# Latest Podcast
# Description
Today, a new way to turn off Windows Defender, a computer's guard against viruses. There's a tool named go-secdump that can find computer secrets from far away. Z-Labs made a new tool to help test computer security across different systems. There are tips for secretly checking computers without getting caught. Netlas.io helps find weaknesses in computer networks. There's also a way to hide when looking through directories to stay unnoticed. Lastly, CookieBlock helps control which website cookies can stay on your browser, keeping your internet use private.
# Tradecraft
[#]
This article details a proof of concept (POC) for disabling Windows Defender by revoking its process tokens through elevated privileges obtained by exploiting the User Account Control (UAC) bypass.
[#]
The `go-secdump` tool enables remote extraction of Windows registry secrets such as NT hashes, LSA secrets, and cached credentials without needing a local agent or touching disk, leveraging administrator privileges to temporarily adjust DACLs for access.
[#]
Z-Labs developed 'bof-launcher', an open-source library that enhances the functionality and versatility of Cobalt Strike's Beacon Object Files (BOFs) by allowing cross-platform operation, programming in C and Zig languages, and implementation of complex command and control (C2) features.
[#]
The content provides strategies for red teams to perform Active Directory enumeration while evading detection by blue teams by utilizing microscopic LDAP queries and considering operational security approaches like ADWS and targeted tool adjustments.
[#]
Netlas.io is a new threat hunting platform that provides a suite of tools for cybersecurity professionals to analyze and map the attack surface using a comprehensive network dataset, which includes capabilities for host and attack surface discovery, response scanning, DNS and WHOIS searches, and certificate analysis, aiming to enhance threat intelligence and aid in proactive searches for network threats.
[#]
Monitoring defenses can identify red team LDAP activity, but red teams can blend in with typical processes and minimize detection by using targeted LDAP queries, exploit baseline behaviors, and leverage Active Directory Web Services.
# News
[#]
The weekly threat intelligence report from Checkpoint discloses a ransomware attack on SEIU, a cyber-attack on Hyundai Motor Europe, SIM swap breaches at two US insurance firms, a massive French health insurance data compromise, Chinese espionage against Dutch Defense, a DDoS attack on Pennsylvania's court system, a thwarted email intrusion in the Philippines, critical patches for Fortinet and Ivanti vulnerabilities, Linux shim's remote code execution issue, Raspberry Robin's malware progress, and ongoing threats from old Microsoft Office vulnerabilities.
[#]
The FCC has ruled robocalls using AI-generated voices illegal, requiring prior express consent for such calls, and offenders face penalties up to $1,500 per incident.
[#]
A new exploit targeting an unpatched vulnerability in Bytevalue routers has been observed, using a command injection attack to download a Mirai variant; users should verify if patches are available and remain cautious of unsolicited internet traffic.
[#]
The Caravan and Motorhome Club suffered a cybersecurity incident in January which may have exposed a variety of member data, but its full extent remains unconfirmed, prompting the organization to enhance its cybersecurity measures and advising members to be alert to potential phishing attacks.
[#]
Cybersecurity researchers have unlocked the Rhysida ransomware by exploiting an implementation vulnerability, allowing victims to decrypt their data without paying a ransom using a new tool distributed by the Korea Internet and Security Agency.
[#]
CISA in collaboration with OpenSSF has released a "Principles for Package Repository Security" framework to enhance the security of package repositories with four escalating security maturity levels, promoting best practices like multi-factor authentication among others.
[#]
A cybercriminal named IntelBroker leaked data from about 200,000 Facebook Marketplace users, including personal details but not passwords, after allegedly obtaining it from a contractor handling cloud services for Facebook in October 2023, with users advised to change passwords, enable 2FA, and stay vigilant against potential phishing attacks.
[#]
In a significant data breach, over 33 million French citizens' private information was compromised at two healthcare payment services, while separate incidents involved device registration details leaked from Juniper's portal, critical vulnerabilities in Cisco's Expressway devices, and controversial intentions from Canadian officials to ban the Flipper Zero device amid theft concerns.
[#]
CyberArk's analysis reveals APT29 (Cozy Bear) exploited Microsoft through a password spraying attack, employing legacy OAuth apps for access; they advocate for using multi-factor authentication on all systems, segmenting environments, and implementing identity threat detection and response to prevent similar breaches.
[#]
Raspberry Robin, a Windows worm that propagates via USB devices, has been updated with new evasion techniques and two one-day local privilege escalation exploits previously unreported and utilized shortly after their public disclosure.
[#]
PostgreSQL versions 12 through 15 contain a critical security flaw identified as CVE-2024-0985, which allows privilege escalation through the "REFRESH MATERIALIZED VIEW CONCURRENTLY" operation, and users must upgrade to versions 12.18, 13.14, 14.11, or 15.6 to mitigate the risk.
