# Latest Podcast
# Description
A penetration testing lab blog post reveals the use of Visual Studio Code extensions for achieving persistent access in compromised systems, highlighting extension development, packaging, and execution with .NET and JavaScript integration. BloodHound, a security tool utilizing graph theory, reveals intricate privilege relationships within Active Directory and Azure, benefiting both attackers and defenders. A detailed guide introduces the creation of an automated command and control (C2) infrastructure using Terraform, Nebula, Caddy, and Cobalt Strike. Separately, a security researcher discovered a vulnerability on a community website allowing access to supposedly deleted comments, which was recognized as a minor issue and fixed. Lastly, 403JUMP is introduced as a penetration testing tool designed to bypass HTTP 403 errors, equipped with features for customization and concurrency.
# Tradecraft
[#]
A blog post on Penetration Testing Lab details how to utilize Visual Studio Code extensions for persistent access in compromised systems, demonstrating extension development, packaging, and execution, including use of embedded .NET code via JavaScript for advanced payloads.
[#]
BloodHound is a security tool that employs graph theory to illuminate complex privilege relationships within Active Directory and Azure, aiding both attackers in locating exploitable pathways and defenders in closing them down.
[#]
A comprehensive guide on how to utilize Terraform, Nebula, Caddy, and Cobalt Strike to establish an automated command and control (C2) infrastructure with customizable elements for offensive security operations.
[#]
A security researcher found an endpoint on a community website that allowed access to supposedly deleted comments by using specific comment and thread IDs, which the site's security team acknowledged as a low-impact privacy issue and subsequently fixed.
[#]
403JUMP is a penetration testing tool for bypassing HTTP 403 errors through various methods like HTTP verbs, header modifications, and path fuzzing, with features for customization, concurrency, and detailed usage instructions available for efficiency in security audits.
# News
[#]
ALPHV/BlackCat ransomware group's website went offline after they took responsibility for a significant cyberattack on Change Healthcare, leading to ongoing prescription service disruptions and prompting the launch of a new electronic prescription service.
[#]
Russian operatives infiltrated a German military Webex meeting, recording a confidential conversation regarding Taurus cruise missile strategies for Ukraine, resulting in a probe by Germany's Military Counterintelligence Service and amplifying concerns about cybersecurity practices in sensitive communications.
[#]
The European Commission fined Apple approximately $1.95 billion for imposing restrictions in the App Store that kept developers from informing users about cheaper music subscription alternatives, which the Commission deemed an abuse of Apple's dominant market position; Apple plans to appeal the decision.
[#]
A recent security alert details an exploit in a WordPress plugin that installs the Godzilla Web Shell; users should update their systems and apply new detection rules available to customers with the specific UUID provided.
[#]
Hikvision has released patches for two vulnerabilities in its HikCentral Professional system, a high-severity bug allowing unauthorized URL access and a medium-severity bug permitting authenticated users to access restricted resources, with customers advised to update their software to prevent potential exploits.
[#]
Georgia Tech researchers have developed web-based malware targeting programmable logic controllers to demonstrate that remote attacks similar to Stuxnet are feasible, with the malware leveraging service workers for persistence and using powerful web APIs for diverse operations including real-time data exfiltration and potential self-destruction after misuse.
[#]
Ukraine's Main Intelligence Directorate claims a successful cyber operation against the Russian Ministry of Defense, acquiring sensitive documents and detailing the structure and personnel within the organization.
[#]
Researchers have demonstrated a new cyber threat by creating AI worms, named Morris II, that can autonomously spread between AI systems, steal sensitive data, and bypass security measures, prompting the necessity for developers to strengthen AI application defenses and input validation to prevent such attacks.
[#]
American Express has notified customers of a data breach at a third-party merchant processor resulting in exposure of card numbers, names, and expiration dates, and advises affected cardholders to review account statements and consider getting new cards.
[#]
South Korea's intelligence service reports that North Korean hackers have increased cyber espionage attacks on South Korean semiconductor manufacturers, exploiting known server vulnerabilities to steal sensitive data like design drawings and facility photos, with recommendations for the targeted firms to update security and toughen access controls.
[#]
Cybercriminals in India are leveraging the XHelper Android app and a network of money mules to launder stolen funds through UPI service providers, which aren't covered by money laundering prevention laws, prompting arrests by Europol and highlighting the need for enhanced mobile security measures.
[#]
Recent cyber incidents include a ransomware attack on UnitedHealth Group's subsidiary, a data breach affecting 20 million Cutout.Pro users, a ransomware disruption at Lurie Children's Hospital, a data leak at law firm Houser LLP, compromised driver details in Walmart's Spark delivery service, and the espionage campaign SPIKEDWINE against European diplomats, alongside vulnerabilities found in Ivanti products and ConnectWise software, hacking of Anycubic 3D printers, increased Web API attacks, and Iranian espionage targeting aerospace sectors.
[#]
The European Union consumer groups accuse Meta of violating GDPR rules by unfairly collecting excessive data without transparency, prompting calls for sanctions against the company.
[#]
Researcher HaxRob identified a new Linux backdoor named GTPDOOR that targets telecom networks, disguising control plane traffic to avoid detection and likely attributed to the China-linked Light Basin group, with current low antivirus detection rates.
