# Latest Podcast
# Description
Today, Windows File Explorer is vulnerable to DLL Hijacking using missing DLLs, notably cscapi.dll, allowing for persistent malicious access. The "awesome-threat-detection" repository on GitHub serves as a resource hub for cyber threat detection and hunting. An exploit in LaborOfficeFree version 19.10 can reveal the MySQL root password using two constants without admin rights. Heartwood, an update to the Radicle Protocol, provides secure, peer-to-peer code collaboration tools. Ubicloud's Linux flowtables integration has shown a 7.5% latency reduction in PostgreSQL benchmarks. MobSleuth simplifies setting up a mobile app hacking lab for Android with a variety of tools in a Dockerized environment. A comprehensive Windows 10 hardening guide script offers security enhancements without sacrificing usability. Nemesis streamlines repetitive tasks in cybersecurity assessments with its Kubernetes-based platform. Exploitation of DevOps environments is detailed, highlighting methods to leverage common security gaps. Another repository showcases techniques for gaining local privilege in Windows via misconfigurations. DNS Spy alerts to DNS changes and ensures DNS consistency with historical data for security assessments. BobTheSmuggler, an open-source tool, evades firewalls using encrypted payloads concealed in image polyglots. Huntress analysts found a healthcare endpoint infiltrated by BlackCat ransomware, which demonstrates the necessity for thorough asset management. Tools for detecting the Sliver C2 framework's traffic and decrypting payloads are available in a distinct repository. The screenshot-to-code repository uses AI, including GPT-4 Vision and DALL-E 3, to turn screenshots into framework-specific code and can replicate websites from URLs.
# Tradecraft
[#]
Windows File Explorer can be compromised through DLL Hijacking by identifying missing DLLs like cscapi.dll, creating a malicious DLL, and using a public tool to load it on the target system for persistent access.
[#]
The "awesome-threat-detection" repository on GitHub is a comprehensive collection of tools, resources, and guides for cyber threat detection and hunting, ranging from detection strategies to datasets, with the aim of supporting security professionals in identifying and mitigating cyber threats.
[#]
A new exploit for LaborOfficeFree version 19.10 allows attackers to calculate the MySQL root password using two constants, without needing administrative rights.
[#]
Heartwood is the third update of the Radicle Protocol, which aims to offer a secure, peer-to-peer alternative to platforms like GitHub for code collaboration, and includes a command-line interface along with a network daemon that can be installed from binaries, source, or directly from a seed node.
[#]
Ubicloud introduced a seven-line code implementation of Linux flowtables, enhancing their cloud networking performance by reducing latency by 7.5% in a PostgreSQL benchmark test.
[#]
MobSleuth provides scripts for setting up a mobile app hacking lab focused on Android, including a suite of open-source and proprietary tools for security testing, dynamic analysis, and network traffic manipulation within a Dockerized environment.
[#]
The provided script is a comprehensive Windows 10 hardening guide, detailing registry and system modifications to enhance security against common cyber threats, with a focus on maintaining usability.
[#]
Nemesis is a Kubernetes-based platform designed to automate repetitive tasks during cybersecurity assessments, facilitating data analysis and enhancing operational efficiency for security professionals.
[#]
The article details methods for identifying and exploiting security weaknesses in DevOps environments, including authentication flaws, misconfigurations, and vulnerable CI/CD pipelines, while providing commands and tools for each type of attack.
[#]
The repository features a collection of methods and tools for assessing and exploiting various Windows misconfigurations that could lead to local privilege escalation.
[#]
DNS Spy is a service for monitoring DNS record changes, alerting users to modifications, verifying nameserver synchronicity, supporting zone transfers for comprehensive coverage, and offering historical DNS data for backup and security assessment purposes.
[#]
BobTheSmuggler is a new open-source tool created by Harpreet Singh that compresses, encrypts payloads in image polyglots, and employs HTML smuggling to bypass firewalls and data loss prevention systems for secure and stealthy payload delivery during penetration testing.
[#]
Huntress analysts discovered a healthcare endpoint compromised by the BlackCat ransomware, leveraging a second ScreenConnect instance, using techniques like disabling Windows Defender, employing embedded ransomware commands, and initiating lateral movement in the network, underscoring the importance of comprehensive asset inventory and attack surface reduction.
[#]
The Sliver C2 Forensics repository provides tools and rules for detecting Sliver command and control (C2) traffic and decrypting payloads, supported by technical documentation on threat hunting.
[#]
A GitHub repository named screenshot-to-code provides a web application that utilizes GPT-4 Vision and DALL-E 3 to transform screenshots into clean code in various frameworks, and now offers the option to replicate live websites via URL input.
# News
[#]
Microsoft has been investing in archival storage research to develop economical, sustainable, and high-bandwidth systems using advanced media like DNA and silica for cloud-scale data preservation, addressing the increasing global data storage requirements.
[#]
Since August 2023, Dataplane.org has detected a novel pattern in DNS scanning called Destination-Adjacent Source Address Spoofing, where fake source IPs neighboring the target's IP are used in scans, potentially signifying either a new mapping technique or an academic study from China, with efforts made to triangulate the true origin using IP TTL values.
[#]
The BlackCat ransomware group, also known as ALPHV, has reportedly conducted an exit scam, shutting down their operation and claiming that the FBI seized their site, a move that aligns with their history of changing names and tactics after law enforcement scrutiny and affiliate accusations of stolen ransom payments.
[#]
A retired US Army Lieutenant Colonel and former Air Force civilian employee faces charges for allegedly transmitting classified defense information to an individual on a dating app who was posing as a Ukrainian woman.
[#]
The RA World ransomware group, formerly known as RA Group, leverages the leaked Babuk source code to deploy high-impact multistage cyberattacks on diverse international targets, necessitating a robust multi-layered security strategy that includes employee education on social engineering and routine data backups to mitigate risks.
[#]
Meta Platforms' services including Facebook, Instagram, Messenger, and Threads are experiencing a global outage with users facing login issues since approximately 4:30 PM GMT, with no official statement yet but users are advised to follow Meta's official channels for updates and avoid repeated login attempts.
[#]
Cybersecurity analysts uncovered that attackers are exploiting QEMU, a free hypervisor and emulator, to create covert network tunnels, bypass security, and establish communication channels without raising suspicion, suggesting enterprises to implement multi-level protection including continuous network and endpoint monitoring to detect such activities.
[#]
Microsoft patched a Windows zero-day vulnerability that was exploited by North Korea's Lazarus group for six months to install the stealthy and advanced rootkit "FudModule", which interacts directly with the OS kernel by exploiting the appid.sys driver.
[#]
Facebook and Instagram users were involuntarily logged out and faced login issues due to incorrect password errors during a global outage, which was resolved after Meta's engineering teams intervened.
[#]
A retired U.S. Air Force employee with Top Secret clearance was arrested for sharing classified military details about the war in Ukraine on a dating app, potentially facing up to 10 years in prison if convicted.
[#]
Android's "run-as" tool can be manipulated to let an attacker bypass app debuggability checks and gain access to privileged app data due to newline injection vulnerability, with a patch released in the March 2024 Android Security Bulletin to address the flaw.
[#]
Cybercriminals merged the GhostSec and Stormous groups, launching GhostLocker 2.0 ransomware in double-extortion attacks targeting diverse organizations across the Middle East, Africa, and Asia, with defenses including in-depth security measures and updated detection signatures recommended by Cisco Talos.
[#]
Rapid7 criticized JetBrains for not coordinating on vulnerability disclosure of two critical flaws in the TeamCity CI/CD server, recommending immediate patching with versions 2023.11.4 or the security patch plugin to mitigate risks of administrative control loss and potential supply chain attacks.
[#]
The European Commission has fined Apple €1.8 billion for anti-competitive practices, as they restricted alternative music streaming services on the App Store, a violation of EU antitrust laws.
[#]
A team of hackers exploited vulnerabilities in Google's AI, including a denial of service in Google Cloud and a data exfiltration issue in Bard, leading to a collective $50,000 reward and identification of critical security flaws during a Bug Bounty event.
[#]
Security researchers successfully exploited a flaw in Google's AI and earned a $50,000 bounty; a SAML authentication bypass was identified in go-saml; methods for exploiting CSP wildcards on Google domains were discussed; and a new tool, ReqsMiner, was introduced for finding CDN request inconsistency vulnerabilities through grammar-based fuzzing.
[#]
Researchers in Israel have demonstrated a new type of malware, Morris II, which can manipulate AI-powered email systems into spreading malicious prompts that compromise data integrity and propagate further infections, prompting the need for AI developers to create systems that clearly distinguish between user input and machine output to prevent such attacks.
[#]
Marco Ivaldi reported various security flaws in RT-Thread OS, including buffer overflows and weak randomness sources, with some fixed by developers but others still open, and details are now public after coordinated disclosure efforts.
[#]
HashiCorp's Vault has a critical flaw, CVE-2024-2048, that allows authentication bypass due to flawed client certificate validation, affecting versions before 1.15.5 and 1.14.10 using non-CA-signed certificates; patching to the latest versions is advised.
[#]
Cybersecurity alert: A new banking Trojan named CHAVECLOAK is targeting Brazilian users through phishing and utilizes DLL sideloading in Windows to steal banking credentials, with the recommendation to use caution, enable 2FA, update software regularly, and avoid suspicious links to mitigate risk.
[#]
A cybercrime group known as Savvy Seahorse uses CNAME DNS records to redirect victims to fraudulent investment platforms and evade detection while selectively excluding certain countries from their scams.
[#]
Linux systems require urgent patching due to two critical vulnerabilities in the DNF package manager's dnf5daemon-server component: a local root exploit vulnerability (CVE-2024-1929) that allows attackers to execute arbitrary code, and a denial of service vulnerability (CVE-2024-1930) that enables them to create excessive sessions, both of which have been addressed through specific upstream commits.
[#]
The verification process for hakin9.org, involving a check to secure the connection, has been completed successfully, allowing access to the site's content.
[#]
A cybersecurity expert in Hanoi used a homemade antenna to collect vulnerable Wi-Fi passwords from 10,000 networks, showcasing the risk of simple passwords and the importance of stronger security measures like complex passwords and separate network setups for guests.
[#]
A sophisticated phishing operation named "SubdoMailing" targeted over 8,000 compromised subdomains from brands such as eBay and VMware, bypassing standard email security like SPF and DKIM, with Guardio Labs providing a tool for organizations to check if their domains are affected.
[#]
Facial recognition tools like PimEys and AWS Rekognition were crucial in the identification of long-hidden RAF fugitive Daniela Klette, highlighting that social media engagement and background appearances in photographs can compromise attempts to remain unphotographed and therefore, anonymous.
