HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

Today, BadExclusions is a tool that makes sure antivirus systems don't miss any dangerous files. Melissa Bruno warns about the risk of hackers accessing private data through web flaws, suggesting careful checks and using specific tools. A malware named Ov3r_Stealer is tricking people on Facebook to steal their information. Techniques like using Veeam Backup & Replication and Velociraptor help in analyzing cyber incidents, while a red team used an old Java Applet to find security holes. Other articles discuss hiding code from antivirus with WebAssembly and Rust, testing security on iPhones without jailbreaking, and creating a Metasploit exploit for a known vulnerability. Tools like TInjA and Stardust help find and exploit web page vulnerabilities or create stealthy attacks. Experts share insights on red team assessments, ClamAV patches critical vulnerabilities, and SwaggerSpy gathers sensitive online information. A vulnerability in runC allows attackers to break out of containers, iSniff GPS tracks location data from iOS devices, GoBuster finds hidden web paths, and Marcus Hutchins shares tips on evading detection by security systems.

# Tradecraft

[#] BadExclusions is a security tool designed to detect paths that have been excluded from antivirus or endpoint detection and response (AV/EDR) systems by creating and monitoring EICAR test files in each folder to identify which ones are not automatically removed.
Read More @ github.com
[#] Penetration tester Melissa Bruno at Black Hills Information Security highlights the ongoing critical threat of Insecure Direct Object Reference (IDOR) vulnerabilities in web applications and suggests both developers and testers adopt proactive measures, such as verifying user authorization at every action and using tools like Burp Suite and Autorize, to detect and prevent unauthorized access to sensitive data.
Read More @ blackhillsinfosec.com
[#] A new malware named "Ov3r_Stealer" is spreading through Facebook job ads and fake accounts, using diverse execution methods to hijack data like passwords, cookies, and credit card information, with the stolen data ending up on a Telegram channel managed by cybercriminals.
Read More @ darkreading.com
[#] The article details how to use Veeam Backup & Replication's metadata and the open-source tool Velociraptor to efficiently list and extract backup artifacts for forensic analysis in a cyber incident response scenario.
Read More @ synacktiv.com
[#] A red team found a Java Applet on an outdated website and successfully made it work using OpenJDK 8, appletviewer, and various configuration changes, including disabling security through a customized policy, using Burp Proxy as an invisible proxy, and tweaking Burp Suite to analyze and manipulate serialized Java objects, leading to the discovery of multiple vulnerabilities.
Read More @ humanativaspa.it
[#] The article details a method of shellcode evasion in cybersecurity by utilizing WebAssembly and Rust to compile and execute code, thereby evading antivirus detection and establishing a Command and Control connection using Meterpreter and Metasploit without triggering Windows Defender.
Read More @ balwurk.com
[#] The article outlines a method for penetration testing on non-jailbroken iOS devices using tools such as Homebrew, NPM, AppleSign, Xcode, insert_dylib, Objection, and ios-deploy, detailing each step from setting up an Apple Developer Account to patching an app with FridaGadget and deploying it to the device.
Read More @ infosecwriteups.com
[#] Kevin Joensen outlines the development process of creating a Metasploit exploit for a PRTG authenticated Remote Code Execution vulnerability, identified as CVE-2023-32781, including environment setup, coding the exploit, and submitting it to Metasploit's public repository.
Read More @ baldur.dk
[#] TInjA is a command-line tool created by Hackmanit and Maximilian Hildebrand for identifying template injection vulnerabilities in web pages, supporting 44 template engines across eight programming languages, with features like automatic detection, polyglot scanning efficiency, proxy support, and optional client-side scanning.
Read More @ github.com
[#] The repository "Stardust" on GitHub contains a modern, 64-bit position independent code template for crafting stealthy shellcode implants, detailed in an associated blog post.
Read More @ github.com
[#] The article provides an overview of various cyber attack techniques and tools used in red team assessments, including reconnaissance methods, man-in-the-middle attacks, password spraying, and exploitation of vulnerabilities such as ProxyShell, EternalBlue, and Zerologon, with steps to perform these attacks and defenses against them.
Read More @ hadess.io
[#] JEB 5.9 introduces a Generic Unpacker that emulates APKs to extract hidden Dex files, allowing reverse engineers to analyze and integrate recovered bytecode with existing units despite some limitations in handling all cases.
Read More @ pnfsoftware.com
[#] ClamAV released versions 1.2.2 and 1.0.5 to patch critical security vulnerabilities CVE-2024-20328 and CVE-2024-20290, which could allow command injection and cause denial of service respectively.
Read More @ securityonline.info
[#] The video from UndeadSec introduces SwaggerSpy, a tool designed to automate the gathering of open-source intelligence (OSINT) on SwaggerHub by enumerating sensitive data such as global secrets, headers, endpoints, and authorization parameters, highlighting the importance of securing API documentation to prevent unintended exposure of confidential information.
Read More @ youtube.com
[#] A runC vulnerability indicated as CVE-2024-21626 allows attackers to escape from containers by manipulating the working directory or symlinks, potentially accessing the host's file system, with fixes now available in various updated versions of container-related software.
Read More @ nitroc.org
[#] iSniff GPS is a passive sniffing tool designed to capture and visualize location data broadcast by iOS devices by identifying networks they've previously connected to and querying services like Apple's WiFi location service and wigle.net to map devices' geographical location history.
Read More @ github.com
[#] GoBuster is a directory and file brute-forcing tool used in web application security assessments to uncover hidden paths through wordlists, supporting HTTP/HTTPS, file extension targeting, and recursive scanning for a thorough examination of web servers.
Read More @ infosecwriteups.com
[#] Marcus Hutchins explains tactics for bypassing Endpoint Detection and Response (EDR) by exploiting timing issues and using CPU exceptions to modify syscall parameters after EDR checks but before system call execution.
Read More @ malwaretech.com

# News

[#] The U.S. State Department is offering rewards up to $10 million for key information on the Hive ransomware group's leaders, following the FBI's infiltration of their network and the provision of decryption keys to victims to prevent $130 million in ransom payments.
Read More @ bleepingcomputer.com
[#] A newly discovered variant of XLoader malware for Android executes automatically post-installation and performs phishing via notifications, with McAfee advising use of security products to detect and eliminate such hidden threats.
Read More @ bleepingcomputer.com
[#] Ivanti has issued an urgent warning to update Connect Secure, Policy Secure, and ZTA gateways due to a newly discovered XXE vulnerability in the SAML component that could allow unauthorized access to resources without user interaction, and admins must apply patches released on January 31 or implement the provided mitigation instructions.
Read More @ bleepingcomputer.com
[#] The Raspberry Robin malware group is accelerating its cyber-attacks by purchasing exploits for recently disclosed vulnerabilities, with researchers spotting them using zero-day exploits and adding advanced features to evade detection and enhance persistence.
Read More @ theregister.com
[#] Over 33 million people in France are affected by data breaches at healthcare payment providers Viamedis and Almerys, with personal but not financial data exposed, posing risks of phishing and fraud; authorities are investigating and mandate individual notifications to the impacted parties.
Read More @ bleepingcomputer.com
[#] LastPass has identified a deceptive application named "LassPass Password Manager" on the Apple App Store, which mimics its branding and user interface, lists a different developer, and uses a suspect privacy policy website, leading to Malwarebytes blocking that domain and LastPass taking steps to remove the fraudulent app.
Read More @ malwarebytes.com
[#] Two individuals, Noah Roskin-Frazee and Keith Latteri, face charges for allegedly defrauding Apple of $2.5 million by illegally accessing systems and ordering gift cards and hardware, exploiting third-party contractor vulnerabilities and obfuscating their identities using remote desktop and VPNs.
Read More @ theregister.com
[#] A vulnerability designated as CVE-2024-23452 was identified in the Apache bRPC framework, affecting versions 0.9.5 to 1.7.0, which could allow HTTP request smuggling; users can mitigate the risk by upgrading to version 1.8.0 or applying a provided patch.
Read More @ securityonline.info
[#] A critical stack overflow vulnerability in TOTOLINK LR1200GB routers' web interface allows remote attackers to bypass authentication and potentially execute arbitrary commands without valid credentials, but the device manufacturer has yet to respond to disclosure attempts.
Read More @ ssd-disclosure.com
[#] Jim Dempsey proposes a legal framework for software liability focused on product outcomes, advocating for legislation that distinguishes between easily preventable software vulnerabilities and those that are not reasonably discoverable, to better define liability and implement safe harbor protections.
Read More @ schneier.com
[#] Google plans to update its sign-in pages, including Gmail, to reflect a modern design based on its Material Design principles, offering a more streamlined and personalized user experience.
Read More @ bleepingcomputer.com
[#] Kaspersky Labs has identified a new banking Trojan named "Coyote" that exploits Brazilian banks by using the Squirrel installer and Nim programming language for obfuscation, persisting on reboot and stealing user data through SSL-encrypted C2 communications.
Read More @ securityonline.info
[#] Horizon3.ai's analysis of CISA's Known Exploited Vulnerabilities in 2023 reveals that while Rust programming language can reduce memory safety issues, it is not sufficient on its own to prevent security vulnerabilities, as insecurely exposed endpoints and logic bugs remain significant threats.
Read More @ theregister.com
[#] "Hadess" offers cybersecurity protection including Red Team exercises, Penetration Testing, Secure Coding, and Blockchain Security Services, with products like SAST, RASP, and Attack Surface Management, targeting robust digital asset defense.
Read More @ hadess.io
[#] A security researcher discovered an unauthenticated SQL injection vulnerability in the WordPress Booking Calendar plugin, affecting over 60,000 sites, which was reported and promptly addressed by the Wordfence team.
Read More @ linkedin.com
[#] The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Google Chromium V8 Type Confusion bug, identified as CVE-2023-4762 and affecting versions of Chrome before 116.0.5845.179, to its Known Exploited Vulnerabilities catalog, recommending federal agencies to patch this security flaw by February 27, 2024 to prevent remote code execution through crafted HTML pages.
Read More @ securityaffairs.com
[#] Chinese cyber-espionage group Volt Typhoon infiltrated US critical infrastructure networks, evading detection for five years by using living off the land techniques and maintaining persistent access, with advisories from CISA and partner agencies recommending immediate action to secure networks against these attacks.
Read More @ bleepingcomputer.com
[#] Malvertisers are using Facebook job ads to lure users to a Discord URL that triggers a download of Ov3r_Stealer malware, seeking to harvest account credentials and cryptocurrency, with Trustwave advising to patch the connected Ivanti Connect Secure auth bypass bug promptly to mitigate the risks.
Read More @ bleepingcomputer.com
[#] The US government has alerted that beyond Volt Typhoon, other Chinese hacking groups are actively compromising US critical infrastructure networks for potential data theft and disruptive cyberattacks, emphasizing the need for robust identity management and multi-factor authentication.
Read More @ theregister.com
[#] French healthcare services company Viamedis suffered a data breach due to a phishing attack, resulting in the exposure of personal details including birthdates, social security numbers, and health insurer names for 20 million individuals, but did not compromise banking, email, or contact information.
Read More @ scmagazine.com
[#] Raspberry Robin worm is exploiting vulnerabilities such as CVE-2023-36802 with speed, using diverse initial access vectors, and improving its evasion and persistence across systems, requiring timely analysis and mitigation efforts from security professionals.
Read More @ securityonline.info
[#] Cisco has patched critical CSRF vulnerabilities in Expressway Series gateways, which could allow unauthenticated attackers to perform actions with admin-level privileges; updating to the latest release is recommended to mitigate risk.
Read More @ securityonline.info
[#] A new malware named DotStealer steals user data by hiding on systems, decrypting Telegram credentials, and using social media for data exfiltration, with security researchers advising to take measures to secure personal information.
Read More @ securityonline.info
[#] New proposed Federal Acquisition Regulation updates require IT contractors to report security incidents to CISA within eight hours and regularly thereafter, while also allowing government agencies full access post-incident, sparking significant industry pushback due to the burdensome nature of the rules.
Read More @ theregister.com
[#] LastPass alerts users to a fraudulent app on the Apple App Store called "LassPass Password Manager" with misspellings and a different developer, advising to avoid it as it likely compromises password security, while Malwarebytes blocks the fraudulent app's website and works on removing the app.
Read More @ malwarebytes.com
[#] Emerging from low-key forums focused on social engineering and minor cybercrime, a criminal community known as Classiscam has advanced to coordinate phishing attacks for hijacking accounts, notably from Steam and social media, with organized groups now employing these schemes to extort ransoms from popular account owners.
Read More @ medium.com
[#] Mozilla has introduced Mozilla Monitor Plus, a paid service that removes your personal data from over 190 data broker sites, augmenting its existing data breach monitoring tool.
Read More @ itsfoss.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-02-09

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins