# Latest Podcast
# Description
Today, GMER is an anti-rootkit for Windows, specializing in detecting kernel mode rootkits and securing I/O operations, detailed on LinkedIn. A Proof-Of-Concept for CVE-2023-22098 reveals a vulnerability in VirtualBox 7.0.10, with mitigation steps on GitHub. FormThief, another GitHub project, collects spoofed login applications for Windows, aiding in credential capture during tests. Honeypage, a Go language application, creates customizable honeypots to identify malicious web activity, in pre-alpha development on GitHub. Lastly, an article from Asset-Intertech introduces WinDbg and Intel Direct Connect Interface for debugging Windows Secure Kernel on AAEON UP Xtreme i11 boards, focusing on capturing execution details without symbols.
# Tradecraft
[#]
GMER is an anti-rootkit tool for Windows systems, capable of detecting kernel mode rootkits by using advanced techniques like direct kernel object manipulation, and offers detailed insights into securing both disk and file I/O operations against malicious activity.
[#]
A Proof-Of-Concept to demonstrate exploitation of CVE-2023-22098 was released, affecting VirtualBox 7.0.10 r158379, which requires users to update the software to mitigate this security vulnerability.
[#]
The repository "FormThief" is a collection of spoofed Windows desktop login applications made with WinForms and WPF for capturing user credentials during penetration tests, with detailed usage instructions for integration with various tools and pending improvements for code stability and additional application support.
[#]
A Go language application named Honeypage is under pre-alpha development, designed to generate a customizable honeypot web page for integration with modpot, simulating a vulnerable system to detect and analyze malicious activity.
[#]
The article provides an introduction to using SourcePoint's WinDbg tool and Intel Direct Connect Interface for debugging the Windows Secure Kernel and hypervisor, discussing step-by-step techniques and the utility of Intel Processor Trace for capturing execution details without the need for symbols, as demonstrated on an AAEON UP Xtreme i11 board.
# News
[#]
A recent report detailed that up to 275 credit unions using CU Solutions Group's content management system were vulnerable to account takeover and credential theft due to critical vulnerabilities, but these have been mitigated by an update and the implementation of multi-factor authentication is recommended.
[#]
The UK's National Crime Agency has publicly taken over the LockBit ransomware group's operations, seizing infrastructure, arresting affiliates, and planning to expose the group leader's identity, indicating a significant setback for the cybercrime group and emphasizing law enforcement's global collaboration and strategic offensive against such threats.
[#]
A new malware named Migo, targeting Redis servers to mine cryptocurrency, disables security configurations and uses a user-mode rootkit to evade detection, requiring system administrators to be vigilant about these specific attack vectors and secure their Linux hosts against such cryptojacking attempts.
[#]
A critical vulnerability named KeyTrap, identified as CVE-2023-50387, discovered in the DNSSEC could potentially cause extended Internet outages by sending a single malicious packet that sends DNS servers into an unresolvable loop; updates to patch this issue have been released and need to be applied immediately to affected systems.
[#]
Signal has introduced a beta feature allowing users to create usernames that conceal their phone numbers, aiming to enhance privacy but still requiring a phone number during registration process.
[#]
A security lapse at Wyze allowed 13,000 customers to inadvertently access video feeds from other users' cameras, which the company attributes to a third-party library issue during high server load, and has since implemented additional verification measures to prevent future incidents.
[#]
ConnectWise has patched two critical vulnerabilities in its ScreenConnect software, with the most severe allowing remote code execution, and users should update to version 23.9.8 or apply the provided patches for versions 22.4 through 23.9.7 immediately.
[#]
The UK National Crime Agency shut down the LockBit ransomware operation, arresting individuals, freezing cryptocurrency accounts, and releasing decryption keys to assist victims.
[#]
The EU has initiated an investigation into TikTok for potential violations of the Digital Services Act, focusing on the platform's content moderation, protection of minors, and transparency around advertising and algorithmic processes.
[#]
Microsoft detected foreign hacking groups using its AI tools to enhance their cyber operations and acknowledged the capability to monitor AI tool usage, highlighting potential privacy concerns regarding AI session surveillance.
[#]
A critical vulnerability CVE-2024-25600 in the WordPress Bricks theme allows unauthenticated attackers to execute remote code; users should update to version 1.9.6.1 to mitigate the risk.
[#]
The FBI has shifted its cybersecurity strategy from a defensive posture to a more aggressive approach by disabling the infrastructure of China's Volt Typhoon APT, aiming to disrupt their potential for cyberattacks and prevent reconstitution of their botnet capabilities.
[#]
Intel has published details about 34 new security vulnerabilities affecting various components and software, including Thunderbolt, with patches available, and users should manually update to protect their systems as some updates may not be automatic.
[#]
Autodesk AutoCAD software versions 2021 to 2024 have been discovered to contain 40 zero-day vulnerabilities which could allow arbitrary code execution, with remedies including avoiding the import feature, disabling certain imports, and only importing files from trusted sources.
[#]
Starting in July 2024, Vietnam will implement a biometric data collection initiative, requiring iris scans, voice samples, and potentially DNA from citizens for a new ID card system to streamline various identification documents.
[#]
Operation Cronos led to the seizure of LockBit ransomware group's darknet domains by exploiting a PHP vulnerability (CVE-2023-3824), affecting their operations and compromising their affiliate panel with law enforcement gaining extensive information about their activities.
[#]
Law enforcement agencies from multiple countries have cooperatively seized LockBit ransomware group's website, signaling a significant disruption of the group's operations and foreshadowing detailed revelations regarding the international crackdown.
[#]
Bellingcat geolocated two separate flag-raising incidents in Guyana and Venezuela, debunking online claims that they were the same event and highlighting the ongoing territorial dispute over the Essequibo region.
[#]
The SVR's large-scale attack on Microsoft 365 Entra ID tenants highlights the importance of securing these environments, as Andy Robbins outlines attack methods and defensive strategies in a Risky Business interview.
