# Latest Podcast
# Description
Today, Cofense report's malware campaigns use SVG files to spread ransomware or keyloggers. Reverse engineering car key fobs via SDR highlights potential security concerns. RAGnarok utilises Nemesis to query private documents securely. DarkGPT aids OSINT with searches in leaked databases. CVE-2024-25153 allows RCE in Fortra FileCatalyst, which promptly released a patch. DoNex ransomware poses new threat with its Windows-based encryptor. LTair assesses telecom network security for LTE vulnerabilities. GhostRace proposes mitigation for speculative race conditions in OS. ChatGPT decodes obfuscated strings in malicious scripts. Security researcher David Colombo helps fix TeslaMate vulnerabilities. C++ shellcode droppers are enhanced for invisibility to EDRs. Guides offer insights on embedded system security, ROP chains for ARM, and exploits for Android libraries. Tech on exposing ADCS misconfigurations and Google Dorks for data leaks are explored. The CVE-2024-27198-RCE exploit code for JetBrains TeamCity is shared. OSINT resources, reverse image searching, and tools like Criminal IP and ActiveTK.jp are discussed for threat intelligence and dark web analysis. Geolocation methods and a reactive credit card component are demonstrated. Public key cryptography, Sherloq image forensic tool, Google Unlocked, and Copyleaks plagiarism checker are discussed as security measures. Search engines for breached data, GIS platforms, Mozilla Firefox privacy settings, and Firefox vs Mullvad Browser are compared. Personal OSINT databases, DetectDee's social media search, and Snusbase breach checker are outlined. VGG Image Search Engine provides visual search capabilities and security teams leverage OSINT tools for protection. Twitter search operators and LinkedIn background checks are employed for OSINT and recruitment. The FOFA Search Engine assists in asset analysis, and hidden sensitive data in Docker images is revealed.
Researches from Salt Labs found critial vulnerabilities in ChatGPT and GitHub, which led to quick fixes. A high-severity issue in Kubernetes (CVE-2023-5528) requires immediate patching for Windows nodes. Henry Onyedikachi Echefu's role in a $6 million BEC scam highlights the FBI’s warnings about increasing BEC losses. The PixPirate Android malware aims at Brazil's Pix payment system by avoiding launcher icon detection. BlackCat ransomware's suspected exit scam comes after the Change Healthcare data breach. In the midst of cyberattacks, Microsoft's March 2024 Patch Tuesday tackled 60 security issues, while ZeroFox launched a EASM service with threat intelligence. Major breaches and cybersecurity events remain a significant challenge to global security efforts.
Researches from Salt Labs found critial vulnerabilities in ChatGPT and GitHub, which led to quick fixes. A high-severity issue in Kubernetes (CVE-2023-5528) requires immediate patching for Windows nodes. Henry Onyedikachi Echefu's role in a $6 million BEC scam highlights the FBI’s warnings about increasing BEC losses. The PixPirate Android malware aims at Brazil's Pix payment system by avoiding launcher icon detection. BlackCat ransomware's suspected exit scam comes after the Change Healthcare data breach. In the midst of cyberattacks, Microsoft's March 2024 Patch Tuesday tackled 60 security issues, while ZeroFox launched a EASM service with threat intelligence. Major breaches and cybersecurity events remain a significant challenge to global security efforts.
# Tradecraft
[#]
Cybersecurity firm Cofense reports on recent malware campaigns using SVG files to bypass security measures and deliver ransomware or keyloggers, while providing solutions like security awareness training and intelligent email security to combat such threats.
[#]
The blog post explains the process of reverse engineering car key fob signals using SDR (software-defined radio) tools and techniques, identifies radio frequency characteristics, and outlines methods to record and decode the signals as a precursor to potentially replaying them, while recognizing the security implications of rolling codes in preventing simple replay attacks.
[#]
A new tool called RAGnarok leverages a Retrieval-Augmented Generation pipeline within the Nemesis framework to enable querying of private documents using language models while maintaining data security and privacy.
[#]
DarkGPT is a GPT-4-200K based artificial intelligence assistant tool for performing searches on leaked databases, which aids in OSINT investigations by querying and analyzing breached data.
[#]
A critical Remote Code Execution vulnerability identified as CVE-2024-25153 in Fortra FileCatalyst allows unauthorized file upload and directory traversal, with a full exploit available on GitHub and a patch released by Fortra on 11 August 2023 to address the issue.
[#]
The DoNex ransomware is a new threat using a Windows-based encryptor to attack various business sectors, utilizing Windows APIs for file encryption and system disruption, and has been detected through its SHA256 hash and specific characteristics outlined in a YARA rule developed by ShadowStackRe.
[#]
NCC Group has developed LTair, a tool for assessing telecom network security by performing attacks on the LTE control plane through the air interface, utilizing guidelines from the GSMA to ensure networks implement LTE standards correctly and address vulnerabilities.
[#]
GhostRace is a study identifying speculative race conditions in common synchronization primitives used in multi-threaded environments such as operating systems, proposing a mitigation strategy that involves serialization, specifically in Linux with minimal performance overhead, and disclosing the issue to major hardware and software vendors.
[#]
A recent ISC post discusses how ChatGPT can efficiently process obfuscated strings in malicious scripts by decoding complex encoding layers, providing an alternative to manual decoding or writing custom scripts.
[#]
The DoNex ransomware is a new threat using a Windows-based encryptor to attack various business sectors, utilizing Windows APIs for file encryption and system disruption, and has been detected through its SHA256 hash and specific characteristics outlined in a YARA rule developed by ShadowStackRe.
[#]
Security researcher David Colombo discovered unsecured TeslaMate instances that allowed unauthorized control of over 25 Tesla vehicles across 13 countries, and after reporting, Tesla and third-party maintainers released fixes to revoke exposed API tokens and patch the vulnerabilities.
[#]
The article explains the process of rewriting a high-level API shellcode dropper in C++ into inline assembly using Microsoft Visual C++, with step-by-step guidance on allocating memory, copying shellcode, and executing it in a format that may evade some detection patterns.
[#]
The article provides a step-by-step guide on creating a C++ shellcode dropper using Direct System Calls to bypass Endpoint Detection and Response (EDR) user-mode API hooks, increasing stealth in red team operations.
[#]
A cybersecurity researcher successfully bypassed Meta's Messenger certificate pinning on macOS by modifying the application's binary to always return true when checking if it's in a sandbox environment, allowing network requests to be intercepted.
[#]
This resource serves as a comprehensive guide on embedded systems security, covering the construction of firmware binaries, ARM M-profile architectures, TrustZone-M implementation, embedded communication protocols, and hacker tools, with a focus on practical STM32 product applications and security features.
[#]
An exploration of developing a Return Oriented Programming (ROP) chain for ARM architecture by assessing memory layout, finding gadget offsets with tools like Ropper, and executing shellcode via mprotect() system call to exploit a stack overflow in a custom HTTP server.
[#]
The content explains the concepts of Return Oriented Programming (ROP) within ARM architecture for the purpose of bypassing Data Execution Prevention (DEP) by using stack overflow to control process execution flow, detailing the use of gadgets from executable segments to achieve a system command execution or redirect to custom shellcode.
[#]
The article details a lab setup for ARM exploitation using a specifically crafted vulnerable HTTP daemon in a QEMU virtualized ARMv7 environment, and guides on building a Return-Oriented Programming (ROP) chain while disabling ASLR for the purposes of education and vulnerability research.
[#]
A detailed write-up on exploiting Android Native Library vulnerabilities combining techniques like format string and stack overflow attacks to achieve remote code execution, using tools like GDB, and PEDA-ARM plugin, and crafting a shell payload for system interaction.
[#]
This document provides a technical guide on how to exploit misconfigured Active Directory Certificate Services (ADCS) using the PetitPotam and NTLM relay method to obtain a domain controller's krbtgt account hash, enabling the execution of a Golden Ticket attack for domain compromise.
[#]
A security expert advises using Google Dorks—advanced search queries featuring operators and special characters—to identify sensitive documents inadvertently exposed online, and offers actionable guidance to manage such risks through specific and customizable search strings.
[#]
The repository W01fh4cker/CVE-2024-27198-RCE contains a Python script that demonstrates an authenticated remote code execution exploit in JetBrains TeamCity versions prior to 2023.11.4, which can be mitigated by updating to a non-vulnerable version of the software.
[#]
OSINT search engines like Criminal IP help cybersecurity professionals gather threat intelligence by analyzing publicly available data such as IP addresses, domain information, and SSL certificates to predetermine and mitigate potential threats.
[#]
Reverse image searching is a method where an image is used to find related content, origins, or identify elements within the image, and has evolved to include partial image matching to locate similar or related visuals.
[#]
Predicta Lab's React Credit Card is a React 18 and TypeScript-based animated component that provides a customizable credit card UI, with properties for color gradients and button styling, and a callback function to handle the submission of credit card information.
[#]
[tag]Utilize the Google Fact Check Tools as resources to verify the accuracy of online information by exploring the Fact Check Explorer for searching claims and the Markup Tool for contributing to the dataset, or integrating veracity checks into applications through APIs.
[#]
The text outlines a comprehensive collection of Open Source Intelligence (OSINT) tools and resources, organized by various investigative categories, for digital research and data analysis within the field of cybersecurity.
[#]
ActiveTK.jp is a tool for creating archives of Dark Web sites, allowing users to save Onion pages and download them later as ZIP files, with the source code provided in C#.
[#]
A group named De Technocrats created a simple Python-based OSINT tool, hosted on GitHub, that uses publicly available information to reveal the ISP, country location, and time zone of a phone number, and they provided instructions for installation and usage on Android's termux and Linux systems.
[#]
[tag The article details methods of image analysis for cyber security, focusing on metadata extraction, editing traces detection, photo enhancement, and geospatial intelligence, utilizing tools and services like FOCA, Remini, and Google Maps for various forensics purposes.
[#]
Websites track user interactions and preferences using cookies to enhance experience, with the option to manage consent for different categories such as necessary, functional, analytics, performance, advertisement, and uncategorized.
[#]
Leveraging the principles of public key cryptography, as detailed by Ralph Merkle, ensures secure communication through the use of asymmetric key pairs, which requires the generation of a public/private key pair and the distribution of the public key to other parties for encryption, while the private key remains confidentially with the key owner for decryption.
[#]
Sherloq is an open-source digital image forensic toolset designed for analyzing images in legal contexts, offering an array of analytical functions to detect forgeries and verify image authenticity via a user-friendly interface with support for multiple image formats.
[#]
The Google Unlocked browser extension restores search results omitted due to censorship by scanning complaints and reclaiming the links, installable manually on various browsers after being removed from official stores.
[#]
Copyleaks provides a suite of tools including AI content detection, plagiarism checking, source code analysis, and writing assistance, to ensure the authenticity and originality of content across various languages with military-grade security.
[#]
The article details methodology for identifying phishing pages via Shodan by crafting queries based on deviations from legitimate login page features, using specific filters to refine results, and confirms suspected phishing pages with URLScan.
[#]
The article details the development of a Golang-based command line interface tool called SatIntel, which utilizes Space Track and N2YO APIs to gather open-source intelligence from satellite data, aiding in cybersecurity research and satellite tracking activities.
[#]
[tag]Felt is a mapping platform that allows users to upload various data formats for visualization, supports integration with QGIS, and facilitates collaborative GIS projects with features such as live commenting and permissions control while ensuring data security.
[#]
The article provides a detailed walkthrough of conducting open-source intelligence (OSINT) on a website using various tools for tasks such as WHOIS lookups, analyzing historical website data via the Wayback Machine, inspecting DNS records, and examining the links and analytics associated with a webpage.
[#]
The article guides readers through configuring Mozilla Firefox for privacy by disabling tracking features and testing those configurations against the new Mullvad Browser, which is already optimized for many of these privacy settings.
[#]
A cyber investigator successfully undertakes a multi-step digital forensic process, utilizing checksums, John the Ripper decryption, What3Words geolocation, and OSINT techniques, to locate a human trafficking gang's safe houses and a member in hiding.
[#]
Snusbase is a search engine for checking against data breaches that offers a database of exposed information for security professionals and includes an API for integration, while ensuring it operates within legal boundaries.
[#]
The VGG Image Search Engine, developed by the Visual Geometry Group, is an open-source software that enables the visual search of large image collections using image regions as queries and is accompanied by comprehensive documentation, support for researchers and institutions, and a vibrant developer community for contribution and maintenance until at least November 2025.
[#]
Security teams can bolster their defensive operations by using a variety of OSINT tools like Shodan and Prowl to uncover, monitor, and respond to threats before they inflict damage.
[#]
Twitter search operators are specialized commands that enhance search precision for various purposes including OSINT, by filtering tweets by content, date, user interactions, geolocation, and other specific criteria.
[#]
For efficient LinkedIn-based background checks, HR teams can scrutinize aspects like URL consistency, profile authenticity, experience validation, and activity patterns to discern candidate legitimacy and prepare for initial discussions.
[#]
Kompass is a global B2B portal that connects buyers and suppliers, offering digital marketing solutions and a comprehensive company directory to enhance business visibility and sales.
[#]
The FOFA Search Engine, currently at version 4.9.144, is a platform used for querying and analyzing internet assets, including support for various file formats up to 256K in size and features like Fuzzy Search, with available resources like the Help Center and an email address for assistance.
# News
[#]
Salt Labs researchers discovered critical vulnerabilities in the ChatGPT ecosystem that could lead to unauthorized access to user accounts on third-party sites like GitHub; all identified vulnerabilities have been addressed and resolved by the respective companies.
[#]
Cybersecurity threats exploiting platforms like GitHub include malware hosting, command & control distribution, credential and supply chain attacks, repository manipulation, CI/CD pipeline abuse, and DDoS attacks, with solutions like robust code review, threat intelligence, and secure access controls recommended for defense.
[#]
A security vulnerability in Kubernetes, cataloged as CVE-2023-5528 with a CVSS score of 7.2, allows attackers to remotely execute code with System privileges on Windows nodes, possibly compromising all Windows nodes in a cluster; patching to version 1.28.4 or using an Open Policy Agent rule is recommended for mitigation.
[#]
Henry Onyedikachi Echefu has pled guilty to involvement in a $6 million business email compromise scheme, while the FBI reports $2.9 billion in losses from BEC scams last year, highlighting the need for organizations to strengthen email security against fraud.
[#]
PixPirate Android malware employs a stealth technique that avoids a launcher icon and utilizes a downloader and droppee app cooperation, allowing it to execute in the background and evade detection even after the initial app's removal, targeting Brazilian instant payment platform Pix to commit financial fraud.
[#]
The BlackCat ransomware group, involved in the Change Healthcare cyberattack and ransom payment scandal, is suspected of an exit scam, while the compromised healthcare data affecting nearly every American highlights the urgent need for enhanced cybersecurity measures in critical infrastructure.
[#]
Russian independent media outlet Meduza experienced severe cyberattacks, including DDoS, phishing, and payment system compromises, timed with election activities, attributed to government efforts to control communication.
[#]
Security researchers at Salt Labs discovered three critical vulnerabilities in ChatGPT plugins that could lead to unauthorized access and account takeovers, but the flaws have been addressed, so users should promptly update their applications.
[#]
A significant data breach at Qmerit, involving 585.81 GB of sensitive customer data including home images and charger locations, was promptly secured following its discovery by cybersecurity researcher Jeremiah Fowler.
[#]
The March 2024 Patch Tuesday from Microsoft addresses 60 vulnerabilities, including 18 remote code execution bugs, while global authorities are investigating various cyber incidents such as a potential data theft by a ransomware group from Change Healthcare, the exploitation of a Windows SmartScreen flaw by hackers to deploy DarkGate malware, and significant data breaches like the French unemployment agency's leak affecting 43 million and Nissan's ransomware incident exposing data of 100,000 people.
[#]
ZeroFox has launched a new external attack surface management service that integrates EASM with threat intelligence and digital risk protection to enhance asset visibility and streamline security processes.
[#]
EquiLend, a financial technology company, reported a data breach from a ransomware attack linked to the LockBit group, which compromised employee personal data and resulted in the firm offering credit monitoring and identity theft protection services to those affected.
[#]
Stanford University confirmed a ransomware incident by Akira, resulting in the theft of 27,000 individuals' data including names and social security numbers, which went undetected for four months, prompting the offer of free credit monitoring services and enhanced security measures.
[#]
In March 2024, Microsoft released patches for 60 security issues, including 18 remote code execution vulnerabilities, while authorities are investigating a data theft by ransomware at Change Healthcare, and hackers exploited a Windows SmartScreen vulnerability to spread DarkGate malware, among other cybersecurity incidents and updates.
[#]
The website SC Magazine is currently experiencing a 504 Gateway Time-out error, indicating that the server is not receiving a timely response from another server, and visitors are advised to retry accessing the site shortly.
[#]
Acer Philippines experienced a data breach due to a third-party vendor compromise, resulting in the exposure of employee data, while no customer data or company infrastructure was affected.
[#]
Wi-Fi security cameras are being disabled by burglars using jammers to interfere with their signals, highlighting the need for defense-in-depth strategies such as combining hard-wired and wireless cameras to mitigate this risk.
[#]
Dancho Danchev conducted an EXIF analysis on the Conti Ransomware Gang's marketing and advertising creative, linking them to a Russian rap studio involved in their production, and enriched the data using OSINT to expose the individuals behind this cybercrime operation.
[#]
A new evasion tactic adopted by the PixPirate Android banking trojan hides the app icon to operate undetected, stealing user data and exploiting the PIX payment system in Brazil, as uncovered by security researchers and noted by IBM in a technical report.
[#]
Google's Gemini AI is prone to attacks where it could leak system prompts, produce unsafe content, or be tricked into harmful actions, requiring continuous red-teaming, adversarial training, and safeguards to prevent misuse.
[#]
A prevalent Facebook hoax falsely claims users can prevent Meta from using their personal content by reposting a specific message, but in reality, legal protections are already in place and such posts have no impact on one's privacy or copyright terms agreed upon at account sign-up.
[#]
The 'PixPirate' Android banking Trojan employs a novel method to operate invisibly on devices by foregoing a launcher icon and using a downloader app to execute malicious services, suggesting financial institutions should enhance proactive security measures to protect against such stealthy malware.
[#]
Cybersecurity researchers have detected a phishing campaign using AWS and GitHub to distribute VCURMS and STRRAT Trojans, which steal sensitive information and require vigilance against malicious JAR files and untrusted command execution.
[#]
JetBrains and Rapid7 are in conflict over the disclosure of TeamCity vulnerabilities, with Rapid7's public release of exploit details shortly after patches led to ransomware attacks on users, sparking a debate on ethical and timely vulnerability disclosure practices.
[#]
President Biden's proposed fiscal year 2025 budget seeks to increase funding for the Cybersecurity and Infrastructure Security Agency to $3 billion, enhancing cybersecurity across federal agencies, with further investment in health care cybersecurity following recent ransomware incidents, despite potential opposition from the Republican-controlled House.
[#]
Acer Philippines acknowledged that a third-party vendor managing their employee attendance data suffered a data breach, resulting in the theft and leak of employee information on a hacking forum, though Acer's own systems remain secure and customer data unaffected.
[#]
In a significant ransomware attack on Stanford University's Department of Public Safety network, attackers exfiltrated the personal data of 27,000 individuals including sensitive PII and potentially posted it on a dark web site owned by the Akira ransomware group.
[#]
The Companies and Intellectual Property Commission of South Africa was targeted by a cyberattack that compromised personal data, leading to warnings about potential abuse of this sensitive information and recommendations for companies to contact customers with risk mitigation advice.
[#]
Former Meta VP Dipinder Singh Khurana is being sued for allegedly misappropriating confidential documents related to Meta's data centers and AI programs to advance his new AI cloud startup, causing several Meta employees to leave and join him.
[#]
Researchers have exposed parts of AI models from OpenAI and Google by querying the API, leading to both companies enhancing their defenses to prevent the leak of sensitive model information used in production.
[#]
Apache Pulsar has patched five security vulnerabilities including unauthorized access, code execution, and policy modification; users must update to specified versions to ensure protection.
[#]
Recent attacks on various cryptocurrency platforms and users have resulted in significant financial losses, with phishing schemes, smart contract vulnerabilities, and compromised accounts leading to over $100 million stolen in just two months, highlighting the critical need for improved security measures and user vigilance within the blockchain ecosystem.
[#]
The Tor Project has launched WebTunnel, a bridge type that disguises Tor traffic as regular HTTPS connections, enabling users in censor-heavy regions to maintain access to the Tor network without being blocked by making it appear as if they are just browsing the web.
[#]
Security researchers have identified Vcurms malware that targets Java platforms via malicious emails, leveraging public services for distribution and employing sophisticated evasion techniques, requiring updated security measures and cautious email handling to prevent data theft from browsers and apps.
[#]
Microsoft's March Patch Tuesday addresses 61 security vulnerabilities including two critical Hyper-V flaws, while Adobe patches 56 issues across multiple applications, and other tech companies like Intel, AMD, SAP, Cisco, Google, and Fortinet also release important security updates.
[#]
Microsoft's March 2024 Patch Tuesday update addresses 61 vulnerabilities, including critical flaws in Hyper-V and patches for other severe issues across various products, with no current active exploits reported.
[#]
The Have I Been Pwned database consolidates various breaches to provide a searchable resource for individuals concerned about whether their personal data has been compromised in a data breach.
[#]
In the March 2024 Patch Tuesday updates, Microsoft resolved 59 security issues, including two critical vulnerabilities in Windows Hyper-V and an actively exploited Open Management Infrastructure Remote Code Execution vulnerability, urging users to apply patches to secure systems.
[#]
The BianLian ransomware gang is exploiting recent vulnerabilities in JetBrains' TeamCity software to infiltrate systems, leading to a risk of supply chain attacks, and has shifted tactics by using a PowerShell backdoor after their standard Go backdoor faced execution failures.
[#]
Google's Gemini LLM is compromised by vulnerabilities enabling system prompt leaks and indirect prompt injection, with researchers advising developers to refine model tasks and instructions for security.
[#]
A new threat named BIPClip, involving seven Python packages on PyPI, has been detected aiming to steal mnemonic phrases from cryptocurrency wallet developers, necessitating cautious package vetting and secure coding practices to mitigate risks.
[#]
Security researchers have uncovered a flaw in modern processors, named GhostRace (CVE-2024-2193), that allows attackers to manipulate speculative execution and cause synchronization issues within operating systems like Linux, with a mitigation proposal that involves adding an lfence instruction after the lock cmpxchq to reduce potential attacks with a performance trade-off of about 5%.
[#]
Fortinet has released urgent patches for six critical vulnerabilities in FortiOS, FortiProxy, and FortiClientEMS products, rated up to 9.8 severity, with recommendations for immediate update or workarounds to prevent potential complete system control, data access, and malware spread.
[#]
CISA's systems were compromised due to vulnerabilities in Ivanti products, with the IP Gateway and CSAT being potential targets, and organizations are advised to apply issued patches and assess the risk of continued operation of these devices in their networks.
[#]
Siemens and Schneider Electric released advisories for March 2024 detailing over 200 vulnerabilities across various products, with some critical flaws allowing remote code execution and others impacting industrial control systems, while Schneider notes discontinued products without patch support should upgrade to newer solutions.
[#]
Security researchers have discovered a Linux version of the NerbianRAT malware, used by the threat group Magnet Goblin to exploit patched vulnerabilities, and have also identified a smaller variant targeting Magento servers.
[#]
A recent video demonstrates a security issue where an attacker can use stolen credentials to access a Tesla, but a keycard is still required to drive, and Tesla has provided a response to the incident.
[#]
Malpulse provides an up-to-date list of IP addresses reportedly associated with various forms of malware for March 13th and 14th, 2024, including SerpentStealer, Havoc, DCRat, and Metasploit, aimed at aiding in the proactive monitoring and securing of networks against these identified threats.
[#]
The website migalki.net offers a gallery of automobile license plates, searchable by series, with a forum and marketplace for users to buy or sell plates or post advertisements.
[#]
Investigator walnut successfully pinpointed the undisclosed location from "OSINT Exercise #016" as Atatürk Dam in Turkey by analyzing military satellite imagery and utilizing various Open Source Intelligence (OSINT) search strategies.
[#]
Sockpuppets are fake online identities used for deception, potentially automated by AI; identifying them requires examining account profiles, writing styles, and engagement, and social media platforms should enforce stronger account validation to combat their influence.
[#]
Exa is a new search engine that uses AI to comprehend queries in a way traditional search engines can't, delivering results through embeddings-based search and offering features like full page content retrieval and extensive customizability in filtering search results.
[#]
DuckDuckGo search engine has recently removed most search filters, facing user complaints, but the company confirms that search syntax filters like site exclusion are still available despite some ongoing issues being addressed to restore full functionality.
