HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

The Peaky-XD/webshell repository is a hub for webshell scripts in various languages including PHP and ASP, open to contributions under the MIT License. BALIMO LENA and PETLIBRO IoT Pet Feeders have been found to have security issues allowing for firmware extraction and unauthorized control, risking pet overfeeding through UART interface exploitation. The CanaryTokenScanner Python script aids in detecting Canary Tokens in documents and zip files to enhance cyber defense. A guide to removing Android.Waps adware from the Kirikiroid2 app using tools such as Apktool is detailed. An online tool enables the creation of fake Telegram chats for entertainment. Zeoob offers tools for simulating social media content for educational purposes. A categorized list of Telegram bots is provided for PII research and SOINT applications, emphasizing good OPSEC practices. Risks associated with unauthorized Terraform provider deployment due to exposed state files are discussed, with mitigation advice such as enabling state locking. RetinaFace, a Python library, offers features for facial detection and recognition, installable via 'pip' or 'conda'. Bouncer is a bookmarklet for extracting user IDs from social media profiles. The Tosint OSINT tool extracts data from Telegram bots. jsleak is a tool for finding secrets in JavaScript files. Security measures for Nginx servers and strategies from the "BypassAV" GitHub repository for evading anti-virus and EDR systems are shared. Recommendations for enhanced system security include patch management and user education. Advanced cybersecurity techniques to attack Microsoft 365 and the open-source bpftop tool from Netflix for viewing eBPF program statistics are also mentioned.

In the news, Microsoft warns of an exploited Windows Kernel issue (CVE-2024-21338). The BlackCat/ALPHV ransomware group attacked Change Healthcare, stealing data. SpikedWine targeted EU diplomats with "WineLoader" malware. Epic Games denies server breach by Mogilevich group. Palo Alto Networks faces a lawsuit over forecasts. North Korea's Lazarus hackers exploited a patched Windows AppLocker flaw. The US restricts Sandvine and Chengdu Beizhan Electronics for surveillance and nuclear roles. Cencora reports a data breach. The Iranian UNC1549 group targets aerospace for espionage. Japan's CSIRT warns of 'Comebacker' malware in PyPI packages. Russian hackers attack Ubiquiti EdgeRouters. Cisco Talos finds TimbreStealer malware in Mexico. President Biden plans an executive order on data protection. Concerns over GlobalBlock's free speech impact. Google's filetype search issue, Abyss Locker ransomware targets, and Xeno RAT malware spread noted.

# Tradecraft

[#] The repository at Peaky-XD/webshell contains a collection of webshell scripts for various programming languages including PHP, Perl, ASP, ASP.NET, and more, and accepts contributions under the MIT License.
Read More @ github.com
[#] Security analysis of BALIMO LENA and PETLIBRO IoT Pet Feeders reveals poor security practices, enabling attack vectors such as firmware extraction and unauthorized remote control, with a demonstrated method for overfeeding pets via UART interface exploitation.
Read More @ whid.ninja
[#] A Python script named CanaryTokenScanner has been developed to proactively scan Microsoft Office documents, Acrobat Reader PDFs, and Zip files for Canary Tokens which signal intrusion, thereby bolstering defenses against cyber threats.
Read More @ kitploit.com
[#] The blog post outlines the process of removing Android.Waps adware from the Kirikiroid2 apk, including decompilation with Apktool, identifying and eliminating malicious smali code, and recompiling and signing the cleaned apk for use.
Read More @ github.io
[#] The text provides an online tool for creating fake Telegram chats for personal amusement or data testing purposes, offering customization options like time, message content, and profile photos, while emphasizing these do not generate real communications and should only be used for individual testing or entertainment.
Read More @ fakedetail.com
[#] Zeoob offers online simulation tools for creating fake social media content across various platforms for educational and digital marketing practice without spending resources in a real environment.
Read More @ zeoob.com
[#] The data provides a list of Telegram bots categorized by their applicability in different countries, with a focus on bots used for personal identifying information (PII) research, social media intelligence (SOCMINT), and domain & IP investigations, highlighting the importance of OPSEC in cyber security research.
Read More @ airtable.com
[#] RetinaFace is a Python library for deep learning-based facial detection that provides functions for face detection with landmarks, face alignment improvements, and can be combined with other modules like ArcFace for a complete face recognition system, available for installation via 'pip' or 'conda'.
Read More @ github.com
[#] Bouncer is a browser bookmarklet for extracting user IDs from Twitter, Facebook, Instagram, and TikTok profile pages with the simple click of a bookmark.
Read More @ github.com
[#] Tosint is an OSINT Python tool for extracting data from Telegram bots and associated channels, detailing elements like bot and chat information, administrator details, and invite links.
Read More @ github.com
[#] jsleak is a command-line tool used in cybersecurity reconnaissance to identify secrets like API keys and URLs in JavaScript files by employing regex patterns from multiple sources, offering features such as concurrent scanning and status checks for URLs.
Read More @ github.com
[#] The article details a vulnerability in Nginx configurations where missing trailing slashes can lead to unauthorized directory access, and offers a list of measures to secure Nginx servers against various attacks.
Read More @ hashnode.dev
[#] The repository "BypassAV" on GitHub provides a map of key strategies for evading anti-virus and EDR systems, with an emphasis on manual methods over open-source tools for better avoidance of detection.
Read More @ github.com
[#] To enhance system security, one should implement regular patch management, employ strong authentication mechanisms, audit network systems for vulnerabilities, and educate users about potential cyber threats.
Read More @ securitybreached.org
[#] The blog explores advanced cybersecurity techniques such as leveraging token theft and social engineering to compromise Microsoft 365 users and evade conditional access policies, while also outlining methods like Evilginx2 and TokenTactics for simulating attacks and bypassing security measures.
Read More @ trustedsec.com
[#] Netflix's bpftop is an open-source tool providing a dynamic, real-time display of eBPF program statistics on Linux, requiring kernel version 5.8 or later and specific libraries, while minimizing performance overhead by gathering data only when active.
Read More @ github.com
[#] An attacker with access to a Terraform state file can modify it to force the deployment of their own malicious Terraform provider, leading to potential compromise of a CI/CD pipeline, therefore state files should be secured and state locking enabled to mitigate this risk.
Read More @ plerion.com

# News

[#] A Windows Kernel Elevation of Privilege issue, identified as CVE-2024-21338, is being actively exploited, with Microsoft advising immediate patching, as detailed in their security guidance issued on February 28, 2024.
Read More @ inthewild.io
[#] The BlackCat/ALPHV ransomware group has taken responsibility for a cyberattack on Change Healthcare, claiming to have stolen 6TB of sensitive data which has resulted in an outage affecting over 70,000 pharmacies; UnitedHealth Group is working to restore systems and has not confirmed the breach specifics, while authorities including the FBI, CISA, and HHS warn of increased BlackCat attacks on the healthcare sector.
Read More @ bleepingcomputer.com
[#] Cyber attackers, under the alias "SpikedWine", have targeted EU diplomats using a fake wine-tasting invitation to deliver the modular, evasive "WineLoader" backdoor malware, exploiting India-Europe diplomatic relations, with defense against this threat involving multilayered cloud security platforms to detect related IoCs.
Read More @ darkreading.com
[#] Epic Games has debunked the Mogilevich group's claim of breaching their servers, with investigations showing no evidence of an attack or data theft, despite the group's attempts to sell purported stolen data for $15,000 to buyers able to show they have the funds.
Read More @ bleepingcomputer.com
[#] Palo Alto Networks' stock value plummeted by 28% after a revised earnings forecast indicated only a 2-4% increase in billings due to a downturn in federal government spending, sparking a class action lawsuit claiming the company made false statements concerning the effectiveness and demand for its platform consolidation strategy and AI products.
Read More @ theregister.com
[#] North Korean Lazarus hackers exploited a recently discovered zero-day in the Windows AppLocker driver to disable security tools and maintain persistence, resolved by the February 2024 Patch Tuesday update.
Read More @ bleepingcomputer.com
[#] The US has prohibited transactions with Canadian company Sandvine after it supplied technology used for mass surveillance and censorship by the Egyptian government, and China's Chengdu Beizhan Electronics has been added to the trade restrictions list for supporting China's nuclear weapons program.
Read More @ packetstormsecurity.com
[#] Global pharmaceutical company Cencora reported a cyberattack on February 21, where personal data was stolen, and is currently working with law enforcement and cyber experts to manage the incident, amidst regulations requiring material impact disclosure within four days.
Read More @ packetstormsecurity.com
[#] Iranian threat group UNC1549 targets aerospace and defense sectors in the Middle East using spear-phishing with job-themed lures and deploys MINIBIKE and MINIBUS backdoors for espionage via Microsoft Azure cloud infrastructure.
Read More @ thehackernews.com
[#] Japan's Computer Security Incident Response Team alerts about four Python Package Index (PyPI) packages containing the 'Comebacker' malware loader, attributed to North Korean hacker group Lazarus, implicating thousands of developers' systems in potential supply chain cyberattacks.
Read More @ bleepingcomputer.com
[#] Russian state-sponsored hackers are exploiting Ubiquiti EdgeRouters to create botnets and steal data, with mitigation advised through hardware resets, firmware updates, and security practices like changing default credentials and enabling firewall rules.
Read More @ hackread.com
[#] Cisco Talos reveals TimbreStealer malware targeting Mexican users, employing advanced evasion and persistence techniques, focusing on information theft, and highlighting the need for robust email security training and sophisticated endpoint protection.
Read More @ securityonline.info
[#] US President Joe Biden is anticipated to sign an executive order to prevent adversarial nations, including China and Russia, from obtaining American sensitive personal and government-related data, with measures to be enforced by the Justice Department following public commentary periods.
Read More @ theregister.com
[#] Brand Safety Alliance's GlobalBlock service is now generally available, allowing trademark owners to pay for blocking the registration of wide arrays of domain names that resemble or contain variations of their trademarks, including those with confusable homoglyph characters, with concerns raised about the potential impact on free speech and domain name versatility.
Read More @ bleepingcomputer.com
[#] The Google filetype search function for locating specific document types is currently malfunctioning, but there are workarounds available on Henk van Ess's Digital Digging site and updates to this issue are forthcoming.
Read More @ digitaldigging.org
[#] Abyss Locker ransomware, based on HelloKitty code, is targeting Windows and Linux systems, including VMware ESXi, with behavioural indicators of compromise and security measures provided to detect and block the threat.
Read More @ gbhackers.com
[#] Xeno RAT, a sophisticated malware available on GitHub, uses advanced evasion and persistence techniques to compromise computers and requires users to follow cybersecurity best practices and employ threat intelligence to protect against this evolving threat.
Read More @ cyfirma.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-02-29

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins