# Latest Podcast
# Description
The GitHub profile got lotsa cyber security tools like a TOTP client for secure logins and checking if someone's got special access. ptracesecurity teaches people to find and use weak spots in software. You can change words to ASCII code online, then download it. shiro_attack lets people mess with Shiro's weak spots to control systems and put in web shells. ShiroAttack2 also messes with Shiro550, doing things like command stuff and putting in shells without extra stuff needed. Awesome Operational Security has lotsa good tips and articles for keeping your online life private and safe. Llama 2 Uncensored is a smart AI that you gotta use right and follow the rules. FestIn searches for open Amazon S3 buckets online without needing special AWS stuff and has cool features. Faraday is free for finding security problems, sorting data, doing scans, and giving reports to help understand issues. There’s a way to listen in on devices talking to each other using serial communication. You can look at locked up data in Flutter mobile apps using Hive even if you ain’t got the source code. LTair tests attacks on LTE networks to check if telecom stuff is safe. Brackish Security is teaching how to test IoT devices with tools and gadgets. Microsoft Teams could be used for phishing if people ain’t careful. Passkeys might be better than passwords using WebAuthn, but some stuff like device support’s still got kinks to work out. Google-Dorks-Bug-Bounty is a list of Google searches to find web app bugs for security tests. Finally, there's a guide for making a Ruby deserialization gadget chain to learn about and protect against attacks.
The Tor Project made WebTunnel to help people avoid internet blocks. Cryptocurrency services share tools for secret money stuff. Google Chrome is fighting off bad websites now. There's trouble with eSIM swapping hurting bank safety. Mikhail Vasiliev got caught and is in jail now. A big problem happened with France Travail, showing a lot of people's personal info. Restoro and Reimage have to pay a lot for making mistakes. Microsoft's new thing, Copilot for Security, is supposed to protect computers better.
The Tor Project made WebTunnel to help people avoid internet blocks. Cryptocurrency services share tools for secret money stuff. Google Chrome is fighting off bad websites now. There's trouble with eSIM swapping hurting bank safety. Mikhail Vasiliev got caught and is in jail now. A big problem happened with France Travail, showing a lot of people's personal info. Restoro and Reimage have to pay a lot for making mistakes. Microsoft's new thing, Copilot for Security, is supposed to protect computers better.
# Tradecraft
[#]
The ptracesecurity/advanced-software-exploitation repository is the official source for learning advanced techniques in finding and using software vulnerabilities.
[#]
The GitHub repository "shiro_attack" provides a tool for exploiting Shiro deserialization vulnerabilities to execute commands and inject various types of web shells into a target system.
[#]
ShiroAttack2 is a tool for exploiting the Shiro550 vulnerability, providing various features including command execution echo, injection of memory shells, and support for multiple CommonsBeanutils gadgets without third-party dependencies.
[#]
Awesome Operational Security is a collection of guidelines and articles providing detailed steps to improve your online privacy and security.
[#]
The Llama 2 Uncensored model is an AI program that you can interact with using commands and it must be used legally and safely according to its rules.
[#]
FestIn is a cybersecurity tool for finding open Amazon S3 buckets that uses techniques such as domain crawling, DNS analysis, and understanding S3 responses, without requiring AWS credentials and offering features like proxy support, custom DNS settings, and a built-in high-performance HTTP crawler.
[#]
Faraday is an open-source platform that helps with managing vulnerabilities by gathering and sorting data, integrating tools for automated scanning, and providing visual reports to analyze security issues.
[#]
This post explains how to intercept and analyze data between hardware devices using serial communication by imitating a legitimate device or capturing traffic via custom cables and software tools.
[#]
A mobile security expert explains how to analyze encrypted data storage in Flutter mobile apps using the Hive framework, including the recovery of deleted items and extraction of passwords without source code access.
[#]
Researchers developed a tool called LTair to test various attacks on LTE networks via the air interface, helping assess the security of telecom systems and devices.
[#]
Brackish Security has started a blog series on IoT Penetration Testing and covers the necessary tools for dissecting and analyzing IoT devices, like specialized screwdrivers, SOIC clips, soldering irons, multimeters, as well as devices for signal analysis and protocol interaction.
[#]
Microsoft Teams' webhooks and channel email addresses can be exploited for phishing without proper restrictions, and defenders should implement message-based detection rules to mitigate this risk.
[#]
Passkeys offer stronger security than passwords by resisting phishing and server breaches, and are based on WebAuthn, where users authenticate with a private key known only to them that signs a challenge from a service that stores their public key, yet some concerns about device compatibility and private key protection exist.
[#]
Google-Dorks-Bug-Bounty is a compilation of specialized search queries, known as Google Dorks, to identify potential vulnerabilities in web applications for security testing and bug bounty hunting.
[#]
A detailed guide on building a Ruby deserialization gadget chain using specific libraries was shared, which can help in understanding how deserialization can be exploited and what steps developers can take to secure their applications against such attacks.
# News
[#]
The Tor Project has launched WebTunnel, a new Tor bridge that disguises itself as regular web traffic, helping users bypass censorship in places where internet use is restricted.
[#]
The list provides various services for cryptocurrency transactions, exchanges, hosting, VPNs, SMS, and privacy tools, highlighting features like anonymity, peer-to-peer trading, and no KYC requirements.
[#]
Google Chrome now uses real-time protection to stop users from visiting dangerous websites, without sharing their browsing history with Google.
[#]
Cybercriminals are using eSIM swapping to hijack phone numbers, gain access to victims' online banking and messengers, and experts recommend securing accounts with complex passwords and two-factor authentication.
[#]
A key member of the LockBit ransomware group, Mikhail Vasiliev, has been sentenced in Canada to nearly four years in jail and fined, with further legal action pending in the United States.
[#]
The French government agency France Travail was breached, resulting in 43 million people's data, such as social security numbers and contact information, being exposed; users are advised to stay alert for phishing and strengthen their passwords.
[#]
Tech support companies Restoro and Reimage are fined $26 million by the FTC for misleading customers with false security alerts to sell unnecessary computer repair services.
[#]
Microsoft will release a new AI tool called Copilot for Security on April 1, 2024, designed to help cybersecurity pros find threats faster and enhance their ability to respond to incidents.
[#]
Malawi's passport system was offline due to a ransomware attack but has now been restored by local experts, with passport printing to start in Lilongwe followed by other regions.
[#]
The United Arab Emirates has 155,000 network devices and applications exposed online, making them vulnerable to cyber threats such as misconfigurations, insider threats, and DDoS attacks, calling for a unified effort to improve cybersecurity and raise awareness.
[#]
Microsoft Entra ID, an update of Azure Active Directory, offers security through Conditional Access policies to protect against unauthorized resource access by setting user-specific conditions.
[#]
Automakers are sharing driver data with insurance companies through connected-car apps, typically without the driver's clear consent.
[#]
A Canadian court sentenced a person involved in LockBit ransomware attacks to nearly four years in jail and ordered him to pay back over $860,000.
[#]
A cyber group named Blind Eagle is using Ande Loader malware in phishing attacks to deliver harmful programs to companies in the manufacturing sector in North America.
[#]
Security researchers fixed vulnerabilities in ChatGPT plugins that could have let hackers access private GitHub repos through improper OAuth token management.
[#]
A federal jury has convicted Roman Sterlingov of running Bitcoin Fog, a service on the darknet that laundered $400 million in bitcoin, with plans to appeal due to contested tracing methods and lack of clear operation evidence.
[#]
RedLine malware has become the dominant tool for stealing credentials in the past six months, responsible for harvesting over 170 million passwords, with phishing as the main distribution tactic, and security professionals are urged to monitor and update Active Directory to protect against breached passwords.
[#]
Cisco released patches for various high-severity vulnerabilities in their IOS RX software that could cause issues like denial-of-service and unauthorized privilege elevation.
[#]
Nissan Oceania has announced a data breach affecting 100,000 people due to a ransomware attack by the Akira group, with personal details and government IDs compromised, and is offering support services to those impacted.
[#]
Cyber attackers used a vulnerability in Windows, CVE-2024-21412, to fool users into installing malware by clicking on PDFs that seemed harmless but led to fake software downloads.
[#]
France's unemployment agency, France Travail, experienced a significant cyberattack that compromised personal data of 43 million individuals, and users are advised to watch for potential phishing attempts.
[#]
The cybercrime group RedCurl is using the legitimate PCA utility in Windows to execute attacks and steal company data by disguising their actions, while security experts like Trend Micro are analyzing these tactics to find ways to counter them.
[#]
A high-risk bug in Kubernetes allowed attackers to run code on Windows nodes; it's fixed in kubelet versions v1.28.4 and later, and securing your cluster requires updating to these patched versions.
[#]
Meta is suing its ex-VP of infrastructure for stealing sensitive documents and sharing them with his new AI startup, Omniva, to fast-track its data center plans.
[#]
Cybercriminals are now exploiting a recently patched vulnerability in Windows Defender SmartScreen, identified as CVE-2024-21412, which previously allowed malicious files to skip security warnings and execute automatically, but users can protect themselves by applying the February 2024 Patch Tuesday update from Microsoft.
[#]
Fortinet has issued advisories for severe vulnerabilities in multiple products, recommending users to update affected software versions to newer releases to prevent potential unauthorized code execution.
[#]
Cyber security research shows a rise in phishing attacks using IPFS and Cloudflare's R2 storage services, suggesting organizations may need to block access to these domains to protect against potential credential theft.
[#]
Fortra FileCatalyst Workflow has a security flaw with remote code execution risk that can let attackers control servers, and users should install the update 5.1.6 Build 114 immediately to fix it.
[#]
New online investment scams use bots and AI to create fake investment opportunities and support systems to trick people into sending money.
[#]
Researchers have found a method to extract key architectural details from AI models like ChatGPT by querying their output layers, posing a risk of theft or copying of proprietary AI systems.
[#]
A critical security flaw in Argo CD (CVE-2024-28175, CVSS 9.0) lets hackers insert harmful scripts, and users must update to patched versions like v2.10.3, v2.9.8, or v2.8.12 to protect their Kubernetes.
[#]
The U.S. Department of Health and Human Services is examining if protected health data was taken when the Change Healthcare platform was hit by a ransomware attack tied to the BlackCat group at the end of February.
[#]
MarineMax, a boat retailer, reported a cybersecurity incident to the SEC after unauthorized access was found in their systems, but operations and sensitive data were not significantly affected, and they are investigating with law enforcement.
[#]
INTERPOL reports a surge in global cybercrime fueled by AI scams and human trafficking, while a massive French data breach compromises 43 million workers and Nissan confirms a breach affecting 100,000, as Microsoft opens an AI security tool to the public and a LockBit ransomware affiliate faces 4 years in prison with potential extradition to the US.
[#]
Researchers at Salt Labs identified critical security flaws in ChatGPT plugins, which required quick fixes to prevent unauthorized access to private GitHub repositories and sensitive data through OAuth token exploits.
[#]
Malware disguised as popular Chinese text editors Notepad++ and VNote is infecting computers, so users should download software only from official sources and keep their security tools updated.
[#]
Nissan Oceania was attacked by the Akira ransomware group, resulting in the theft of personal data from 100,000 individuals which includes government IDs, and affected customers are being offered free credit monitoring services and identity theft support.
[#]
Security experts found two flaws in Apache Tomcat that can cause service disruption and recommend immediate updating to the latest version for protection.
[#]
A new malware named DarkGate, utilising a 0-day flaw in Windows SmartScreen (CVE-2024-21412), is distributed through fake PDF ads and installs itself with disguised software installers, making patching systems and awareness crucial for protection.
[#]
The US House of Representatives passed a bill that could force TikTok to sell its US operations or be banned due to concerns over foreign surveillance and data privacy.
