# Latest Podcast
# Description
A new exploit for local privilege escalation in Linux kernels (CVE-2024-1086) affects versions 5.14 to 6.6. A security flaw's been found that lets people get more access on Apple macOS systems by messing with file system mount options; it's been fixed now. There's this thing, ChromeKatz, that can grab cookies from Chromium browsers. AutoWLAN helps set up a mobile hotspot with a Raspberry Pi and lets people make it more secure. Matthew Alt showed how to mess with STM32F4 microcontrollers using EMFI. Agenda ransomware is hitting VMWare's vCenter and ESXi servers hard with their new tricks. Folks can make a bad Amazon Machine Image (AMI) that gets into other people's AWS accounts. There's a fix for a problem where folks could read files they shouldn't in Adobe ColdFusion (CVE-2024-20767). Tracecat helps security teams be smarter and faster with cool AI stuff, and mailtools does email things for learning. A script on GitHub can set up AnyDesk with better security options. You can use Grafana Labs tools for keeping an eye on apps and make it safer with GitHub Action. Some smarties figured out how to take advantage of a hole in HTTP .NET Remoting (CVE-2024-29059). Devs can make assembly code easier with x86inc.asm. AMD Zen 2 and Zen 3 chips might be messed up by Rowhammer attacks, even with DDR4 and DDR5. Telegram-Anti-Revoke used to keep messages in Telegram from going poof, but it's not being looked after anymore.
# Tradecraft
[#]
A Proof-of-Concept exploit for a local privilege escalation vulnerability in Linux kernels (CVE-2024-1086) is available that affects versions from 5.14 to 6.6, and detailed configuration instructions are provided for effective use.
[#]
A security research report details a method of escalating privileges on Apple macOS by abusing file system mount options, now patched in recent macOS updates.
[#]
The ChromeKatz project allows users to extract cookies from Chromium-based browsers' memory, bypassing the need for direct database access or DPAPI decryption keys.
[#]
AutoWLAN enables users to set up a portable access point using a Raspberry Pi and Docker containers, with the option to configure security levels through custom hostapd configuration files.
[#]
Matthew Alt outlines the process of using Electromagnetic Fault Injection (EMFI) to bypass security protections on STM32F4 microcontrollers for hardware hacking.
[#]
The Agenda ransomware group is actively targeting VMWare vCenter and ESXi servers using a Rust variant, custom PowerShell script, and BYOVD techniques to spread, requiring robust security measures and vigilance to thwart.
[#]
An explanation of how to create a malicious Amazon Machine Image (AMI) to compromise AWS accounts by embedding a backdoor script and making the AMI public, while also covering the risks of using or sharing AMIs.
[#]
The GitHub page contains an exploit for a file read vulnerability labeled CVE-2024-20767 in Adobe ColdFusion that has been patched, with a script to demonstrate the issue on a trial ColdFusion server.
[#]
Tracecat is an open source automation platform for security teams, incorporating AI capabilities and flexible integrations to boost efficiency in tasks such as phishing email investigation and case management.
[#]
The repository named 'mailtools' contains various scripts for email processing, including SMTP validation, email list cleaning, and responsive email sending, intended for educational use.
[#]
A GitHub repository contains a script for automating the installation and setup of AnyDesk with enhancements for security, including silent installation, password setup, and creating a hidden admin user.
[#]
Grafana Labs provides a range of observability tools for monitoring applications, including a free plan with Grafana for visualization, Loki for logs, Tempo for traces, among other resources, with a GitHub Action introduced for automating Sigma rules validation to enhance security monitoring.
[#]
The repository discusses a vulnerability in HTTP .NET Remoting, identified as CVE-2024-29059, and provides resources and methods to exploit leaked object references, including instructions to create a vulnerable ASP.NET web application and a script to deliver payloads.
[#]
The article provides a guide for developers on using x86inc.asm, a tool to simplify writing hand-written assembly for x86, highlighting its use in creating SIMD optimizations in multimedia software.
[#]
Researchers demonstrate that AMD Zen 2 and Zen 3 processors are susceptible to Rowhammer bit flip attacks despite mitigation measures, suggesting systems using DDR4 and initial testing on DDR5 may also be vulnerable, and make available a fuzzer on GitHub to test DRAM devices.
[#]
Telegram-Anti-Revoke is a now unmaintained plugin that prevented messages in Telegram from being deleted by marking them as "deleted" instead, and required manual installation according to specific Telegram version instructions.
# News
[#]
A new iteration of the Agent Tesla malware loader has been identified, using sophisticated evasion techniques to deliver its payload, which necessitates heightened vigilance and security measures.
[#]
TeamViewer version 15.52 fixes a symlink vulnerability in macOS that could allow attackers to gain higher access and control, so users should update their software promptly.
[#]
Hackers have been exploiting a critical remote code execution flaw in the Ray AI framework since September 2023, targeting Ray servers with poor security practices to steal data and use resources for cryptocurrency mining, with defenses including stricter firewall rules and continuous monitoring recommended.
[#]
Google Play removed 28 malicious apps disguised as VPNs and launchers after they were caught using Android phones as proxies for potentially illegal activities, and users should uninstall any listed apps to avoid misuse of their device.
[#]
TheMoon malware has rapidly infected 6,000 outdated ASUS routers within three days, integrating them into the Faceless proxy service which cybercriminals use to hide their online activities, and device owners are urged to use strong passwords and update firmware or replace end-of-life models to safeguard against such attacks.
[#]
The web page you are trying to access on Feedly that relates to CVEs (Common Vulnerabilities and Exposures) cannot be found, confirm the URL is correct or check back later for availability.
[#]
Minecraft servers are facing DDoS attacks, and server owners should use various methods such as firewalls, VPNs, whitelists, and specialized protection services like Gcore to mitigate these cyber threats.
[#]
A new type of email attack, known as SubdoMailing, uses legitimate-looking emails from compromised subdomains due to outdated DNS records to send phishing attacks, and organizations are advised to keep DNS records updated and continuously monitor domain activity to prevent such breaches.
[#]
A suspicious NuGet package called SqzrFramework480, possibly for industrial espionage, is targeting developers and has been downloaded over 2,400 times without being reported to NuGet, despite its concerning capabilities like taking screenshots and sending data to a remote server.
[#]
The US Justice Department has indicted seven individuals affiliated with a Chinese company for carrying out cyber intrusions against US government officials, politicians, and various companies over a 14-year period in service of China's government espionage efforts.
[#]
Oligo Security researchers found a critical vulnerability, dubbed ShadowRay, in the popular open-source AI framework Ray, which has been exploited in the wild for at least 7 months, causing data leaks and machine takeovers; Ray users must secure their environments against unauthorized access and continuously monitor for anomalies.
[#]
The Communication Workers Union in the UK is dealing with a cyberattack that disrupted its IT systems and may have compromised member data, prompting a forensic analysis to assess and repair the damage.
[#]
The Health Resources and Services Administration's grant payment system was compromised between March and November 2023, resulting in $7.5 million stolen through email hijacking, and the matter is now under investigation by the Department of Health and Human Services.
[#]
Security experts recommend for a reliable voting process the use of hand-marked paper ballots, which are optically scanned, securely stored, and rigorously audited before election results are certified.
[#]
The website Have I Been Pwned offers a comprehensive list of data breaches that allows users to check if their accounts have been compromised and suggests securing accounts by changing passwords and using two-factor authentication.
[#]
Two DNSSEC flaws, KeyTrap and NSEC3-encloser, have different severity impacts; KeyTrap can significantly impair DNS resolvers with a high CPU load, but NSEC3-encloser's effects are less severe, requiring an informed approach to patching and mitigation.
[#]
The UK and US have identified and sanctioned individuals and groups linked to China for cyber attacks targeting the Electoral Commission in 2021 and 43 UK parliamentarians, emphasizing the ongoing threats and the importance of cybersecurity measures to protect democratic institutions.
[#]
The U.S. has imposed sanctions on three cryptocurrency exchanges for aiding Russia in avoiding economic restrictions, freezing assets and targeting companies that connect Russian financial institutions to the global financial system.
[#]
Security researcher Yann Gascuel discovered a critical privilege escalation vulnerability in macOS versions prior to Monterey 12.7.2, Ventura 13.6.3, and Sonoma 14.2, exploited via "diskutil", which Apple has patched, urging users to update their systems immediately.
[#]
The U.S. Treasury has sanctioned three crypto exchanges for processing financial transactions with Russian dark web markets and banks in violation of U.S. restrictions, freezing their U.S. assets and warning financial entities of penalties for engaging with them.
[#]
The United States has charged seven Chinese individuals linked to APT31 for hacking into global networks, stealing data, and compromising emails to potentially influence democratic processes, with up to $10 million offered for information leading to their arrest.
[#]
Panera Bread's nationwide IT systems are down since Saturday, affecting online orders, POS systems, and internal employee services, with the outage potentially caused by a cyberattack.
[#]
The U.S. Cybersecurity and Infrastructure Security Agency has added critical vulnerabilities from FortiClient EMS, Ivanti EPM CSA, and Nice Linear eMerge E3-Series to its Known Exploited Vulnerabilities catalog, urging agencies to patch by April 15, 2024, to prevent potential cyber attacks.
[#]
A critical flaw in Adobe ColdFusion identified as CVE-2024-20767 could allow attackers to read sensitive files, and Adobe has released updates for versions 2023 and 2021 to mitigate this risk.
[#]
New Zealand's government has disclosed that China's state-sponsored APT40 group compromised its parliamentary agencies in 2021, but since then, enhanced security measures have helped protect their networks.
[#]
A federal court in Montana levied a $9.9 million fine against Scott Rhodes for making thousands of illegal robocalls, as US authorities continue to impose strict penalties on unauthorized robocalling practices.
[#]
The GDPR Enforcement Tracker reports significant fines across several countries, with Meta Platforms Ireland facing a record €1.2 billion penalty for data transfer violations and numerous organizations fined for insufficient legal basis for processing, data breach reporting failures, and inadequate informing about data surveillance.
[#]
A security vulnerability in ASP.NET's handling of .NET Remoting over HTTP, which could leak internal object URIs and enable remote code execution, has been mitigated in the January 2024 updates, but developers should avoid using .NET Remoting for new projects and migrate existing applications to more secure technologies.
