# Latest Podcast
# Description
Researchers at Horizon3.ai have disclosed a critical vulnerability (CVE-2024-1403) in Progress Software OpenEdge, advising users to upgrade to secure versions. Minder by Stacklok offers an open source software supply chain security platform with free services for open source repositories. Cloudtopolis facilitates password cracking for free using Google Cloud services. A technical guide on malware development for macOS is provided, delving into the Mach API and various attack techniques. The Frida toolkit helps identify DLL sideloading exploits in Windows, while the Windows Feature Hunter tool automates this.
A GitHub repository, "process-injection," presents a proof-of-concept for process injection in Windows. The article discusses Android app vulnerabilities related to deep links and WebViews while proposing mitigation approaches. SharpCovertTube enables remote command execution on Windows via YouTube video QR codes.
The repository WinHotchkiss/Hotchkiss_OSINT compiles various OSINT resources, while EmploLeaks is an OSINT tool focusing on employee credential leaks. "EliteServices" by 'sethycake' provides Python tools for network stress testing and information. The Human Intelligence Narrowing Tool Set (HINTS) aids in organizing OSINT research, and Bigbro is an OSINT utility designed to locate individuals through a clicked link. HackingEnVivo's Doxing script streamlines the doxxing process, and H4X-Tools offers a toolkit for web scraping and OSINT activities.
The OSINT resource compilation lists various tools for cybersecurity information gathering, including specialized software. "The_spy_job" by XDeadHackerX is yet another OSINT collection tool, and finally, Bython introduces a Python preprocessor enabling brace-based syntax.
Roku experienced a data breach affecting over 15,000 customer accounts, leading to fraudulent activities. The Cybersecurity and Infrastructure Security Agency (CISA) faced a breach from Ivanti product vulnerabilities. A counterfeit Leather wallet app was implicated in cryptocurrency theft and removed from the Apple App Store. QNAP addressed security flaws in NAS devices, and a banking trojan called CHAVECLOAK targeted Brazilian users, underscoring the urgency of robust cybersecurity measures. Paysign investigates a data breach potentially impacting 1.2 million records. New sanctions target individuals associated with Intellexa Consortium's Predator spyware.
Roku experienced a data breach affecting over 15,000 customer accounts, leading to fraudulent activities. The Cybersecurity and Infrastructure Security Agency (CISA) faced a breach from Ivanti product vulnerabilities. A counterfeit Leather wallet app was implicated in cryptocurrency theft and removed from the Apple App Store. QNAP addressed security flaws in NAS devices, and a banking trojan called CHAVECLOAK targeted Brazilian users, underscoring the urgency of robust cybersecurity measures. Paysign investigates a data breach potentially impacting 1.2 million records. New sanctions target individuals associated with Intellexa Consortium's Predator spyware.
# Tradecraft
[#]
Researchers at Horizon3.ai have published details and a proof-of-concept exploit for CVE-2024-1403, a critical authentication bypass vulnerability in Progress Software OpenEdge, urging users to update to patched versions 11.7.19, 12.2.14, and 12.8.1 to prevent unauthorized access.
[#]
Minder by Stacklok is an open source software supply chain security platform that provides proactive security checks, policy enforcement, artifact attestation, and dependency management for development teams, with a public instance available for free for open source repositories.
[#]
Cloudtopolis is a tool that uses Google Cloud Shell and Google Colaboratory to enable unattended and free password cracking by setting up Hashtopolis agents, which can be further scaled by repeating the setup process with additional Google accounts.
[#]
This article provides a technical guide on designing, developing, and understanding malware for macOS, focusing on the Mach API and macOS architecture, and covering system calls, code injection techniques, and persistence methods used for cyber security exploitation and defense.
[#]
Frida, a dynamic instrumentation toolkit, enables security researchers to identify potential DLL sideloading exploits in Windows applications, with the Windows Feature Hunter tool automating this process for efficiency and scale.
[#]
A GitHub repository called "process-injection" hosts a simple proof of concept to demonstrate how process injection techniques operate in Windows, targeting Microsoft Edge for memory allocation, shellcode writing, and execution.
[#]
The article details vulnerabilities in Android app deep links and WebViews, demonstrating exploitations like open redirects and file theft while providing mitigation strategies such as proper input validation and secure WebView configurations.
[#]
WinHotchkiss/Hotchkiss_OSINT is a public GitHub repository providing a compilation of OSINT (Open Source Intelligence) resources and tools for target identification in various domains including social media, real estate, and satellite imagery.
[#]
EmploLeaks is an open-source intelligence (OSINT) tool designed to uncover employees of a specific company who might have compromised credentials exposed in a custom COMB database, and details the installation process and functionality for collecting information from LinkedIn and checking associated personal emails against the leaked data.
[#]
The GitHub repository 'EliteServices' by user 'sethycake' is a collection of Python-based tools for IP stress testing, obtaining IP information, and checking IP ports, made to assist users in evaluating network robustness.
[#]
The Human Intelligence Narrowing Tool Set (HINTS) is an open-source intelligence (OSINT) tool for organizing research on individuals and organizations with a React interface for tasks, a Strapi CMS backend, and a knowledge base filled with OSINT resources.
[#]
Bigbro is an OSINT tool designed for pinpointing peoples' location within a 1-30 meter radius by using a link they access, compatible with kali linux and termux, featuring both a free and premium version.
[#]
HackingEnVivo's Doxing repository on GitHub offers a Python script for information gathering and espionage, aiming to simplify the process of finding data on individuals through automated website searches, and is compatible with various operating systems such as Kali Linux, Parrot Security OS, Windows 10, and Ubuntu.
[#]
The H4X-Tools repository on GitHub provides an open-source toolkit for web scraping, OSINT, data gathering, and other hacking activities, requiring Python for setup and offering various utilities including IG Scrape, Phone Lookup, and Port Scanner.
[#]
The text lists various open-source intelligence (OSINT) tools and resources used in cybersecurity to gather information, perform forensic analyses, automate tasks, and aid in investigations, including specialized software for social media analysis, data extraction from mobile devices, and digital evidence recovery.
[#]
The repository "The_spy_job" by XDeadHackerX is a tool designed for Open Source Intelligence (OSINT) gathering, automating the collection of information from various sources such as websites, social media, emails, phone numbers, IP addresses, and images, while emphasizing the creator's disclaimer of non-responsibility for misuse.
[#]
Bython is a Python preprocessor that allows coding with braces instead of indentation, compatible with existing Python modules, and can be installed or uninstalled via pip.
# News
[#]
Roku experienced a data breach where over 15,000 customer accounts were compromised due to credential stuffing attacks, leading to fraudulent purchases with these accounts being subsequently sold for $0.50 each on account marketplaces.
[#]
CISA's systems were compromised by hackers exploiting Ivanti product vulnerabilities, prompting the immediate offline response of impacted systems and an advisory urging organizations to assess the risk of continued operation of these Ivanti devices.
[#]
An imposter Leather wallet app was distributing on the Apple App Store, functioning as a cryptocurrency drainer by stealing users' assets with a fake secret passphrase input, which has now been removed following the company's and media reports.
[#]
QNAP has released patches for multiple security vulnerabilities, including a critical flaw allowing unauthorised access to NAS devices, and advises users to update to the latest software versions to mitigate the risk of exploitation.
[#]
A new banking trojan named CHAVECLOAK targeting Brazilian users through phishing with PDFs, leverages DLL side-loading for information theft, and is also distributed via a sophisticated ecosystem involving smishing, vishing, and Phishing as a Service platforms like "Mr. Robot" and "JOKER RAT".
[#]
A new information-stealing malware called Planet Stealer is compromising computers to exfiltrate passwords, crypto wallets, and other data, requiring strong cybersecurity measures including skepticism towards email attachments, up-to-date software, robust antivirus solutions, and the use of unique passwords managed by a password manager.
[#]
Paysign is investigating a potential data breach where a hacker claims to have leaked over 1.2 million consumer records, while other reports include a breach at Acuity with federal data exposure and an unsecured server at Glosbe revealing user data.
[#]
The United States has sanctioned Tal Jonathan Dillian and Sara Aleksandra Fayssal Hamou for their roles in the Intellexa Consortium's sale of Predator spyware, leading to concern within the spyware industry about the reliability of customers and the impact of political actions on their operations.
[#]
Researchers are using large language models (LLMs) to successfully predict the content of redacted text based on the size of redaction rectangles, exposing potential privacy concerns and highlighting the need for more effective redaction methods.
[#]
BianLian ransomware operators are exploiting JetBrains TeamCity vulnerabilities CVE-2024-27198 or CVE-2023-42793 for initial access and deploying a PowerShell version of their backdoor when their Go-based version fails, as they pivot to extort by exfiltrating data.
[#]
Security researchers at GuidePoint discovered a new PowerShell backdoor used by BianLian ransomware following Avast's decryption tool release, leveraging encryption and Runspace Pools for stealthier command execution and connection to their C2 server.
[#]
Toolify provides a categorized directory of AI tools and applications, including a ranking system by usage, revenue, and regional popularity, with featured articles on using open-source intelligence for geolocation and discovering AI tools for various functions.
[#]
On March 11, 2024, Mozilla announced Speedometer 3, a cross-industry collaboration benchmark developed to test and drive browser performance improvements across the web, which affected real-world Firefox user experience positively by implementing wide-ranging bug fixes and optimizations.
[#]
This repository on GitHub lists key services and resources for open-source intelligence work focused on Poland and Polish-speaking communities, covering a wide range of categories from public registries, social media, and personal identification to specialized domains like maritime transport and SIGINT.
[#]
A discovered security issue allows authentication to all domains within a forest across external non-transitive trusts in Windows Active Directory, meaning attackers can exploit supposedly isolated domain trusts to gain broader access, with no current fix from Microsoft except avoiding external trusts entirely.
