# Latest Podcast
# Description
Today, CozyHosting box uses session hijacking, addressing Apache DolphinScheduler's vulnerabilities, and introducing tools like Sebel for blocking malicious SSL/TLS certificates. It discusses Android management with Moukthar, data protection via MultiDump and Excel-Anonymizer, and secure file sharing with QR codes. The guide highlights software like AdGuardHome for ad blocking, TikTok Uploader, and Fossify Messages for SMS automation. It also touches on network security with Onionpipe, social media analysis with Hunt Intelligence, and updates on APT-HUNTER, cURL fuzzing, and IoT exploits. Additionally, it explores SQL injection detection, command and control with Havoc C2, and access to the vulnerability database with CVEMAP.
Phishing campaigns target FCC and crypto firm employees with CryptoChameleon, leading to over 100 breaches. An Indian content farm mimics news outlets to push gambling and crypto scams. Hikvision and Ivanti Pulse Secure address critical vulnerabilities. U.S. cybersecurity agencies alert on Phobos ransomware. NSO Group is compelled to share Pegasus source code with Meta. ConnectWise ScreenConnect and SolarWinds fix severe exploits. McAfee Labs highlights malware in PDFs, and Shodan scans for internet-connected devices.
Phishing campaigns target FCC and crypto firm employees with CryptoChameleon, leading to over 100 breaches. An Indian content farm mimics news outlets to push gambling and crypto scams. Hikvision and Ivanti Pulse Secure address critical vulnerabilities. U.S. cybersecurity agencies alert on Phobos ransomware. NSO Group is compelled to share Pegasus source code with Meta. ConnectWise ScreenConnect and SolarWinds fix severe exploits. McAfee Labs highlights malware in PDFs, and Shodan scans for internet-connected devices.
# Tradecraft
[#]
The blog post discusses various techniques for remotely resetting expired user passwords on a network, highlighting methods that leverage Outlook Web Access, Remote Desktop Protocol, smbpasswd, ChangePwd, Impacket smbpasswd.py, and Windows PowerShell, among others, along with their respective caveats or prerequisites.
[#]
A detailed walkthrough explains how to exploit the CozyHosting box on HackTheBox by leveraging a Java Spring Boot Actuator endpoint for session hijacking, finding a command injection vulnerability, extracting database credentials from a Java JAR file, cracking password hashes, and employing sudo with SSH's ProxyCommand option for privilege escalation to gain root access.
[#]
Sebel is a Go package that identifies and blocks SSL/TLS certificates linked to botnet command and control servers, through blacklisting, to prevent malicious network communications.
[#]
Apache DolphinScheduler versions 3.1.8 and earlier are vulnerable to Remote Code Execution due to unsafe handling of user input in the SwitchTaskUtils class, with additional issues related to deserialization and Kubernetes namespace handling in different CVEs, all of which have fixes available via pull request and configuration adjustments.
[#]
Moukthar serves as a remote administration tool for Android, offering capabilities such as notification and SMS listening, call recording, image capture, persistent access, contact management, app listing, file transfer, and device localization, with installation requiring cloning the repository, moving server files, installing dependencies, setting up database credentials, starting the web socket server, and modifying designated server configuration files.
[#]
The GitHub project Excel-Anonymizer utilizes the Python script to anonymize sensitive data in Excel files by identifying and replacing personal information with synthetic alternatives, ensuring privacy without the potential for reverse engineering the original data.
[#]
The provided information outlines a lightweight and secure distroless Unbound Docker image based on Alpine Linux, focused on privacy and performance, which includes features like DNSSEC and DNS over HTTPS/TLS and is suitable for integration with Pi-hole.
[#]
A static website provides information on invisible Unicode characters, which could be relevant for cybersecurity experts looking to understand how such characters might be used in coding or cyber attacks.
[#]
OpenGFW is an open-source version of the Great Firewall of China designed for Linux systems, offering features like full IP/TCP reassembly, protocol analysis, encrypted traffic detection, flow-based load balancing, and a powerful rule engine for various use cases such as ad blocking, parental control, and traffic analysis.
[#]
AdGuardHome is an open-source DNS server designed to block ads and trackers network-wide, with functionalities including custom filter rules, network monitoring, parental controls, and support for encrypted DNS services, which can be installed via automated scripts or other methods detailed on their GitHub repository.
[#]
The text outlines the TikTok Uploader, a Selenium-based automation tool for scheduling and uploading videos to TikTok, which includes features like handling mentions, hashtags, stitches, duets, comments, and proxies, along with customization options for web browser selection and headless operations.
[#]
Fossify Messages is an open-source Android application that allows users to manage SMS and MMS messages without ads, featuring functionalities like message blocking, SMS backup, privacy on lock screen notifications, an efficient search tool, and a lightweight design.
[#]
Onionpipe is a tool for creating secure network tunnels to Onion addresses through Tor, which can be used to access services from anywhere without relying on public IP addresses or third-party services.
[#]
Hunt Intelligence offers a platform that aggregates and simplifies the analysis of location-based social media data for security professionals and investigators, featuring an intuitive search function, unlimited queries, and a location-first approach for real-time insights.
[#]
Shells.Systems reports on cyber security developments including Froxlor server management vulnerability, enhancements to APT-HUNTER for Windows event log analysis, methods to circumvent AppLocker security, techniques to disguise malicious traffic using TYK cloud API, updates to NinjaC2 command and control tool, DNSStager improvements to hide payloads, and the creation of new cyber security tools and strategies.
[#]
APT-Hunter is a Python-based threat hunting tool that facilitates the detection of Advanced Persistent Threat (APT) movements by analyzing Windows event logs, providing automated log collection scripts, and generating output compatible with timeline analysis tools like Timesketch.
[#]
Trail of Bits improved fuzzing for cURL by enhancing code coverage in areas like HSTS and Alt-Svc headers, adding seed files, implementing new libcurl options, and suggested further techniques such as dictionaries, argv fuzzing, and structure-aware fuzzing.
[#]
APTs pose a severe threat to various sectors by utilizing sophisticated, multi-stage attacks to infiltrate networks and extract sensitive data, necessitating robust detection, prevention, and incident response strategies.
[#]
Sean Pesce discloses a method to exploit the ssh-keygen command on Linux-based IoT devices with sudo privileges by loading a malicious shared library, achieving root access, complete with proof of concept code and detailed implementation guidance available on GitHub.
[#]
The repository "SQLi_Sleeps" contains a simple Python script for detecting SQL injection vulnerabilities by sending GET requests to specified URLs with different data inputs and identifying responses that take longer than 20 seconds, indicating potential time-based SQL injection points.
[#]
The article details a method for setting up Havoc C2 for stealthy command and control operations by using encrypted HTTPS connections, custom headers, and DLL proxy hijacking to evade detection by antivirus and EDR systems.
[#]
The GitHub repository 'outflanknl/unmanaged-dotnet-patch' contains a proof-of-concept demonstrating how to modify managed .NET functions using unmanaged code, without any related security advisories or solutions provided.
[#]
MetaHub is an open-source automation tool designed to enrich security findings from AWS Security Hub or ASFF-compatible scanners, providing context-specific impact evaluations and customizable reporting to enhance vulnerability management.
[#]
A Proof of Concept (PoC) for CVE-2023-22527 demonstrates a Remote Code Execution (RCE) vulnerability in Confluence Data Center and Server, which can be mitigated by applying a patch that blocks specific object-navigation language (Ognl) expressions identified by the ConfluenceOgnlGuard class.
[#]
CVEMAP is a command-line tool that provides structured access and filtering to multiple vulnerability databases, and it requires Go 1.21 for installation, with functionality to map CVEs to various endpoints like EPSS, KEV, and potential exploits, which can be configured with a ProjectDiscovery Cloud Platform API token.
[#]
MultiDump is a tool designed to discreetly extract LSASS memory without detection, using modified legitimate binaries, encryption, and evasion techniques, with further defenses against Windows Defender outlined in post-exploitation scenarios.
# News
[#]
A sophisticated phishing operation is targeting FCC and crypto firm employees using a phishing kit called CryptoChameleon, which mimics legitimate login pages to steal sensitive information, with over 100 successful compromises reported and indicators of compromise provided by Lookout researchers.
[#]
BleepingComputer reports a content farm in India impersonating over 60 news outlets like BBC, CNN, and The Guardian to boost SEO for gambling and crypto ventures, and unethically selling ad space; readers should verify authenticity and copyright standing before trust or use.
[#]
Security vulnerabilities CVE-2024-25063 and CVE-2024-25064 in Hikvision's HikCentral Professional platform have been patched; users should update to V2.5.1 or later to mitigate unauthorized access and privilege escalation risks.
[#]
NVISO researchers have discovered two advanced TLS-based backdoors, named SparkCockpit and SparkTar, that target organizations through Ivanti Pulse Secure vulnerabilities, offering persistent access and avoiding detection through TLS handshake interception and malicious JAR plugins for boot persistence.
[#]
The US cybersecurity agencies CISA, FBI, and MS-ISAC issued an alert about ongoing Phobos ransomware attacks targeting critical sectors, advising to secure RDP services, detect phishing attempts, and implement data backup and recovery plans.
[#]
The U.S. DoJ has indicted Iranian Alireza Shafie Nasab for a cyber campaign targeting U.S. entities and offers $10 million for information leading to his capture, with charges including computer and wire fraud, and identity theft.
[#]
A U.S. judge has mandated NSO Group to give Meta the Pegasus spyware source code, signaling a win for Meta and highlighting global concerns over privacy rights and the legal shielding of spyware clients' identities.
[#]
Taiwan's largest telecom operator, Chunghwa Telecom, experienced a cyber breach with 1.7TB of data including government agency details stolen and sold on the Dark Web, prompting the defense ministry to call for enhanced cybersecurity measures.
[#]
Russia will enforce a VPN ban starting 1st March 2024 to prevent access to banned content and evade surveillance, affecting privacy, free speech, and risks to activists, amid increased efforts to control and monitor internet usage within its borders.
[#]
German law enforcement has dismantled Crimemarket, the largest German-speaking cybercrime marketplace, leading to the arrest of its operators and seizure of drugs, tutorials for criminal activities, and cash, while continuing to target the platform's users.
[#]
A critical vulnerability in ConnectWise ScreenConnect software, CVE-2024-1709, has been exploited by multiple ransomware groups including Play and LockBit, targeting an MSP and other organizations, highlighting the urgent need for affected systems to apply the recently released patches.
[#]
Air National Guardsman Jack Teixeira, who leaked classified Pentagon documents on his Discord server, is expected to enter a guilty plea in court, while 15 Air Guard leaders have been disciplined, and the US Air Force is updating its classified data access policies in response to the incident.
[#]
A California judge has mandated NSO Group to provide WhatsApp with the source code of its Pegasus spyware used between 2018 and 2020, while the identities of its government clients and server architecture remain undisclosed.
[#]
SolarWinds has patched a critical remote code execution vulnerability, CVE-2024-0692, in their Security Event Manager, and users should update to version 2023.4.1 to prevent unauthenticated attackers from potentially gaining control of their systems.
[#]
McAfee Labs has identified a rise in malware distributed through PDFs exploiting embedded URLs and JavaScript for redirecting users to malicious sites, with sophisticated methods like Agent Tesla bypassing defenses and compromising data, highlighting the need for updated software and vigilant email attachment scrutiny.
[#]
Apache Ambari version 2.7.8 patches a stored cross-site scripting (XSS) vulnerability identified as CVE-2023-50378, which could allow attackers to steal sensitive data, hijack sessions, or inject malware, and administrators should update their installations promptly to mitigate these risks.
[#]
The SolarWinds Security Event Manager (SEM) version 2023.4 and earlier has a critical deserialization vulnerability (CVE-2024-0692) with a severity rating of 8.8, which allows remote code execution and has been resolved in the updated release SEM 2023.4.1 SR.
[#]
Shodan is a search engine for internet-connected devices, offering various services like Maps and Images for visualization, and requires users to log in for advanced search filters and API access.
[#]
Researchers have developed a model that learns real-world humanoid robot control by predicting sensorimotor trajectories, enabling a humanoid to navigate complex environments like the streets of San Francisco without prior specific training.
