HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

The amazing nimvoke is a Nim library for safely doing indirect syscalls and making DInvoke style delegate declarations, with examples shown for use in Nim projects. Skytrack is a Python tool for tracking planes using public data, creating PDFs about them, plus a feature to convert tail numbers and ICAO codes. A security researcher found a bug to listen in on Bluetooth speakers with Just Work pairing, tested with nRF Connect app. NetSoc_OSINT by XDeadHackerX can get info from social networks without needing an account or API. Testing file upload vulnerabilities includes several advanced methods like checking PHP functions, exploiting paths, testing XSS and XXE payloads, and ZIP Slip. SpecterInsight 2.3.0 has a ransomware emulation that safely encrypts files, evades defenses, and comes with a decrypter. CS-AutoPostChain for CobaltStrike focuses on post-exploitation while staying stealthy. Obsidian can turn into a Cyber Threat Intelligence platform for analysts to manage data and analyze links. Someone shared solutions for JavaScript 'Capture the Flag' puzzles, demonstrating weird JS behaviors like type coercion. Setting up notifications for new local admin accounts on Intune devices needs PowerShell scripts, Azure, and sending alerts through email or Teams. Managing data and configs, users can reset filters and adjust kernel object settings. ReverserAI is a Binary Ninja plugin using local LLMs to suggest names for reverse-engineered functions offline, and 'reverser_ai' on GitHub also does this for malware such as PowerPC files. Lastly, there's a guide for checking SMB services on Windows using netexec, smbclient, Impacket, and nmap for finding vulnerabilities and other tasks.

# Tradecraft

[#] 'nimvoke' is a Nim library for executing indirect syscalls and DInvoke style delegate declarations in a security-conscious manner, with examples provided for using these features in custom Nim projects.
Read More @ github.com
[#] Skytrack is a Python-based command-line tool for planespotting and aircraft OSINT, which gathers information on planes using public data sources, creates PDF reports on aircraft, and includes a converter for tail number and ICAO designations.
Read More @ kitploit.com
[#] A security researcher revealed a way to eavesdrop on Bluetooth speakers with built-in microphones using Just Work pairing, which can be tested for vulnerability using the nRF Connect app.
Read More @ mobile-hacker.com
[#] NetSoc_OSINT is a tool created by XDeadHackerX for extracting user information from various social networks without needing a social media account, API, or encountering search limitations.
Read More @ github.com
[#] Explore advanced techniques for testing file upload vulnerabilities including checking for PHP disabled functions, exploiting path traversal, altering directory configurations, uploading XSS and XXE payloads, and leveraging ZIP Slip, to enhance penetration testing effectiveness and identify server weaknesses.
Read More @ medium.com
[#] SpecterInsight's ransomware emulation feature in version 2.3.0 simulates an attack by encrypting files with reversible encryption, bypasses defenses, and offers ethical considerations, including a decrypter to prevent real damage.
Read More @ practicalsecurityanalytics.com
[#] The CS-AutoPostChain is an automation chain for CobaltStrike that optimizes post-exploitation tasks with Operational Security in mind, aimed at improving attack efficiencies and avoiding detection.
Read More @ github.com
[#] Obsidian is a flexible note-taking app that can be turned into a Cyber Threat Intelligence platform, allowing analysts to control their data and visualize connections with features like graph view, canvas, templates, and plugins for enhanced data management.
Read More @ medium.com
[#] A writeup demonstrates solving JavaScript "Capture the Flag" challenges, showing solutions for strange JS behaviors, including type coercion and parsing quirks, resulting in "baNaNa," "0.30000000000000004," "octocat," and using a large number to trigger a default case for a flag.
Read More @ infosecwriteups.com
[#] A method has been provided for setting up notifications when local admin accounts are created on Intune-managed devices, using PowerShell scripts, Azure Automation, Log Analytics, and notifications through mail or Microsoft Teams.
Read More @ systanddeploy.com
[#] To manage data and modify selections in a computing environment, users can reset filters, adjust privacy settings, and work with flexible source structures or allocation sizes for kernel objects.
Read More @ google.com
[#] ReverserAI is a Binary Ninja plugin using local large language models to automatically suggest meaningful function names for reverse engineering, ensuring security by operating offline on consumer hardware.
Read More @ github.com
[#] The GitHub repository 'reverser_ai' by mrphrazer includes a plugin that uses LLM to name functions within malware, such as the PowerPC stub 'triton_inject.bin', and can identify standard functions in statically-linked executables.
Read More @ github.com
[#] This guide provides an updated checklist and methodology for enumerating SMB services on Windows hosts using tools like netexec, smbclient, Impacket, and nmap to discover shares, list files, authenticate, cycle RIDs, and check for vulnerabilities.
Read More @ gitlab.io

# News

[#] Cybersecurity researchers uncovered phishing campaigns affecting over 100 organizations in Europe and the U.S. using StrelaStealer to grab email credentials, updated constantly to evade detection and now spreading via invoice-themed emails with ZIP attachments containing a malicious JavaScript file.
Read More @ thehackernews.com
[#] Researchers have uncovered a new side-channel vulnerability in Apple Silicon chips that allows malware to steal cryptographic keys due to data memory-dependent prefetchers being exploited, with the potential fix involving disabling the prefetcher and reducing CPU performance.
Read More @ theregister.com
[#] Amazon Web Services fixed a critical vulnerability in their Managed Workflows for Apache Airflow service, preventing attackers from hijacking user sessions and executing code remotely.
Read More @ thehackernews.com
[#] The National Vulnerability Database has slowed down analysis of Common Vulnerabilities and Exposures, causing issues for security tools that depend on this data, and while NIST seeks to improve the program, users may consider alternatives or contribute to projects like Anchore's NVD Data Overrides.
Read More @ theregister.com
[#] Kenya's data protection agency demands TikTok to prove its adherence to privacy and user verification laws due to misuse by cybercriminals and concerns over disinformation.
Read More @ darkreading.com
[#] U.S. legislators have introduced a bill requiring AI-generated media to be clearly labeled to combat the cybersecurity risks posed by deepfakes.
Read More @ scmagazine.com
[#] Over 39,000 WordPress websites were injected with malware known as Sign1, causing redirects to scam sites, with attackers using vulnerabilities in plugins or brute-force attacks to gain access.
Read More @ thehackernews.com
[#] A China-linked cyber group has exploited vulnerabilities in software like Connectwise and F5 BIG-IP, delivering malware for espionage against Southeast Asian and Western targets, while steps to mitigate these attacks involve patching known vulnerabilities promptly.
Read More @ thehackernews.com
[#] Pwn2Own Vancouver 2024 concluded with participants earning $1,132,500 by demonstrating 29 unique zero-day exploits in various software including browsers, operating systems, and a Tesla car, and vendors now have 90 days to fix these issues before they are disclosed publicly.
Read More @ securityaffairs.com
[#] Chinese hackers known as UNC5174 are infiltrating networks using new and recently patched security flaws, targeting systems in government, defense, and academia, necessitating prompt patch application and vigilant network monitoring.
Read More @ securityonline.info
[#] A large data repository from the service Have I Been Pwned reveals numerous breaches affecting millions of user accounts from various websites, exposing personal details and compromised data such as email addresses, passwords, and other personal information.
Read More @ haveibeenpwned.com
[#] The U.S. Department of Justice has filed a lawsuit against Apple, claiming that the company's actions monopolize the smartphone market and compromise the security and privacy of messaging services between iPhone users and non-iPhone users.
Read More @ thehackernews.com
[#] The U.S. SEC is investigating the Ethereum Foundation to determine if ETH is a security, BitMEX experienced a flash crash of Bitcoin caused by a few accounts, Slerf memecoin's developer error led to high trading volume, Wilder World game was hacked by a former contractor, a phisher mimicking a crypto trader scammed users of over $2.6 million, the Remilia Collective claimed a multi-million dollar loss due to compromised password manager, NFPrompt reported a security incident and is coordinating with the FBI, a user accidentally burned $1.36 million in Tether, Mozaic Fi was exploited but recovered much of the stolen funds, and MOBOX lending platform was exploited due to a bug in its referral and borrowing system.
Read More @ web3isgoinggreat.com
[#] A researcher disclosed an exploit for a high-severity Windows privilege escalation vulnerability, CVE-2023-36424, and to stay safe, updating Windows with the November 2023 security patch is crucial.
Read More @ securityonline.info
[#] The Unsaflok vulnerabilities allow attackers to forge keycards and unlock over three million Saflok hotel locks globally, with a 36% fix rate as of March 2024, and require MIFARE Ultralight C cards after upgrade for increased security.
Read More @ unsaflok.com
[#] Microsoft is being criticized by US senators for allegedly censoring Bing search results in China, complying with local laws while arguing that their service still provides valuable information to Chinese users.
Read More @ theregister.com
[#] A security researcher details the discovery of malicious code hidden in an open-source SMS tool through forensic analysis of the obfuscated code, Git repositories, and author identification, leading to insights on the dangers of using unverified code and the importance of thorough security reviews.
Read More @ medium.com
[#] The U.S. Department of Justice is suing Apple for antitrust violations, accusing it of maintaining a smartphone monopoly that limits developer freedom and user choice, impacting security and privacy.
Read More @ scmagazine.com
[#] The US government has issued guidance on preventing DDoS attacks, including best practices such as risk assessments, network monitoring, implementing Captcha challenges, using specific mitigation tools, and keeping software and systems updated.
Read More @ theregister.com
[#] Security researchers at SentinelOne have discovered a new malware called AcidPour, an evolved version of AcidRain, which targets Linux x86 systems and has been used against Ukrainian telecoms by Russian hackers associated with the Sandworm group.
Read More @ thehackernews.com
[#] The Curious Serpens hacker group is targeting job applicants in aerospace and defense with a backdoor called FalseFont, designed to steal sensitive data and credentials from infected systems.
Read More @ securityonline.info
[#] The Windows Incident Response Blog discusses Kimsuky, a cyber threat group now using .chm files to attack, and suggests changing file associations and using PowerShell scripts for alerts as protective measures.
Read More @ blogspot.com
[#] Imperva Threat Research exposes a new variant of the Sysrv botnet that uses a Google subdomain to distribute cryptomining malware by exploiting vulnerabilities in Apache Struts and Atlassian Confluence.
Read More @ securityonline.info
[#] Apache Doris has addressed two security vulnerabilities; the significant CVE-2024-27438 enables remote code execution and CVE-2024-26307 causes file modification issues, with users urged to update to versions 2.0.5 or 2.1.x and apply best practices for system security.
Read More @ securityonline.info
[#] Researchers have unveiled a GoFetch attack that leverages flaws in data memory-dependent prefetchers in Apple's m-series chips to extract encryption keys, and although patching the issue is challenging, users can mitigate risk by updating software and developers can disable the prefetcher or use input blinding.
Read More @ gofetch.fail
[#] Security researchers at Colorado State University have reported vulnerabilities in Electronic Logging Devices across the US trucking fleet that could potentially allow attackers to remotely control trucks and spread malware between them.
Read More @ theregister.com
[#] A series of videos on VK detail a terrorist attack at the Crocus City Hall in Moscow, where approximately 70 people died, and the Russian President has declared a national day of mourning on March 24th in response.
Read More @ vk.com
[#] The message is an invitation to register for an online cybersecurity platform using Google, Twitter, Microsoft, or email, with an agreement to terms and privacy policy, and offers options for account recovery.
Read More @ sqrx.com
[#] AnonChatGPT has recently released a secure messaging platform that requires no registration and emphasizes privacy, alongside launching a blog with a highlighted article titled "The Beginning of Infinity."
Read More @ anonchatgpt.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-03-23

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins