# Latest Podcast
# Description
At SpecterOps, they found that Microsoft Exchange Server might lead to domain control attacks due to permission setups in Active Directory, unless mitigated by splitting permissions or restricting Exchange's rights. MultiDump is a new tool avoiding Windows LSASS memory dump detection with encryption and requires updated parsing tools. Another article showcases how to exploit Android Jetpack Navigation to access any app fragment. Guillaume Caillé describes bypassing 'Loader Lock' by DLL side-loading differently. Microsoft's PyRIT helps identify risks in generative AI, while OWASP OFFAT tests APIs for vulnerabilities. Tutorials and tools are discussed for IP search engines and Extractify extracts data for cyber analysis. Stuart McClure and another professional provide insights into cyber threats. WorldviewAI's site brings global info, including cyber warfare. Advangle helps create advanced web searches, and Profile Discover finds social media profiles fast. Iván Santos Malpica shares web security bypass methods, and another security pro shows that manual SQL injection can outperform tools like sqlmap. Rishi introduces Nuclei templates to detect phishing, and a Python Flask app has template injection vulnerabilities. A GitHub repo displays an exploit for an aiohttp server (CVE-2024-23334). Lastly, a Linux Bash script uses Google dorking for info gathering.
# Tradecraft
[#]
SpecterOps reports that Microsoft Exchange Server's permission setup within Active Directory still allows potential attack paths for unauthorized domain control unless specific mitigation steps, like transitioning to an Active Directory split permissions model or restricting Exchange's permissions, are taken.
[#]
MultiDump is a tool for securely dumping and extracting Windows LSASS memory without alerting Defender, offering local encryption and remote handling capabilities, and requires updated Pypykatz and impacket for parsing.
[#]
The article details an exploitation method where a malicious intent can navigate to any Android fragment within an app's navigation graph, bypassing intended logic by abusing the way Android Jetpack Navigation handles deep links.
[#]
Guillaume Caillé explains a method for DLL side-loading without using DllMain to avoid the 'Loader Lock' limitation, by instead hijacking the first function called by the legitimate process and executing malicious code from there.
[#]
The Python Risk Identification Tool (PyRIT) is a framework provided by Microsoft to help security experts and machine learning engineers identify potential risks and improve the security of generative AI systems by automating the evaluation of harm categories like false content, misuse, and prohibited conduct.
[#]
The OWASP OFFAT is a tool designed for automatic API vulnerability testing using openapi specification files, featuring a range of security checks, automated and configurable testing, and support for integration with other platforms.
[#]
The content details a collection of tutorials and tools for using IP search engines to gather varied data on internet-connected devices, beneficial for cybersecurity professionals.
[#]
Extractify is a tool designed for cyber security practitioners to retrieve Endpoints, URLs, Parameters, and Secrets from various contents for investigation and analysis.
[#]
Stuart McClure writes about strategies to identify and mitigate cyber threats while the other author focuses on teaching how to use offensive and defensive cyber security techniques.
[#]
[tag] This content is a layout of the WorldviewAI website which provides various categories of global information, including cyber warfare and open-source intelligence, aiming to enhance user's knowledge in these fields.
[#]
Advangle is a user interface for constructing advanced web search queries for Google and Bing, offering examples and allowing users to add, disable, or save conditions for their searches.
[#]
A cyber security professional manually bypassed security measures to exploit a SQL injection that automated tools like sqlmap couldn't, demonstrating the importance of human ingenuity in hacking.
[#]
Cybersecurity analyst Rishi introduces a method to detect phishing sites using automated scripts called Nuclei templates, which can discern fake sites by comparing the domain and page details with legitimate ones, aiming to aid threat analysis and bolster OSINT efforts.
[#]
A Python Flask application with Jinja2 template is exposed to server-side template injection, enabling unsanitized user input to execute arbitrary code on the server which can be mitigated by input sanitization and using a sandboxed environment.
[#]
The GitHub repository by jhonnybonny demonstrates a Local File Inclusion (LFI) exploit against the aiohttp server library, identified as CVE-2024-23334, and includes installation instructions, an example server, and scripts for both scanning and exploiting the vulnerability.
[#]
An automated Linux Bash script utilizes Google dorking for efficient information gathering by opening multiple search queries in browser tabs.
# News
[#]
Imperva Threat Research reports a new Sysrv botnet variant that uses a Google subdomain to distribute an XMRig miner, emphasizing the ongoing evolution of threat actors who now exploit legitimate domains for malicious activities.
[#]
A malware-as-a-service campaign is attacking Android users in India by disguising as helpful apps and stealing banking and SMS data, which can be defended against by downloading apps only from trusted sources and using security software.
[#]
The U.S. government is forming a Water Sector Cybersecurity Task Force to enhance protection against cyber threats to the nation's water and wastewater systems due to recent concerns over foreign hacker attacks and a lack of basic cyber hygiene within the sector.
[#]
GitHub has introduced a public beta AI feature for its Advanced Security customers that suggests fixes for vulnerabilities in JavaScript, Typescript, Java, and Python code, aiming to reduce the workflow for security teams.
[#]
Ivanti has released a critical patch for a Standalone Sentry vulnerability reported by NATO, which could allow attackers to execute arbitrary commands without authentication; users are urged to apply the update immediately to prevent exploitation.
[#]
Mintlify, a software documentation platform, experienced a data breach where 91 GitHub tokens were exposed, and has since revoked the tokens, patched the vulnerability, and advised users to change passwords and enable two-factor authentication.
[#]
Drivers are employing various methods to conceal their license plates from automatic toll booth readers to evade toll charges, resulting in increased law enforcement penalties.
[#]
Cybercriminals, pretending to be law firms, have been sending phishing emails with malware-laden PDFs titled like legal invoices, which organizations should train employees to recognize and guard against by monitoring for unusual traffic and external PDF invoices.
[#]
VF Group, which owns Vans and other brands, experienced a data breach revealing customer personal information, and customers are advised to be cautious of potential fraud or phishing attempts.
[#]
Law enforcement's recent actions against ransomware groups like LockBit and ALPHV have caused distrust among hackers, leading to a rise in new ransomware-as-a-service startups offering higher trust and profit shares to attract affiliates.
[#]
UK bakery chain Greggs experienced a payment system outage affecting their tills, which has been resolved without details on the cause provided.
[#]
Canary infra is a new type of cloud-based honeypot system that aims to improve intrusion detection with low cost and maintenance, high alert precision, and is difficult for attackers to identify or avoid.
[#]
Over 70 million individuals' data, initially claimed to be stolen from AT&T in 2021 and now decrypted, was recently made available on a cybercrime forum, with steps for AT&T customers including caution against impersonation, no hurried decisions, and using identity monitoring services.
[#]
A phishing campaign named Fluffy Wolf is using simple tools like Meta Stealer malware and legitimate software to target Russian companies through fake accounting report emails.
[#]
Security research has revealed that misconfigurations in over 900 Google Firebase instances have led to the exposure of nearly 125 million records, including sensitive information like names, banking details, and passwords; cloud administrators are advised to use secure vaults, secrets management, and promptly apply patches and updates to mitigate such risks.
[#]
The London Clinic is investigating a staff member for unauthorized access to Princess Kate's medical records, while data protection authorities are assessing the breach.
[#]
Robert Purbeck has admitted to committing cybercrimes against medical facilities by stealing data and extorting victims, and has agreed to pay $1 million in restitution following his arrest and conviction.
[#]
Researchers have discovered a new denial-of-service attack that exploits UDP protocols to create endless communication loops between two servers, potentially affecting 300,000 hosts and requiring traffic spoofing filtration measures like BCP38 to prevent it.
[#]
Cybersecurity experts report that multiple malicious actors are actively exploiting a critical JetBrains TeamCity flaw, identified as CVE-2024-27198, to conduct unauthorized activities, including deploying malware and ransomware; users are urged to update to version 2023.11.4 or apply the provided security patch to mitigate this threat.
[#]
Researchers at Palo Alto Networks' Unit 42 have discovered BunnyLoader 3.0, an updated malware loader that features new denial-of-service capabilities, smaller payload size, advanced keylogging, and improved antivirus evasion, requiring users to apply robust cybersecurity measures to counter these threats.
[#]
Global cyber security agencies have issued an alert about the Chinese cyber espionage campaign Volt Typhoon, urging critical infrastructure providers to enhance logging to detect breaches.
[#]
The Pokemon Company has reset passwords for a small fraction of users after detecting and preventing unauthorized login attempts, with no further action required for unaffected accounts.
[#]
Microsoft is set to halt its cloud services in Russia by month-end due to EU sanctions, urging Russian users to transfer their data to local alternatives.
[#]
Cybersecurity researchers have discovered a new version of BunnyLoader malware with enhanced stealing and keylogging abilities, and a sophisticated infection process that uses multiple modules to avoid detection and perform attacks.
[#]
The U.S. Environmental Protection Agency is forming a Water Sector Cybersecurity Task Force to enhance the defense of water systems against threats like Cyber Av3ngers and Volt Typhoon, while CISA warns of these groups' potential for disruption and urges critical sectors to implement secure design principles and heightened vigilance against social engineering.
[#]
European aerospace company Airbus has ended its discussions to acquire the cybersecurity and big data services from French IT company Atos, leading to a significant drop in Atos' stock value and delaying their earnings report as they consider other strategic options.
[#]
The White House and EPA have warned governors of cyberattacks on the U.S. water sector and are creating a Task Force to improve cybersecurity defenses.
[#]
The SEC fined two companies for falsely claiming to use advanced AI in their products, a deceptive practice known as "AI washing."
[#]
Researchers have uncovered a Python malware named AndroxGh0st targeting Laravel applications, exploiting known vulnerabilities to gain access and compromise systems.
[#]
Ukraine faces ongoing cyberattacks by group UAC-0006 using Smoke Loader malware to infiltrate financial and government institutions, requiring increased vigilance and security measures against phishing and other social engineering tactics.
[#]
The FBI's 2023 Internet Crime Report reveals that Americans were affected more financially by investment fraud, especially cryptocurrency scams, than by ransomware, with a notable increase in losses among the elderly.
[#]
Chinese cyber espionage group Earth Krahang has breached over 70 organizations worldwide using phishing, brute force attacks, and custom backdoors, targeting mostly government entities in Asia, America, Europe, and Africa.
[#]
Three researchers discovered that 19 million passwords, along with other sensitive data, were left exposed due to misconfigured Firebase databases, prompting attempts to warn affected organizations to secure their systems.
[#]
Rhino Security Labs has released a proof-of-concept for a critical command execution vulnerability in Progress Kemp LoadMaster devices, and users should apply the provided patches to prevent potential network breaches.
[#]
An IT contractor in Australia was sentenced to 30 months in jail for illegally rerouting over AU$66,000 to his account from the National Maritime Museum and was caught after the museum reported suspicious transactions.
[#]
An analysis of fraud groups on classified advertising platforms like Avito reveals a model known as Fraud-as-a-Service, involving organizers, support teams, and individual workers who use social engineering and phishing links to siphon money from unsuspecting users.
[#]
Flightradar24 has released a new GPS jamming map tool that visually indicates areas of GPS interference worldwide, enhancing navigational data integrity monitoring for aircraft.
[#]
In the 2023 overview of Russia's "probing" black market, intermediary services for unauthorized access to government, mobile, and banking data have shown a price increase due to tougher measures against insiders, with the median cost rising by 18.5 times over seven years and mobile data breach being the most expensive.
[#]
The text provides details on a public service offered by the Russian Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor), including DNS information, domain registration data, email server configurations, security certificate chains, and offers a monitoring service for system outages with various cybersecurity tools.
[#]
Arkham Intelligence Inc. has unveiled a set of tools that enable the tracking and analysis of cryptocurrency activities and link them to real-world identities and institutions, with a focus on customizable alerts, historical price tracking, network mapping transactions, and a searchable database of cryptocurrency users.
[#]
Justicio is a free, open-access archive providing detailed information on state, autonomous, and European legislation, currently available for Spain and some provinces, and invites collaboration from users.
