar networks, as detailed in various case studies including the takedown of dark web marketplaces and arresting individuals involved in major thefts and unlawful activities.
[#] Citibank is facing a lawsuit from the New York Attorney General for not safeguarding customers from fraud and for refusing to reimburse the victims as mandated by the Electronic Fund Transfer Act, despite claims of using robust security protocols and tools to reduce wire fraud losses.
[#] Juniper Networks has acknowledged and corrected an error by not initially assigning individual CVEs to four vulnerabilities reported by watchTowr and has released fixes, advising all Junos OS on SRX and EX series users to apply the necessary updates to mitigate three missing authentication vulnerabilities and an XSS flaw.
[#] Brazilian Federal Police, with support from ESET, Interpol, Spanish National Police, and Caixa Bank, have halted the Grandoreiro banking malware operation, making five arrests and seizing property across multiple states after tracking at least 3.6 million euros in fraudulent transactions since 2019.
[#] Schneider Electric's Sustainability Business division experienced a ransomware attack and potential data breach on January 17, 2024, impacting systems including Resource Advisor, with indications the Cactus ransomware group may be involved; operations are expected to resume in two business days.
[#] SolarWinds refutes SEC's fraud charges regarding its 2020 security breach, claiming their risk disclosures were adequate and that disclosing more would aid attackers, while the SEC argues the company and its CISO misled investors about their cybersecurity practices.
[#] Elon Musk's Neuralink has reportedly implanted a brain chip into a human patient for the first time, aiming to test the safety and potential benefits for individuals with disabilities, with ambitions to later develop cybernetic enhancements for general use.
[#] Juniper Networks has released urgent updates to Junos OS for SRX and EX Series devices to patch high-severity flaws, including a missing authentication issue and an XSS vulnerability, with versions listed for each fix and a temporary mitigation involving disabling or restricting J-Web access.
[#] Security researchers have detected over 1,500 compromised credentials from RIPE, APNIC, AFRINIC, and LACNIC on the dark web, advising affected network operators and IT infrastructure managers to change passwords and enable two-factor authentication to mitigate potential cyberattacks.
[#] A revitalized ZLoader malware variant has surfaced with upgrades such as RSA encryption, 64-bit Windows compatibility, and evasion tactics against analysis, signaling a potential resurgence of ransomware attacks.
[#] A recent cybersecurity alert details how the Trigona ransomware group has shifted tactics by employing Bulk Copy Program (BCP) utility to install Mimic ransomware on vulnerable MS-SQL servers, urging administrators to strengthen passwords and keep systems updated to mitigate risks.
[#] Keenan & Associates, a California insurance firm, reported a data breach affecting 1.5 million people, with personal information including SSNs and health details exposed, and is now enhancing network security and offering free identity theft protection services.
[#] The Facebook page of USAID Colombia was hacked, causing false information to potentially target its 75,000 followers, with the U.S. government and Meta taking action to resolve and investigate the breach, while reinforcing the necessity of secure account practices, such as multi-factor authentication.
[#] SolarWinds disputes SEC's lawsuit alleging deceptive security practice disclosures, arguing risk factors were warned and specific vulnerability disclosures could aid attackers, while the SEC questions the sufficiency of the firm's cybersecurity program details.
[#] A critical remote code execution vulnerability, CVE-2024-23897, impacts around 45,000 online Jenkins servers, with public exploits available, and administrators should apply security updates or follow mitigation strategies from the Jenkins security bulletin.
[#] Schneider Electric's Sustainability Business division was hit by a Cactus ransomware attack on January 17, leading to terabytes of data theft and ongoing outages, with the company implementing recovery and containment measures while investigating the incident with cybersecurity experts.
[#] A global dark web drug trafficking operation led by Banmeet Singh has been dismantled following his guilty plea in the US after extradition from the UK, including a forfeiture of $150M in cryptocurrency, showcasing effective international law enforcement collaboration against online illegal drug markets.
[#] On January 30, 2024, cybersecurity group alphv reported that Technica, a tech company providing IT solutions to government clients, suffered a data breach with over 300 GB of data leaked, and a ransomware dashboard now tracks and updates such incidents through an SQL database feed, based on ransomFeed project.
[#] The article details a security flaw within Ivanti Avalanche (CVE-2023-41474), a directory traversal vulnerability that could potentially allow unauthenticated attackers to access sensitive .xml or .html files, emphasizing the importance of immediate patching to prevent information disclosure and server compromise.
[#] Mercedes-Benz inadvertently exposed sensitive internal data, including source code, due to a private key left in a public GitHub repository, which was removed following discovery by researchers and notification by TechCrunch.
