# Latest Podcast
# Description
This article teaches malware developers how to dodge antivirus by changing NTFS attributes, in-memory tricks, digital certificates, and more, with tips for security pros. There's updates on malware IOCs vital for knowing and stopping threats. Cloud_Enum looks for open cloud stuff on AWS, Azure, and others using keywords. Telerecon helps with Intel on Telegram, like scraping chats and seeing user links, but you need to set it up right. Awesome Cloud Security Labs has free security exercises for cloud tech. Netlas.io scans the internet for research and can spot industrial controls online needing better security. Backslash-powered-scanner finds hidden injection problems in servers and slides past firewalls. You can learn how to use Rust language in cybersecurity with their tool. There's a full guide on Windows for malware work, and a project for a DNS Tunnel Keylogger to sneak out info without getting caught. Lastly, learn to spot .NET malware with GUIDs and MVIDs, and find Yara rules online.
# Tradecraft
[#]
This article provides detailed techniques and code snippets for malware developers to evade antivirus detection by manipulating NTFS file attributes, using in-memory code execution, employing stolen digital certificates, and other methods, while including defensive strategies for cybersecurity professionals to counter such tactics.
[#]
The repository provides updated lists of indicators of compromise (IOCs) from various malware investigations, which are crucial for cybersecurity practitioners to detect and mitigate threats effectively.
[#]
Cloud_Enum is a tool used for Open Source Intelligence (OSINT) that can identify publicly accessible resources on various cloud platforms, including AWS, Azure, and Google Cloud, by using keywords and brute-force techniques.
[#]
Telerecon is a tool designed for Open Source Intelligence gathering on Telegram, providing users with various abilities such as scraping messages, identifying user links, analyzing ideological indicators, and mapping user networks, all of which require prerequisite steps including installation of required software and obtaining API access to Telegram.
[#]
Awesome Cloud Security Labs offers a collection of free, cloud-native security training exercises, including Capture The Flag (CTF) challenges, self-hosted workshops, guided vulnerability labs, and research labs, across various cloud environments and technologies.
[#]
Experts to locate internet-exposed industrial control systems and SCADA interfaces, using specific search queries tailored to protocols and vendors, which enables the assessment and enhancement of the security of critical infrastructure.
[#]
The backslash-powered-scanner is a Burp Suite extension that enhances active scanning by finding both known and unknown server-side injection vulnerabilities, reducing false positives and subtly evading web application firewalls.
[#]
The page describes the OffensiveRust repository, which contains experiments in developing and using the Rust programming language for creating tools and techniques applicable in offensive cybersecurity operations.
[#]
The article provides a detailed technical guide on Windows architecture, memory management, API calls, and DLLs, focusing on their importance in cyber security and malware development.
[#]
The repository contains a DNS Tunnel Keylogger project which involves a server and client setup to exfiltrate keystrokes from a compromised system using DNS tunneling to bypass firewalls and avoid detection.
[#]
A security researcher details how to analyze and classify .NET malware using GUIDs and MVIDs, providing tools and Yara rules for more efficient and reliable detection on their GitHub page.
# News
[#]
Ubuntu's Snap Store, which distributes apps for the Linux system, is implementing a manual review process to prevent fake cryptocurrency wallet apps that have been scamming users by stealing their currencies.
[#]
JetBrains updated TeamCity to fix 26 security issues, but didn't share the details, while also introducing a semi-automatic update feature for critical security patches.
[#]
Harvard Pilgrim Health Care revealed a ransomware incident from last year affected roughly 2.9 million individuals, a figure that has been revised upward after further investigation.
[#]
Activision Blizzard has initiated an investigation into a malware campaign that steals user credentials, while also working to secure affected accounts by urging players to reset passwords and enable two-factor authentication.
[#]
A critical security concern has arisen due to a backdoor found in the xz/liblzma 5.6.0 and 5.6.1 releases that affects ssh servers, and users should urgently check their systems with the provided detection script and update their installations to avoid unauthorized access.
[#]
A botnet called TheMoon, first identified in 2014, has been reactivated and is exploiting outdated small office/home office routers and IoT devices to create a proxy service named Faceless, which cybercriminals use to conceal their activities.
[#]
Google will discontinue its Podcasts service in the U.S. on April 2, with a complete shutdown in July, steering users to export their subscriptions to YouTube Music or another platform.
[#]
Security researchers have discovered vulnerabilities in Dormakaba's hotel room locks that could allow attackers to create master keys and gain unauthorized access, but a fix from the company is already underway.
[#]
The U.S. Treasury sanctioned entities aiding Russian and Chinese cybersecurity threats, a new phishing kit targets MFA measures, and Chinese APTs conducted cyber espionage on ASEAN members.
[#]
Hot Topic experienced credential stuffing attacks potentially exposing customer personal and partial payment information; they have since enhanced their website and app security and advise customers to change their passwords.
[#]
Python Package Index temporarily stopped new user registrations and project creations to deal with a malware campaign that targeted developers with fake packages meant to steal sensitive data and persist on Windows systems after reboot.
[#]
A vulnerability allowing NTLM hash leaks through a Microsoft Teams "Website" tab via an Office URL scheme has been reported, but Microsoft deems it low severity as it requires user consent in Office applications, with no immediate fix planned.
[#]
Recent research highlights a significant risk in using AI language models for coding, as they frequently suggest imaginary code libraries, which can be exploited by attackers to distribute malware, and developers are advised to verify package legitimacy before implementation.
[#]
Cybersecurity firm Netcraft has identified a phishing-as-a-service platform called "Darcula" leveraging iMessage and RCS to target postal services worldwide, urging vigilance and verification to protect against such smishing attacks.
[#]
Cisco has published security updates to address 14 vulnerabilities in their IOS, IOS XE, and Access Point software, including critical remote denial-of-service attacks and one secure boot bypass, which administrators should apply promptly to maintain system protection.
[#]
Cybersecurity researchers uncovered a link between malware known as MS Drainer and attacks on Solana wallets, with leaked code suggesting a rise in crypto-targeting cyber threats.
[#]
A critical vulnerability, CVE-2023-50969, in Imperva SecureSphere Web Application Firewall version 14.7.0.40, allows attackers to bypass security rules and the solution is to apply an update released on February 26, 2024.
[#]
The website "Have I Been Pwned" provides a searchable database of data breaches, which users can use to check if their email addresses, passwords, or other personal information have been compromised in past cyber incidents.
[#]
XZ Utils versions 5.6.0 and 5.6.1 have been compromised with a backdoor allowing remote code execution, with the fix being to downgrade and check for system breaches.
[#]
A large botnet named Brutus, noticed since March 15th, is conducting brute force attacks using tens of thousands of unique and previously undisclosed usernames across various devices and IPs globally, with no clear connection, also involving two IPs previously associated with APT29, and the botnet's activities potentially link back to an undisclosed Microsoft breach.
[#]
The 'AllAboutBugBounty' repository on GitHub has a missing 'cross site scripting.md' file, and you need to return to the main repository page to find the information you seek.
[#]
Checkmarx Security Research Team uncovered a cyber attack on the software supply chain affecting over 170,000 users, utilizing false Python package repositories to inject malware into systems, requiring heightened verification of package sources and dependencies to prevent such breaches.
[#]
Sekoia analysts have reported an in-depth analysis of Tycoon 2FA, a prevalent phishing kit designed to bypass two-factor authentication, providing insights on its tactics and suggesting ways to monitor its infrastructure.
