HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

An article 'bout a bad spot in Palo Alto GlobalProtect for Windows lets users with no much power delete big-time files; gotta do links 'n stuff to fix it. Another says you gotta check off a list for AI security, with things like updates and knowing your AI stuff real good. There's stuff on finding who's legit in Active Directory with tools like SMB and such. To keep Apache OFBiz safe from a XXE problem, you should get it to a newer version, no outside DTDs, and check XML good. Pyradm's a Python thing that lets you control your computer things from far using messages. Darkdump helps you look in the deep web right from your typing place with ways to not tell who ya are. ACHE's a crawler that's real good at finding the stuff you want on the web and is free to use. The text shows ya how to dig up Instagram info without even logging in. Last thing's 'bout new updates for keeping track of bugs in the Linux Kernel. If you're itchin' for more, head to haq.news for all the deeds.

The International Monetary Fund's email system was hacked and they're looking into it but no other part of the system is in trouble. BunnyLoader 3.0 malware can steal logins and act like it's not bad stuff. The U.S. Department of Justice grabbed $2.3 million in cryptocurrency from Binance for a scam. Aylo Global Entertainment stopped people in Texas from going to PornHub and wants a new way to make sure users are old enough. Some guy from Moldova got in trouble for 42 months cause he ran a bad site named E-Root. IT helpdesk folks are being tricked by hackers acting like they work there. McDonald's tech messed up worldwide because someone did a big oops, but it's fixing now. A CPU data leak named GhostRace got found out, like Spectre, but there are ways to stop it. US lawmakers might say bye to TikTok if the Chinese owners don't sell it. Jonathan Katz did bad SIM swaps for Bitcoin. Again, a big mess happened at McDonald's 'cause of a tech oops. Lotsa cyber incidents with Ethereum, Twitter, Kickstarter, and other places. A startup made a cool robot called Figure 01 with help from OpenAI, it's smarter than Tesla's. UK Defence Secretary's jet had GPS and talky problems near some place called Kaliningrad, Russia's fault, but all was okay. INTERPOL says bad computer crimes are going up 'cause of smart tech and cryptocurrency. A Russian-Canadian hacker and other bad computer news happened. There's this really sneaky StopCrypt ransomware now, bad guys want money to unlock your files. France Travail has a big break-in, lotsa personal stuff out there now. ShadowSyndicate is hacking stuff with old aiohttp holes, and Google Chrome is stopping more phishy sites to keep you safe. Some smart C++ dude wants the computer language to be safer. Bad guys in China are tricking people with not real Notepad++. Fortinet EMS had a big bad hole but it's better now. FCC made a new safe sticker for smart thingamajigs to show they're following rules. ChatGPT plugins had a bad problem that could let people see what they shouldn't. The FTC played undercovers and got some companies to pay back $26 million for lying about fixing computers. More bad computer news with UltraEdit for macOS. Apache CXF had a hole, so update it now. Phoenix Contact's CHARX SEC had real bad problems, get a patch or be careful. Apache ZooKeeper told people where stuff is hidden, but they fixed it. JSONata had a huge oh no, but they got a fix for it. Senator Wyden is worried about Chinese safe locks with backdoors. 5Ghoul issues got a bit fixed but not all good yet. A man from Portugal with autism doesn't wanna go to the US. Malpulse is watching bad servers. A website Ahmia tells you to be careful not to go to a fake one. Cool lists of Chrome extensions help with secret web stuff. "bad-opsec" on GitHub teaches about computer no-nos. LABЭKS looks at spies and their history. A website has a cool map with all the boats and stuff. The submarine cable map got updated to show wires under the water. And TeleGeography helps phone companies know stuff.

# Tradecraft

[#] A vulnerability in Palo Alto GlobalProtect for Windows allows unprivileged users to delete files with high privileges, which could lead to taking over the system, with a solution involving steps such as creating symbolic links and using OpLocks to escalate privileges.
Read More @ github.com
[#] An AI security checklist suggests steps like updating defenses against AI-enhanced attacks, threat modeling, AI asset inventory, training, establishing business cases, governance, legal reviews, regulatory compliance, and testing for safely using generative AI in cybersecurity.
Read More @ infosecwriteups.com
[#] This article explains methods to identify valid user accounts in an Active Directory environment using tools like SMB, RPC, and Kerbrute.
Read More @ infosecwriteups.com
[#] To secure Apache OFBiz from the XXE vulnerability CVE-2018–8033, upgrade to version 16.11.04 or higher, disable external DTDs, and validate XML input.
Read More @ infosecwriteups.com
[#] Pyradm is a Python-based remote administration tool that allows control and access to various system functions like screenshots, file management, and location tracking through Telegram messages.
Read More @ kitploit.com
[#] Darkdump is a Python tool that lets you search the deep web from the terminal using a direct query, with options to limit search results and enhance anonymity using a proxy.
Read More @ github.com
[#] ACHE is an open-source web crawler that focuses on harvesting specific web content by using classifiers and can prioritize links, output data in various formats, and is now under Apache 2.0 license.
Read More @ github.com
[#] The text provides an overview of how to use open-source intelligence (OSINT) techniques for researching and extracting information from Instagram, including alternative methods to view content without logging in, the types of data available, and tools for downloading videos and locating user profiles.
Read More @ bashinho.de
[#] Enhancements in automatic regression handling and reporting for the Linux Kernel improve bug tracking and integration in developer workflows.
Read More @ collabora.com

# News

[#] The International Monetary Fund's email system was attacked, and after discovering the hack in February, they secured the 11 affected accounts and are investigating further without any current evidence of wider system compromise.
Read More @ bleepingcomputer.com
[#] A new malware called BunnyLoader 3.0 can steal login details and cryptocurrency, and it avoids detection by pretending to be safe applications.
Read More @ hackread.com
[#] The U.S. Department of Justice is seizing $2.3 million in cryptocurrency from Binance accounts linked to a scam that tricked people into fake investments via social platforms.
Read More @ bleepingcomputer.com
[#] Aylo Global Entertainment has blocked Texas users from accessing PornHub and related sites, protesting age verification laws they claim are harmful and ineffective, and suggesting device-based verification as an alternative.
Read More @ bleepingcomputer.com
[#] A Moldovan national was sentenced to 42 months in prison for operating the E-Root cybercrime marketplace, which sold access to compromised computers.
Read More @ securityaffairs.com
[#] IT helpdesk workers are increasingly being targeted by cybercriminals who pose as employees to gain control of user accounts, suggesting that organizations should improve security measures such as multi-factor authentication and identity verification to protect against such attacks.
Read More @ theregister.com
[#] McDonald's faced a worldwide technology disruption due to a service provider's configuration blunder, leading to restaurant closures and system failures which have since been rectified.
Read More @ bleepingcomputer.com
[#] Researchers found a new CPU data leak called GhostRace that can steal information using a method similar to Spectre attacks, and patches are provided to help secure systems against this vulnerability.
Read More @ thehackernews.com
[#] US lawmakers are considering a new bill that could ban the social media app TikTok unless its Chinese owners sell it, due to concerns over user data security and potential links to the Beijing government.
Read More @ packetstormsecurity.com
[#] A former manager, Jonathan Katz, pleaded guilty to performing illegal SIM swaps for Bitcoin, enabling hackers to bypass two-factor authentication and access victims' online accounts.
Read More @ bleepingcomputer.com
[#] A configuration change at a third-party provider caused a global McDonald's IT outage, disrupting point of sale systems and necessitating some restaurants to temporarily shut down or take orders manually with cash payments.
Read More @ bleepingcomputer.com
[#] Recent cyber incidents include a $2 million Ethereum phishing loss, multi-million dollar scams on Incognito Market and Twitter, dubious Kickstarter blockchain pivot, Crypto4Winners fund theft, and hacks on Unizen and WOOFi platforms, with community actions taken to mitigate the impacts.
Read More @ web3isgoinggreat.com
[#] A startup named Figure, collaborating with OpenAI, has developed a robot called Figure 01 that shows advanced autonomous movement and problem-solving abilities without human teleoperation, surpassing Tesla's Optimus robot in both functionality and innovation.
Read More @ gizmodo.com
[#] The UK Defence Secretary's jet experienced GPS and communication disruption due to a suspected Russian electronic warfare attack near Kaliningrad, during a flight from Poland after visiting NATO troops, without endangering the aircraft's safety.
Read More @ securityaffairs.com
[#] INTERPOL reports that cybercrime is growing with AI tech and cryptocurrency abuse, requiring global cooperation and advanced defenses to counter AI-generated phishing and to protect from financial scams.
Read More @ hackread.com
[#] Russian-Canadian hacker Mikhail Vasiliev is sentenced to prison and ordered to pay restitution for his role in LockBit ransomware attacks, while GitHub users exposed millions of secrets in 2023, and threat group Magnet Goblin exploited one-day vulnerabilities to distribute Linux malware.
Read More @ sentinelone.com
[#] A new version of the StopCrypt ransomware has been discovered, which uses more complex multi-stage execution and process hollowing techniques to avoid detection, and encrypts files with a ".msjd" extension, demanding a ransom via a "_readme.txt" note in impacted folders.
Read More @ bleepingcomputer.com
[#] France's employment agency France Travail, also known as Cap Emploi, reported a massive breach exposing personal data of 43 million people, suggesting users watch for fraud and requesting proactive cybersecurity measures.
Read More @ hackread.com
[#] The ShadowSyndicate ransomware group is now attacking servers using a vulnerability in the aiohttp Python framework, and server admins should update to version 3.9.2 or later to prevent data leaks.
Read More @ securityonline.info
[#] Google announced a new feature for Chrome that checks web URLs in real-time to block more phishing sites and protect users' privacy during the process.
Read More @ thehackernews.com
[#] C++ expert Herb Sutter discusses the need for stricter enforcement of safety rules in the language to prevent common security vulnerabilities.
Read More @ schneier.com
[#] Chinese internet users are being tricked into downloading fake Notepad++ and VNote software that actually contains a backdoor called Geacon, which can take over their computers.
Read More @ thehackernews.com
[#] Fortinet has fixed a severe remote code execution issue, CVE-2024-48788, in FortiClient EMS and users should update to versions 7.2.3 or 7.0.11 to protect their systems.
Read More @ darkreading.com
[#] The FCC has started a new cybersecurity label for IoT products, which shows if they meet security standards set by NIST.
Read More @ darkreading.com
[#] A security issue was found in ChatGPT plugins related to Oauth handling, which could allow unauthorized access to private code repositories.
Read More @ reddit.com
[#] Security experts found a new version of StopCrypt ransomware that avoids detection by using complex tech like process hollowing and dynamic API calls, and encrypts files with a ".msjd" extension.
Read More @ bleepingcomputer.com
[#] The Federal Trade Commission undercover operation led to a $26 million settlement with companies Restoro and Reimage for tricking customers into unnecessary computer repair services.
Read More @ theregister.com
[#] Security experts found that fake UltraEdit software for macOS is really malware that takes over computers, and they suggest watching for unknown libraries, hidden files, and odd network activity to catch it.
Read More @ securityonline.info
[#] If you're using Apache CXF, upgrade to versions 4.0.4, 3.6.3, or higher to fix a server-side request forgery vulnerability identified by CVE-2024-28752.
Read More @ securityonline.info
[#] Phoenix Contact's CHARX SEC charge controllers have critical security flaws that could let hackers control devices, so users must upgrade to firmware v1.5.1 or newer and follow provided network security guidelines.
Read More @ securityonline.info
[#] Apache ZooKeeper versions 3.9.0 to 3.9.1, 3.8.0 to 3.8.3, and 3.6.0 to 3.7.2 have a critical flaw that lets attackers see where data is stored, and users should install the new 3.9.2 or 3.8.4 versions that fix this issue.
Read More @ securityonline.info
[#] A critical security issue, CVE-2024-27307, in JSONata library version 1.4.0 and later could let attackers run harmful code, but it can be fixed by updating to versions 1.8.7 or 2.0.4 and above or applying provided patches.
Read More @ securityonline.info
[#] Senator Wyden warns that Chinese-made electronic safe locks, potentially accessible by foreign spies, pose a risk to US intellectual property security, and urges awareness and use of government-standard locks without backdoor access.
Read More @ theregister.com
[#] The 5Ghoul vulnerabilities affecting various 5G devices have been partially patched by Qualcomm and MediaTek, but some vendors have not updated their firmware, leaving certain devices at risk for connection exploitation.
Read More @ sans.edu
[#] A Portuguese man with autism, Diogo Santos Coelho, is fighting extradition to the US on cybercrime charges because he fears a harsh sentence and has no support system there.
Read More @ theguardian.com
[#] Malpulse is tracking Command & Control (C&C) servers used by malware like DCRat, Havoc, FletchenStealer, and SerpentStealer, and reports new detections as of March 16, 2024.
Read More @ malpulse.com
[#] The website Ahmia provides a search engine for the Tor network's hidden services, but warns users of a fake site mimicking Ahmia's onion address with the correct one beginning with 'juhanurmihxlp77' and ending with '4csyd.onion'.
Read More @ ahmia.fi
[#] A new list of Chrome extensions enhances OSINT work by improving web browsing, monitoring changes, managing tabs, note-taking, and ensuring privacy and security.
Read More @ i-intelligence.eu
[#] The GitHub repository "bad-opsec" is a collection of resources highlighting operational security failures and their consequences, serving as educational material for improving personal security practices.
Read More @ github.com
[#] The Intelligence Studies Laboratory, known as LABЭKS, focuses on analyzing, organizing, and publishing information related to international intelligence service activities, including their historical transformations, impact on state policies, and notable successes and failures.
Read More @ intelligence-express.ru
[#] A website provides live maps and tracking for maritime transportation, including data on ships, ports, shipyards, and maritime weather, alongside tools for calculating distances between ports and locating ship services.
Read More @ shiplocation.com
[#] The website updated their submarine cable map on March 11, 2024, showing a comprehensive network of undersea data cables that connect different regions across the globe.
Read More @ submarinecablemap.com
[#] TeleGeography is a resource for tracking global telecom data and trends, providing datasets, analysis, and consultations to help businesses in the telecom industry make informed decisions.
Read More @ telegeography.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-03-16

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins