# Latest Podcast
# Description
The LogSnare project is a web application aimed at educational purposes, demonstrating common security flaws like IDOR and broken access control. RKS automates keystrokes for post-exploitation activities in remote desktop environments. VMP-Imports-Deobfuscator rebuilds the IAT in VMProtect-protected applications. Techniques to harden Windows systems against various cyber threats involve modifying Registry and service settings. Telegram users can locate others via the 'People Nearby' feature; however, this can be countered by disabling location settings. The smtpEmailChecker is a Python tool for validating email addresses over SMTP. The article outlines the creation and concealment of a keylogger payload for stealthy data exfiltration. A tool for searching Malware Bazaar enhances the ability to find Cobalt Strike LNK loaders. The gitdoorcheck tool uses OpenAI's LLM APIs for code analysis to detect backdoors in Git repositories. The Mysterious Werewolf threat group is exploiting a WinRAR vulnerability to deliver the RingSpy backdoor to military-industrial targets. Elastic Security Labs shared a technique to capture ransomware encryption keys using canary files. An Android vulnerability in APEX package signature verification allows for malicious code execution. BOFHound is an offline tool that generates BloodHound-compatible JSON for Active Directory analysis. An exploit for a Linux kernel vulnerability in the Traffic Control subsystem enables kernel access via a Use-After-Free condition. Lastly, the cybersecurity-roadmap GitHub repository provides a comprehensive guide for career progression in the cybersecurity field.
In the news,The UnitedHealth Group and Change Healthcare reported cyberattacks by the ALPHV/Blackcat ransomware gang, affecting healthcare services. CutOut.Pro refutes a data breach claim despite evidence. Anurag Sen exposed a leak from YX International, risking two-factor codes. Fulton County and Houser LLP are addressing separate security incidents. The U.S. Commerce Department investigates auto cyber risks, while Golden Corral faces a breach lawsuit. CryptoChameleon targets crypto platforms, with increased security advised.
In the news,The UnitedHealth Group and Change Healthcare reported cyberattacks by the ALPHV/Blackcat ransomware gang, affecting healthcare services. CutOut.Pro refutes a data breach claim despite evidence. Anurag Sen exposed a leak from YX International, risking two-factor codes. Fulton County and Houser LLP are addressing separate security incidents. The U.S. Commerce Department investigates auto cyber risks, while Golden Corral faces a breach lawsuit. CryptoChameleon targets crypto platforms, with increased security advised.
# Tradecraft
[#]
LogSnare is an intentionally vulnerable web application designed for teaching about IDOR (Insecure Direct Object References) and broken access control issues, providing real-time security control toggles, and demonstrating effective logging as a means to detect and prevent such vulnerabilities.
[#]
RKS is a script designed to automate keystrokes in a graphical remote desktop environment, aiding in post-exploitation tasks by executing predefined commands and transferring files using different methods on various platforms.
[#]
The VMP-Imports-Deobfuscator is a tool that reconstructs the Import Address Table (IAT) and patches obfuscated calls in VMProtect protected x64 applications, with improvements in handling new VMProtect versions that use multiple stubs and an entropy-based approach to detect VMProtect sections.
[#]
Harden Windows systems by executing specific Registry and service management commands to minimize the risk of lateral movement, privilege escalation, and remote exploitation vulnerabilities.
[#]
Telegram users can track the approximate location of others who have the 'People Nearby' feature enabled using tools like Telegram Nearby Map and Geogramint, though exact positions are no longer possible due to API changes, and disabling location features in Telegram's settings can prevent being tracked.
[#]
The smtpEmailChecker is a Python-based penetration testing tool utilized for verifying email addresses through SMTP commands.
[#]
The article provides a step-by-step guide on developing, concealing, and testing a keylogger payload designed for undetectable data exfiltration and persistent operation on targeted systems.
[#]
A new tool that enhances Malware Bazaar's search capabilities for pinpointing Cobalt Strike LNK loaders by combining multiple search filters has been released, along with basic analysis methods of the found samples.
[#]
The `gitdoorcheck` tool performs static code analysis on Git repositories using OpenAI's LLM APIs to detect backdoors and malicious code, providing JSON output for potential integration into CI pipelines.
[#]
A threat group called Mysterious Werewolf is targeting military-industrial complex enterprises using a phishing campaign that exploits the CVE-2023-38831 vulnerability in WinRAR to initially compromise systems, then deploys a Python-based backdoor called RingSpy via a multistage infection process leveraging various scripting languages and legitimates services like Telegram for command and control.
[#]
Elastic Security Labs detailed their technique for capturing ransomware encryption keys by extending their canary file system with kernel-level detection and userland process memory snapshots, allowing for the potential decryption of ransomware-encrypted files.
[#]
The repository provides proof-of-concept code and instructions for exploiting a vulnerability in Android APEX package signature verification, enabling attackers to execute code on devices with APEXes signed with test keys.
[#]
BOFHound is an offline tool that generates BloodHound-compatible JSON by parsing logs from ldapsearch BOF, pyldapsearch, and Brute Ratel's LDAP Sentinel, to be utilized for analyzing Active Directory environments while avoiding certain detection mechanisms.
[#]
An exploit for a complex vulnerability in the Linux kernel's Traffic Control subsystem, traced to incorrect reference count handling causing a Use-After-Free condition, was successfully developed and involves KASLR bypass, controlled memory allocation, and precise code execution to gain kernel access.
[#]
The GitHub repository "cybersecurity-roadmap" provides a guide for cybersecurity professionals including skill sets, job roles, and resources needed to progress in various security roles such as application security, cloud security, and network security.
# News
[#]
UnitedHealth Group disclosed that the ALPHV/Blackcat ransomware gang is responsible for a cyberattack on Change Healthcare, impacting various healthcare services, with ongoing investigations and efforts to understand the full consequences of the data breach.
[#]
CutOut.Pro, an AI design tools company, refutes a hacker's data breach claim, despite independent verification of leaked data including sensitive user information now indexed on HaveIbeenPwned.
[#]
Security researcher Anurag Sen uncovered a password-less database from YX International leaking SMS message contents, including two-factor authentication codes and password reset links for several major tech platforms, which was secured after TechCrunch intervention.
[#]
Fulton County, Georgia, persists in refusing to meet Lockbit 3.0 hacking group's ransom demands after a cyberattack on their systems, instead focusing on restoring services and following cybersecurity advice that discourages paying ransoms.
[#]
Houser LLP suffered a network breach between May 7-9, 2023, leading to the exposure of personal data for about 325,000 individuals and has since initiated client notifications and enhanced cybersecurity measures.
[#]
The U.S. Commerce Department will investigate the security risks of vehicles with internet connections made in China, focusing on how they could collect and send sensitive data abroad or be remotely compromised.
[#]
Golden Corral restaurant chain reported a data breach affecting approximately 180,000 current and former employees, leaking sensitive information between August 11 and August 15, 2023, with free credit monitoring services offered and class action lawsuits filed in response.
[#]
A phishing scheme named CryptoChameleon targets cryptocurrency platforms and uses sophisticated social engineering, including phone impersonations, to steal sensitive data; organizations are advised to implement stronger authentication measures and educate users on verifying communication sources.
[#]
The "CryptoChameleon" phishing campaign, which targets cryptocurrency users and FCC employees by mimicking login pages and employing email, SMS, voice phishing, and hCaptcha bypass, has compromised over 100 victims and experts recommend stronger authentication measures and vigilance against unsolicited messages.
[#]
CISA is alerting about active exploitation of a Windows Streaming Service privilege escalation flaw (CVE-2023-29360) and advises patches applied before March 21, with Microsoft confirming protected status for updated systems.
[#]
German police have dismantled a large cybercrime market called Crimemarket with over 180,000 users, arresting six individuals and seizing various assets after a lengthy investigation.
[#]
Consumer Reports has identified critical security flaws in Eken and Tuck video doorbells, sold on major platforms like Amazon, that could be exploited without a password, prompting calls for their removal from the market and better product vetting by online retailers.
[#]
The US Department of Justice has indicted Alireza Shafie Nasab for allegedly leading a cyber campaign that compromised over 200,000 accounts, targeting US defense contractors and government agencies, with a $10M bounty for information on his whereabouts.
[#]
In a lawsuit against NSO Group for allegedly using its Pegasus spyware to spy on WhatsApp users, a US court has ordered NSO to share its spyware code with WhatsApp, respecting certain protections for client identities and server architecture details.
[#]
Pig butchering scams deceive individuals into fraudulent cryptocurrency investments through fake relationships or investment opportunities, and to avoid them, users should be cautious of unsolicited messages, verify profiles and investment sites, and resist sharing financial information.
[#]
The U.S. Department of Justice has indicted Alireza Shafie Nasab for conducting a cyber-espionage campaign against U.S. entities, with a $10 million reward offered for information leading to his capture, and the public can securely submit tips to a specified Tor address.
[#]
Microsoft has retracted the latest Edge 122.0.2365.63 update after it caused "Out of Memory" errors, and suggests users switch off 'Enhanced Web Protection' or modify its settings if they are unable to access the browser.
[#]
A sophisticated phishing kit named CryptoChameleon targets cryptocurrency users through forged SSO pages, employing emails, SMS, and voice calls to pilfer credentials, with Lookout revealing its overlap with Scattered Spider's methods but distinctive C2 infrastructure.
[#]
The UK Information Commissioner's Office reprimanded West Midlands Police for confusing the records of two individuals with identical names and birth dates, leading to a mix-up between victim and suspect data and inadequate responses to the error, which WMP has addressed by implementing a Data Quality Policy and compensating one of the affected parties.
[#]
Cybersecurity experts at Palo Alto Networks Unit 42 have uncovered a new Linux variant of BIFROSE malware that evades detection by using a deceptive VMware domain, with a recent increase in activity suggesting the BlackTech group's intent to broaden their attack capabilities.
[#]
Bishop Fox has been recognized as a leader in the 2024 GigaOm Radar for Attack Surface Management, offering a suite of offensive security services, and developed a vulnerability scanner for the recently patched CVE-2024-21762 in FortiGate firewalls, which they have detailed in their latest blog.
[#]
A macOS root privilege escalation vulnerability, CVE-2023-42942, has been disclosed with a proof-of-concept that exploits a race condition, and users should apply the patch introduced in macOS Sonoma 14.1 to protect their systems.
[#]
A flaw in Cisco ASA and FTD software's web services interface can result in unauthorized memory content disclosure when invalid URLs are processed, requiring configuration checks and updates to mitigate the issue.
[#]
The Five Eyes intelligence alliance has warned that cyber attackers are actively exploiting four security flaws in Ivanti products, even though a factory reset, due to an Integrity Checker Tool's inability to detect all types of malware, advising organizations to evaluate the risk of continuing the use of Ivanti Connect Secure and Ivanti Policy Secure gateways.
[#]
The Institute for Study of Information Warfare in Israel reports on various geopolitical events, including the results of municipal elections during wartime and their impact on future national polls, the classification of post-Soviet states based on their friendliness towards Russia, Saudi Arabia's strategic move to align with BRICS to shape a new Middle East, and the societal challenges faced by Ukraine's war-disabled, as well as internal political dynamics in Israel and Azerbaijan.
[#]
Researchers uncovered a new Linux variant of the Bifrost malware that uses typosquatting to evade detection, with Unit 42's cloud security services providing detection and response capabilities.
[#]
A serious security flaw, CVE-2023-45779, was found in Android's APEX module signing, which could allow unauthorized control over devices, but Google and affected OEMs have patched it with updates requiring a 2023-12-05 Security Patch Level.