HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

A new exploit for local privilege escalation in Linux kernels (CVE-2024-1086) affects versions 5.14 to 6.6. A security flaw's been found that lets people get more access on Apple macOS systems by messing with file system mount options; it's been fixed now. There's this thing, ChromeKatz, that can grab cookies from Chromium browsers. AutoWLAN helps set up a mobile hotspot with a Raspberry Pi and lets people make it more secure. Matthew Alt showed how to mess with STM32F4 microcontrollers using EMFI. Agenda ransomware is hitting VMWare's vCenter and ESXi servers hard with their new tricks. Folks can make a bad Amazon Machine Image (AMI) that gets into other people's AWS accounts. There's a fix for a problem where folks could read files they shouldn't in Adobe ColdFusion (CVE-2024-20767). Tracecat helps security teams be smarter and faster with cool AI stuff, and mailtools does email things for learning. A script on GitHub can set up AnyDesk with better security options. You can use Grafana Labs tools for keeping an eye on apps and make it safer with GitHub Action. Some smarties figured out how to take advantage of a hole in HTTP .NET Remoting (CVE-2024-29059). Devs can make assembly code easier with x86inc.asm. AMD Zen 2 and Zen 3 chips might be messed up by Rowhammer attacks, even with DDR4 and DDR5. Telegram-Anti-Revoke used to keep messages in Telegram from going poof, but it's not being looked after anymore.

# Tradecraft

[#] A Proof-of-Concept exploit for a local privilege escalation vulnerability in Linux kernels (CVE-2024-1086) is available that affects versions from 5.14 to 6.6, and detailed configuration instructions are provided for effective use.
Read More @ github.com
[#] A security research report details a method of escalating privileges on Apple macOS by abusing file system mount options, now patched in recent macOS updates.
Read More @ alter-solutions.fr
[#] The ChromeKatz project allows users to extract cookies from Chromium-based browsers' memory, bypassing the need for direct database access or DPAPI decryption keys.
Read More @ github.com
[#] AutoWLAN enables users to set up a portable access point using a Raspberry Pi and Docker containers, with the option to configure security levels through custom hostapd configuration files.
Read More @ kitploit.com
[#] Matthew Alt outlines the process of using Electromagnetic Fault Injection (EMFI) to bypass security protections on STM32F4 microcontrollers for hardware hacking.
Read More @ voidstarsec.com
[#] The Agenda ransomware group is actively targeting VMWare vCenter and ESXi servers using a Rust variant, custom PowerShell script, and BYOVD techniques to spread, requiring robust security measures and vigilance to thwart.
Read More @ trendmicro.com
[#] An explanation of how to create a malicious Amazon Machine Image (AMI) to compromise AWS accounts by embedding a backdoor script and making the AMI public, while also covering the risks of using or sharing AMIs.
Read More @ appsecco.com
[#] The GitHub page contains an exploit for a file read vulnerability labeled CVE-2024-20767 in Adobe ColdFusion that has been patched, with a script to demonstrate the issue on a trial ColdFusion server.
Read More @ github.com
[#] Tracecat is an open source automation platform for security teams, incorporating AI capabilities and flexible integrations to boost efficiency in tasks such as phishing email investigation and case management.
Read More @ github.com
[#] The repository named 'mailtools' contains various scripts for email processing, including SMTP validation, email list cleaning, and responsive email sending, intended for educational use.
Read More @ github.com
[#] A GitHub repository contains a script for automating the installation and setup of AnyDesk with enhancements for security, including silent installation, password setup, and creating a hidden admin user.
Read More @ github.com
[#] Grafana Labs provides a range of observability tools for monitoring applications, including a free plan with Grafana for visualization, Loki for logs, Tempo for traces, among other resources, with a GitHub Action introduced for automating Sigma rules validation to enhance security monitoring.
Read More @ grafana.com
[#] The repository discusses a vulnerability in HTTP .NET Remoting, identified as CVE-2024-29059, and provides resources and methods to exploit leaked object references, including instructions to create a vulnerable ASP.NET web application and a script to deliver payloads.
Read More @ github.com
[#] The article provides a guide for developers on using x86inc.asm, a tool to simplify writing hand-written assembly for x86, highlighting its use in creating SIMD optimizations in multimedia software.
Read More @ gnome.org
[#] Researchers demonstrate that AMD Zen 2 and Zen 3 processors are susceptible to Rowhammer bit flip attacks despite mitigation measures, suggesting systems using DDR4 and initial testing on DDR5 may also be vulnerable, and make available a fuzzer on GitHub to test DRAM devices.
Read More @ ethz.ch
[#] Telegram-Anti-Revoke is a now unmaintained plugin that prevented messages in Telegram from being deleted by marking them as "deleted" instead, and required manual installation according to specific Telegram version instructions.
Read More @ github.com

# News

[#] A new iteration of the Agent Tesla malware loader has been identified, using sophisticated evasion techniques to deliver its payload, which necessitates heightened vigilance and security measures.
Read More @ securityonline.info
[#] TeamViewer version 15.52 fixes a symlink vulnerability in macOS that could allow attackers to gain higher access and control, so users should update their software promptly.
Read More @ securityonline.info
[#] The German cybersecurity authority has alerted that 17,000 Microsoft Exchange servers in Germany are at risk due to critical vulnerabilities, advising admins to install the latest patches and restrict internet access to trustworthy IPs or use a VPN.
Read More @ bleepingcomputer.com
[#] Hackers have been exploiting a critical remote code execution flaw in the Ray AI framework since September 2023, targeting Ray servers with poor security practices to steal data and use resources for cryptocurrency mining, with defenses including stricter firewall rules and continuous monitoring recommended.
Read More @ bleepingcomputer.com
[#] U.S. authorities call on software makers to perform thorough code reviews to eliminate SQL injection vulnerabilities, emphasizing the need for 'Secure by Design' principles and transparent vulnerability disclosure through the CVE program.
Read More @ theregister.com
[#] Google Play removed 28 malicious apps disguised as VPNs and launchers after they were caught using Android phones as proxies for potentially illegal activities, and users should uninstall any listed apps to avoid misuse of their device.
Read More @ bleepingcomputer.com
[#] TheMoon malware has rapidly infected 6,000 outdated ASUS routers within three days, integrating them into the Faceless proxy service which cybercriminals use to hide their online activities, and device owners are urged to use strong passwords and update firmware or replace end-of-life models to safeguard against such attacks.
Read More @ bleepingcomputer.com
[#] U.S. authorities are seeking information from Google on users who watched certain YouTube videos linked to a money laundering investigation involving Bitcoin and a bomb threat investigation, raising privacy concerns over the extent of digital surveillance.
Read More @ malwarebytes.com
[#] The web page you are trying to access on Feedly that relates to CVEs (Common Vulnerabilities and Exposures) cannot be found, confirm the URL is correct or check back later for availability.
Read More @ feedly.com
[#] Minecraft servers are facing DDoS attacks, and server owners should use various methods such as firewalls, VPNs, whitelists, and specialized protection services like Gcore to mitigate these cyber threats.
Read More @ thehackernews.com
[#] A new type of email attack, known as SubdoMailing, uses legitimate-looking emails from compromised subdomains due to outdated DNS records to send phishing attacks, and organizations are advised to keep DNS records updated and continuously monitor domain activity to prevent such breaches.
Read More @ feedpress.me
[#] A suspicious NuGet package called SqzrFramework480, possibly for industrial espionage, is targeting developers and has been downloaded over 2,400 times without being reported to NuGet, despite its concerning capabilities like taking screenshots and sending data to a remote server.
Read More @ packetstormsecurity.com
[#] The US Justice Department has indicted seven individuals affiliated with a Chinese company for carrying out cyber intrusions against US government officials, politicians, and various companies over a 14-year period in service of China's government espionage efforts.
Read More @ packetstormsecurity.com
[#] Oligo Security researchers found a critical vulnerability, dubbed ShadowRay, in the popular open-source AI framework Ray, which has been exploited in the wild for at least 7 months, causing data leaks and machine takeovers; Ray users must secure their environments against unauthorized access and continuously monitor for anomalies.
Read More @ oligo.security
[#] The Communication Workers Union in the UK is dealing with a cyberattack that disrupted its IT systems and may have compromised member data, prompting a forensic analysis to assess and repair the damage.
Read More @ scmagazine.com
[#] The Health Resources and Services Administration's grant payment system was compromised between March and November 2023, resulting in $7.5 million stolen through email hijacking, and the matter is now under investigation by the Department of Health and Human Services.
Read More @ scmagazine.com
[#] Security experts recommend for a reliable voting process the use of hand-marked paper ballots, which are optically scanned, securely stored, and rigorously audited before election results are certified.
Read More @ schneier.com
[#] The website Have I Been Pwned offers a comprehensive list of data breaches that allows users to check if their accounts have been compromised and suggests securing accounts by changing passwords and using two-factor authentication.
Read More @ haveibeenpwned.com
[#] Two DNSSEC flaws, KeyTrap and NSEC3-encloser, have different severity impacts; KeyTrap can significantly impair DNS resolvers with a high CPU load, but NSEC3-encloser's effects are less severe, requiring an informed approach to patching and mitigation.
Read More @ theregister.com
[#] The UK and US have identified and sanctioned individuals and groups linked to China for cyber attacks targeting the Electoral Commission in 2021 and 43 UK parliamentarians, emphasizing the ongoing threats and the importance of cybersecurity measures to protect democratic institutions.
Read More @ theregister.com
[#] The U.S. has imposed sanctions on three cryptocurrency exchanges for aiding Russia in avoiding economic restrictions, freezing assets and targeting companies that connect Russian financial institutions to the global financial system.
Read More @ thehackernews.com
[#] Security researcher Yann Gascuel discovered a critical privilege escalation vulnerability in macOS versions prior to Monterey 12.7.2, Ventura 13.6.3, and Sonoma 14.2, exploited via "diskutil", which Apple has patched, urging users to update their systems immediately.
Read More @ securityonline.info
[#] The U.S. Treasury has sanctioned three crypto exchanges for processing financial transactions with Russian dark web markets and banks in violation of U.S. restrictions, freezing their U.S. assets and warning financial entities of penalties for engaging with them.
Read More @ bleepingcomputer.com
[#] The United States has charged seven Chinese individuals linked to APT31 for hacking into global networks, stealing data, and compromising emails to potentially influence democratic processes, with up to $10 million offered for information leading to their arrest.
Read More @ theregister.com
[#] Panera Bread's nationwide IT systems are down since Saturday, affecting online orders, POS systems, and internal employee services, with the outage potentially caused by a cyberattack.
Read More @ bleepingcomputer.com
[#] The U.S. Cybersecurity and Infrastructure Security Agency has added critical vulnerabilities from FortiClient EMS, Ivanti EPM CSA, and Nice Linear eMerge E3-Series to its Known Exploited Vulnerabilities catalog, urging agencies to patch by April 15, 2024, to prevent potential cyber attacks.
Read More @ securityaffairs.com
[#] A critical flaw in Adobe ColdFusion identified as CVE-2024-20767 could allow attackers to read sensitive files, and Adobe has released updates for versions 2023 and 2021 to mitigate this risk.
Read More @ securityonline.info
[#] New Zealand's government has disclosed that China's state-sponsored APT40 group compromised its parliamentary agencies in 2021, but since then, enhanced security measures have helped protect their networks.
Read More @ theregister.com
[#] A federal court in Montana levied a $9.9 million fine against Scott Rhodes for making thousands of illegal robocalls, as US authorities continue to impose strict penalties on unauthorized robocalling practices.
Read More @ bleepingcomputer.com
[#] The GDPR Enforcement Tracker reports significant fines across several countries, with Meta Platforms Ireland facing a record €1.2 billion penalty for data transfer violations and numerous organizations fined for insufficient legal basis for processing, data breach reporting failures, and inadequate informing about data surveillance.
Read More @ enforcementtracker.com
[#] A security vulnerability in ASP.NET's handling of .NET Remoting over HTTP, which could leak internal object URIs and enable remote code execution, has been mitigated in the January 2024 updates, but developers should avoid using .NET Remoting for new projects and migrate existing applications to more secure technologies.
Read More @ code-white.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-03-27

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins