# Latest Podcast
# Description
Today, a guide shows how to turn off Windows Defender in sneaky ways, manipulating privilege tokens and integrity levels. Proctools is a toolkit for managing Windows processes, including extracting information and dumping sensitive strings for cybersecurity operations. CVE-2024-20931 is a bug in Oracle WebLogic that allows bad actors to bypass a previous fix using a Java trick. Studies unravel code scrambles in the DJI Pilot app, aiding in understanding and repair. Google's tool uses AI for quicker bug identification and resolution. Scapy, a Python tool, tests networks for vulnerabilities. CVE-2017-11176 exploitation in the Linux kernel is detailed, guiding from understanding to proof-of-concept. BrowserLeaks offers a privacy check for web browsing. Jael narrates their journey to becoming a cybersecurity expert with the OSCE3 certification. LaZagne extracts passwords from various applications across operating systems. CloakQuest3r reveals real IP addresses of websites behind Cloudflare. RustNet incorporates features like malware analysis and network sniffing. Infoooze performs online data gathering. Paybag simplifies Metasploit payload creation for Linux. Lists find hidden Dark Web sites and sensitive information. Findhunters fosters bug hunter collaboration. A Nuclei template detects a Jenkins vulnerability. TPM-Sniffing retrieves Bitlocker keys from TPMs using communication protocols.
# Tradecraft
[#]
CVE-2024-20931 is a security vulnerability that serves as a bypass to the previously addressed CVE-2023-21839, impacting Oracle WebLogic, with a public exploit requiring Java 1.8.0_151, using a JNDI injection attack that can be executed via a specially crafted JAR file.
[#]
The article describes an analysis of the Android SecNeo packer used in the DJI Pilot app, detailing the methods for unpacking and de-obfuscating bytecode, and demonstrating a runtime hijacking mechanism for injecting corrected bytecode into methods obfuscated by the packer.
[#]
Google has open-sourced a fuzzing framework that uses artificial intelligence to automatically create and test code for vulnerabilities, which can lead to more efficient bug discovery and patching.
[#]
Scapy is a Python tool used in cybersecurity for network fuzzing by creating and manipulating packets to test systems against potential security vulnerabilities, such as DoS attacks, protocol weaknesses or application flaws.
[#]
This article provides a comprehensive step-by-step guide to exploiting CVE-2017-11176 in the Linux kernel, covering the journey from understanding the vulnerability and kernel structures to developing a working proof-of-concept code.
[#]
The BrowserLeaks page offers a WebRTC Leak Test to determine if your IP address is exposed via WebRTC, with instructions to disable the feature in Firefox and Chrome to protect privacy.
[#]
Jael chronicles their intensive gap year journey from novice to OSCE3 certified, a prestigious information security credential, utilizing various study resources and practical engagements, and offers insights and tips for aspiring cybersecurity professionals.
[#]
LaZagne is an open-source tool for extracting stored passwords from a wide range of applications on Windows, Linux, and macOS.
[#]
CloakQuest3r is a Python-based tool designed to reveal the actual IP address of websites protected by Cloudflare by utilizing techniques such as subdomain scanning, SSL certificate analysis, and gathering historical IP data, while also offering optional integration with SecurityTrails API for additional information retrieval.
[#]
The RustNet repository on GitHub contains a GUI application designed to manage aspects of cyber security, with features including malware analysis, exploit finding, network sniffing, and signal jamming, requiring a Python environment to run.
[#]
Infoooze is an OSINT tool that offers various data gathering functions such as Instagram user information retrieval, subdomain scanning, and IP lookups, all from a command-line interface and with results savable to a file.
[#]
Paybag is a Metasploit payload creation tool designed for simplicity and compatibility with Linux and Termux, allowing users to generate payloads easily and initiate listeners for successful remote connections.
[#]
The text lists search queries (dorks) designed to find active onion (Tor network) sites for various content categories such as guides, cabs, pets, and more, potentially for security research or for identifying vulnerabilities within the Dark Web's services.
[#]
The document provides a list of Google Dorks, which are advanced search queries that can exploit security vulnerabilities to find sensitive information, SQL injection points, local file inclusion (LFI) vulnerabilities, and open CCTV camera feeds.
[#]
The repository contains a list of Google Dork queries that can be used to find sensitive information such as logs, error messages, and configuration files inadvertently exposed on web servers.
[#]
Findhunters is a platform designed to promote collaboration among bug hunters by facilitating the sharing of different techniques and methodologies, providing a space for team formation, and enhancing the effectiveness of vulnerability discovery efforts.
[#]
A toolkit named proctools has been created for Windows processes to extract information, dump sensitive strings like command-line arguments or in-memory sensitive data, and manage process functions such as termination, with various utilities and C-based code examples provided for usage in cyber security operations.
[#]
The document provides detailed steps to disable Windows Defender by manipulating privilege tokens and integrity levels through UAC bypass and process token duplication.
[#]
The GitHub repository "TPM-Sniffing" collects methods and tools for retrieving Bitlocker keys from TPMs using communication protocols like SPI, I2C, and LPC, which vary by device model and include associated research and training resources.
# News
[#]
French healthcare services company Viamedis suffered a non-ransomware cyberattack via a successful phishing attempt on an employee, leading to the exposure of personal data of policyholders and healthcare professionals, without compromising banking or contact information, impacting an unknown number of the 20 million individuals they serve, with ongoing investigations and notifications in place.
[#]
The Netherlands Military Intelligence and Security Service reported that a Chinese cyber-espionage group infiltrated less than 50 users on a Dutch Ministry of Defence's R&D network with Coathanger malware via FortiGate devices, using CVE-2022-42475, despite network segmentation limiting damage, and organization patching is advised to prevent such breaches.
[#]
The ResumeLooters hacking group exploited SQL injection and XSS attacks to steal over 2 million user records from 65 websites across various countries, highlighting the importance of secure coding and database management to thwart such breaches.
[#]
A Belarusian and Cypriot national associated with the defunct cryptocurrency exchange BTC-e, Aliaksandr Klimenka, has been charged with money laundering and operating an unlicensed money services business, facing up to 25 years in prison if convicted.
[#]
JetBrains has issued an urgent update alert for TeamCity On-Premises servers to patch a critical severity authentication bypass vulnerability (CVE-2024-23917), affecting versions 2017.1 to 2023.11.2, which allows attackers to perform RCE attacks without user interaction, recommending immediate update to 2023.11.3 or applying a security patch plugin if upgrade is not possible.
[#]
Cybersecurity group Group-IB identified a malicious campaign called "ResumeLooters," using SQL injection and XSS to steal over 2 million personal records from job and retail websites in the APAC region, recommending the use of parameterized statements, web application firewalls, and thorough input validation to thwart such attacks.
[#]
NSA banned Furby toys over fears they could record and leak sensitive information, sparking debates about both privacy and the actual technical capabilities of the toys.
[#]
Dutch defense identified a targeted cyberattack by Chinese state-sponsored hackers using a novel malware named Coathanger, which evades detection and establishes persistence on compromised FortiGate firewalls, and necessitates complete reformat of infected devices for removal.
[#]
The United Arab Emirates reports high VPN usage due to strict internet regulations, with misuse potentially leading to legal consequences and cyber security risks like untraceable illicit activities.
[#]
Google has released Android February 2024 security patches addressing 46 vulnerabilities, including a critical remote code execution flaw identified as CVE-2024-0031, affecting AOSP versions 11 through 14, and users are advised to apply the updates promptly.
[#]
Threat actors are exploiting fake Facebook job ads to distribute Ov3r_Stealer malware, which can steal personal data and cryptocurrency wallets, by tricking users into clicking a weaponized PDF that ultimately delivers the malware through a complex infection chain involving .URL and .CPL files, with its code sharing similarities to the previously known Phemedrone Stealer.
[#]
A cybercriminal group named 'ResumeLooters' exploited SQL injection and XSS vulnerabilities to steal over two million records from job listing and retail websites, mainly in the APAC region, selling the data via Telegram.
[#]
Three new security vulnerabilities have been discovered in Azure HDInsight services which have already been addressed by Microsoft in their October 2023 updates, involving privilege escalation and denial-of-service risks.
[#]
In recent cybersecurity events, the Solana blockchain experienced a five-hour outage, three individuals were charged with fraud via SIM swapping including an attack on FTX, the OPNX exchange founded by the Three Arrows Capital creators is closing, Ripple CEO's personal wallets were compromised resulting in a theft of $112.5 million in XRP, Abracadabra's lending protocol was exploited causing the depeg of Magic Internet Money stablecoin, HyperVerse founder faces charges for a multi-billion dollar fraud scheme, Goledo Finance was hacked for $1.7 million through a flash loan attack, Korean crypto karaoke platform Somesing lost $11.5 million in tokens, a Silk Road drug distributor forfeited 8,100 Bitcoins in a plea agreement, and WallStreetMemes' staking contract was exploited leading to a significant token price drop.
[#]
Security researchers from Orca Security revealed three high-risk vulnerabilities in Microsoft Azure HDInsight's big data analytics service, including a denial-of-service issue and two privilege escalation bugs, all patched as of October 26, requiring users to create a new cluster with the updated platform version for protection.
[#]
Fortinet's FortiSIEM has two critical remote code execution vulnerabilities, CVE-2024-23108 and CVE-2024-23109, with updates available for version 7.1.2 and patches pending for other affected versions.
[#]
Fortinet has disclosed two critical command injection vulnerabilities, CVE-2024-23108 and CVE-2024-23109, in its FortiSIEM product and recommends immediate update to patched versions to mitigate potential remote unauthenticated attacks.
[#]
A Belarusian-Cypriot national connected to the defunct BTC-e cryptocurrency exchange faces U.S. extradition and a 25-year sentence for laundering over $4 billion, while other cybercriminals face charges for separate large-scale theft and identity fraud cases.
[#]
A critical vulnerability CVE-2024-23917 in JetBrains' TeamCity On-Premises versions from 2017.1 to 2023.11.2 allows unauthenticated remote attackers to gain administrative control, with a fix available in version 2023.11.3 or via a security patch plugin for certain older versions.
[#]
ResumeLooters, an emerging cybercrime group, has compromised over 65 job search websites in the Asia-Pacific region using SQL injection and XSS to steal millions of resumes and personal data, now sold on Telegram channels, highlighting the necessity of improved database and website security practices.
[#]
In 2023, at least 25 new ransomware gangs emerged, with Akira and 8Base most notable for their activities, while international law enforcement shuttered several operations including Hive and Ragnar Locker.
[#]
The US Department of Health and Human Services has published voluntary cybersecurity performance goals for healthcare organizations, indicating potential new laws to secure federal funding, with essential measures including multi-factor authentication and incident response planning.
[#]
In late 2023, the ResumeLooters gang targeted job search platforms in the Asia-Pacific region through SQL injection and XSS attacks, stealing millions of rows of personal data and underscoring the need for enhanced cybersecurity measures on such websites.
[#]
Ivanti VPN products are facing widespread attacks due to a server-side request forgery vulnerability, CVE-2024-21893, which is now being exploited in combination with another flaw, CVE-2024-21887, prompting the release of new patches and an advisory for organizations to mitigate risks.
[#]
Cleaning product company Clorox experienced a significant cyberattack, presumed to be ransomware by ALPHV/BlackCat, leading to an operational loss of $49 million and sales decline up to $593 million, highlighting the importance of robust business continuity plans, effective backup strategies, and comprehensive ransomware defenses including quick vulnerability patching, hardened remote access, early threat detection, and ransomware rollback capability.
[#]
Google has matched Microsoft's $1 million donation to the Rust Foundation to improve Rust's interoperability with C++, aiming to enhance Rust adoption by making it easier to integrate with existing C++ codebases and developer tools.
[#]
A finance worker was tricked into sending $25M to a criminal's account due to a sophisticated deepfake video conference call, highlighting the urgent need for enhanced verification processes in financial transactions to prevent such fraud.
[#]
A concerning trend has emerged where teenagers are engaging in serious cybercrimes, including swattings, financial sextortion, and ransomware attacks, with experts suggesting curiosity, peer pressure, and a low risk of prosecution as drivers, while emphasizing the role of parents in monitoring online activities and the need for creating positive outlets for tech-savvy youth to prevent them from turning to cybercrime.
[#]
The U.S. State Department has announced visa restrictions targeting individuals and companies involved in the illicit use of commercial spyware to surveil and intimidate members of civil society, marking further government efforts to limit such abuse following sanctions and a blocklist on specific vendors known for these activities.
[#]
Google patched a critical Android remote code execution vulnerability, CVE-2024-0031, in its February 2024 updates which affects versions 11 to 14, and users should promptly apply the security fixes via their system settings.
[#]
Canon has revealed seven critical security vulnerabilities in their Office/Small Office Multifunction and Laser Printers, with a CVSS score of 9.8, allowing potential remote code execution or DoS attacks, and advises users to reconfigure their network with a private IP and firewall, and to install forthcoming firmware updates.
[#]
Wordfence identified a critical Local File Inclusion vulnerability in the Shield Security plugin for WordPress, affecting over 50,000 sites, and users must update to version 18.5.10 immediately to mitigate the risk.
