# Latest Podcast
# Description
Today, RepoReaper is a security tool aimed at discovering exposed .git repositories for auditing. Brutespray, now written in golang, enhances service bruteforce capabilities. Monitoring Google Remote Desktop patterns can identify greyware activities. The advanced phishing tool Evilginx Pro grows alongside a community working on ethical phishing, with new updates addressing various vulnerabilities. Blacklight is a privacy tool that uncovers tracking technologies on websites, suggesting privacy-focused solutions. The comparison of anti-cheat and EDR bypasses distinguishes between gaming advantages and security evasion, with a nod towards ethical use. The "Hunting for Persistence in Linux" blog series explores defensive and offensive tactics regarding unauthorized access on Linux. Additional guides focus on Linux system persistence via account manipulation and systemd, with auditd, sysmon, and osquery for detection. An instructional post guides beginners in building C2 implants in C++, while Hetty presents an open-source HTTP toolkit with MITM features. Lastly, a cost-effective deep learning rig is constructed using second-hand hardware, overcoming technical challenges.
In the news, US companies face fines for not adhering to SEC's cybersecurity disclosure rules, urging improved incident responses. Research indicates GPT-4 could autonomously execute website exploits, highlighting AI security risks. Avast is fined $16.5 million by the FTC for unsanctioned data sales, necessitating a new privacy framework. Law enforcement disrupts the LockBit ransomware group, seizing $110 million. A compromised Python package led to a supply chain attack, while Malawi's government and ConnectWise ScreenConnect combat separate cybersecurity incidents. U-Haul's data breach impacts 67,000 customers, and Optum confronts a cyberattack suspected from nation-state actors.
In the news, US companies face fines for not adhering to SEC's cybersecurity disclosure rules, urging improved incident responses. Research indicates GPT-4 could autonomously execute website exploits, highlighting AI security risks. Avast is fined $16.5 million by the FTC for unsanctioned data sales, necessitating a new privacy framework. Law enforcement disrupts the LockBit ransomware group, seizing $110 million. A compromised Python package led to a supply chain attack, while Malawi's government and ConnectWise ScreenConnect combat separate cybersecurity incidents. U-Haul's data breach impacts 67,000 customers, and Optum confronts a cyberattack suspected from nation-state actors.
# Tradecraft
[#]
RepoReaper is an automated tool designed to identify and scan for exposed .git repositories across specified domains and subdomains, useful for security audits and bug bounty programs.
[#]
Brutespray is a tool updated to golang for faster and more extensive service bruteforce capabilities using various input formats, and includes changes in supported services, use cases, and usage instructions.
[#]
The document lists various patterns and keywords associated with Google Remote Desktop software usage that can potentially be monitored to detect greyware activities when this tool is misused by adversaries to access computers remotely.
[#]
Evilginx is evolving into a professional-grade phishing tool with the upcoming Evilginx Pro, while the community collaborates on ethical phishing techniques via a dedicated Discord channel, and recent updates have improved phishing frameworks and explored vulnerabilities like the Windows ZIP mark-of-the-web bypass and insecure cookie handling in web applications.
[#]
Blacklight is a privacy tool that examines websites in real time to reveal tracking technologies and data capture methods, urging users to consider privacy extensions or alternative browsers for better protection.
[#]
The article presents a comparison between anti-cheat bypass, which targets gaming platforms to gain unfair advantages, and EDR bypass, which evades enterprise detection software to compromise system security, including techniques like code injection and obfuscation, with emphasis on responsible security research versus malicious exploitation.
[#]
The blog series "Hunting for Persistence in Linux" delves into strategies for maintaining unauthorized access on Linux systems, leveraging tools like auditd, Sysmon, and osquery to detect and monitor changes such as unauthorized web shell installations and command executions by the www-data user, which are essential tactics for both attackers to maintain presence and defenders to protect and monitor their systems.
[#]
The text outlines methods for persisting access in Linux systems through account creation and manipulation, and provides detection strategies using tools like auditd, sysmon, and osquery.
[#]
This technical guide discusses methods for establishing persistence on Linux systems using systemd services, systemd timers, and cron jobs, and outlines how to detect and monitor such activities using tools like auditd, sysmon, osquery, and auditbeats.
[#]
This guide provides an introduction to building C2 implants in C++ for beginners, with a focus on interfacing with the Windows API and creating harder to reverse engineer executables, including a foundational project and resources available on GitHub.
[#]
Hetty is an open-source HTTP toolkit for security research offering MITM proxy capabilities, request and response interception, project-based organization, and a web-based admin interface.
[#]
The blog post details the construction of a cost-effective deep learning rig using second-hand hardware, resolving initial peer-to-peer GPU communication issues by adjusting BIOS settings and downgrading NVIDIA drivers.
# News
[#]
US companies and Chief Information Security Officers (CISOs) could face significant fines and legal repercussions if they fail to comply with the Securities and Exchange Commission's new rules on disclosing cybersecurity incidents, emphasizing the need for robust incident response plans and transparent communications with investors.
[#]
New research demonstrates the capabilities of GPT-4 in autonomously exploiting website vulnerabilities such as SQL injections, prompting discussions on the security implications of deploying advanced language models.
[#]
Avast antivirus vendor has been fined $16.5 million by the FTC for selling users' browsing data to third parties without consent and will now need to get express permission before data sales, delete old data, and start a privacy program.
[#]
The LockBit ransomware gang, known for extorting over $125 million in 18 months, was disrupted by global law enforcement, with unspent bitcoin totaling more than $110 million found in associated crypto wallets.
[#]
A Python package on PyPI called django-log-tracker was compromised to spread Nova Sentinel malware through a supply chain attack, prompting users to remove the affected version and validate their dependencies.
[#]
The Malawi government has temporarily stopped issuing passports due to a ransomware attack on its immigration department, with President Chakwera refusing to pay the demanded ransom and seeking temporary and long-term security enhancements.
[#]
A severe authentication bypass vulnerability in ConnectWise ScreenConnect remote management service (CVE-2024-1709, CVSS 10) and a related file path traversal weakness (CVE-2024-1708, CVSS 8.4) are being exploited, potentially leading to widescale ransomware attacks, and users should immediately apply the provided patch version 23.9.8 to mitigate these risks.
[#]
U-Haul has notified customers of a data breach after an unauthorized party accessed their reservation system using stolen credentials, affecting 67,000 customers in the U.S. and Canada, with impacted individuals offered a one-year identity theft protection service.
[#]
A critical use-after-free vulnerability in the Linux kernel's TLS subsystem (CVE-2024-26582, CVSS 8.4) requires immediate patching, specifically for kernel versions 6.0 to 6.8-rc4, with a fixed version available from 6.8-rc5 onwards.
[#]
UnitedHealth Group's subsidiary Optum suffered a cyberattack on its Change Healthcare platform, attributed to "nation-state" actors, resulting in disrupted healthcare billing services and leading to nationwide precautions such as disconnecting affected systems and manual prescription processing.
[#]
Apple patched a serious security flaw in the Shortcuts app that allowed shortcuts to access and transmit sensitive data without user permission, fixed in the January 2024 updates for iOS, iPadOS, macOS, and watchOS.
[#]
Law enforcement in Maryland has charged individuals in connection with a scheme that laundered over $9.5 million from BEC frauds, using shell companies without legitimate business activities to move funds and drawing attention from multiple agencies due to the diverse nature of victimized organizations.
[#]
The Knight ransomware group, previously known as Cyclops and linked to multiple breaches, is reportedly selling the source code for its version 3.0 ransomware tool on a hacker forum, signaling a potential shutdown of their operations.
[#]
LockBit ransomware group was developing a new cross-platform malware variant named LockBit-NG-Dev which is functional but lacks certain features of its predecessors; however, following a coordinated law enforcement takedown, the group's operations have been significantly disrupted, and the malware's source code is now known to security researchers.
[#]
A critical vulnerability in Atlassian Confluence, CVE-2023-22527, which allows unauthenticated OGNL injection and arbitrary code execution, is being actively exploited with over 620K attempts to deliver C3Pool Cryptominer malware, and Imperva's Cloud WAF and WAF Gateway customers are already protected against it.
[#]
Take It Down is a free service, provided by the National Center for Missing & Exploited Children, designed to assist in the removal of online sexually explicit images and videos taken before the age of 18 by assigning a unique hash value to the content for detection and deletion by participating platforms, without distribution of the actual image or video.
