HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

In a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local servers with the internet.

# Tradecraft

[#] The post introduces Incinerator, an advanced tool designed for reverse engineering Android malware, which can also be applied to security audits of non-malicious applications.
Read More @ reddit.com
[#] The discussion on r/netsec is about "Gram," a self-hosted web application for threat modeling, which integrates with system inventories for enhanced reporting, compliance, and diagram-driven analysis, targeting potential security threats in system designs.
Read More @ reddit.com
[#] Chiasmodon is a command-line OSINT tool for hackers to gather information on domains, including emails, credentials, and network infrastructure, which also allows for data output customization and is expanding to include searches by company name, phone number, and facial recognition.
Read More @ kitploit.com
[#] This article advises on alternative tools to Netcat for establishing secure connections during penetration testing, such as Rlwrap, Rustcat, Pwncat, and Windows ConPty shell, and provides installation and usage details for each.
Read More @ hackingarticles.in
[#] Tunnelmole provides a secure way to share your local server with the public internet by forwarding a public URL to your local host, making it easier to test and share your work without deploying code to a remote server.
Read More @ tunnelmole.com

# News

[#] A new malware named "Latrodectus" is being used in cyberattacks, which employs techniques to avoid detection by sandbox environments and may become more prevalent following efforts to shut down the related Qbot malware.
Read More @ scmagazine.com
[#] The US Department of State is investigating after classified government data was allegedly stolen by a hacker who accessed Acuity's IT using a GitHub zero-day vulnerability, but Acuity claims the data was not sensitive.
Read More @ theregister.com
[#] Acuity, a U.S. federal technology consulting firm, experienced a data breach through a GitHub zero-day vulnerability, leading to a leak of supposed Five Eyes intelligence communications and sensitive government and military information by IntelBroker, which the Department of Homeland Security claims contains test data.
Read More @ scmagazine.com
[#] Hoya Corporation is dealing with a cyberattack that took some servers offline, affecting production and order systems, and is now working on system restoration and investigating potential data breaches with external experts.
Read More @ bleepingcomputer.com
[#] A critical security vulnerability, CVE-2024-2879, in the WordPress LayerSlider plugin allows unauthenticated SQL injection attacks, and users must update to the patched version 7.10.1 to protect over 1 million sites.
Read More @ darkreading.com
[#] Cybersecurity researchers at Cisco Talos have identified a campaign by Vietnamese threat actors called CoralRaider, using malware such as RotBot to steal financial data across Asia through credential and social media account theft, employing Telegram for data exfiltration and trading the stolen information on underground markets.
Read More @ thehackernews.com
[#] On April 2, 2024, Jackson County experienced disruptions in IT systems due to a ransomware attack, affecting tax and license services, prompting officials to declare a state of emergency and close relevant offices until April 5 for recovery and investigation.
Read More @ malwarebytes.com
[#] Security researcher Barket Nowotarski has identified a new denial of service attack technique called "CONTINUATION Flood" which exploits the HTTP/2 protocol, causing web servers to crash by overwhelming them with multiple CONTINUATION frames without the 'END_HEADERS' flag, and server operators should update affected systems as many popular implementations including Node.js, Envoy, and Apache are vulnerable.
Read More @ bleepingcomputer.com
[#] Ivanti has promised to improve their security design and processes after serious vulnerabilities in their products were exploited, and they will be working on faster patch deployment and better customer support.
Read More @ theregister.com
[#] Cybersecurity experts have identified a phishing campaign that targets the oil and gas sector with evolved Rhadamanthys malware, capable of stealing data and evading detection, following a law enforcement takedown of the LockBit ransomware group.
Read More @ thehackernews.com
[#] AT&T is facing lawsuits after acknowledging that a 2019 data breach compromised personal information of 73 million customers, and has been accused of poor security and delayed breach notification.
Read More @ bleepingcomputer.com
[#] The U.S. State Department is investigating a cyber incident where a hacker, known as IntelBroker, claims to have leaked classified data from a government contractor Acuity, including personal details of Five Eyes alliance employees.
Read More @ bleepingcomputer.com
[#] The hosting company PowerHost's Chilean division IxMetro was hit by a new ransomware called SEXi, which encrypted their VMware ESXi servers and data backups, demanding an unsustainable bitcoin ransom, while security experts advise against paying, as most victims don't recover their data even after payment.
Read More @ bleepingcomputer.com
[#] SurveyLama, an online survey platform, confirmed that a February 2024 data breach exposed sensitive information of 4.4 million users, and impacted individuals are advised to reset their passwords immediately, especially if reused on other sites.
Read More @ bleepingcomputer.com
[#] A Reddit moderator points out that messages can be concealed using invisible Unicode characters, which could pose security risks if not addressed properly.
Read More @ reddit.com
[#] In 2023, the U.S. Department of Homeland Security's Cyber Safety Review Board criticized Microsoft for insufficient security after hackers, likely Chinese espionage group Storm-0558, used a six-year-old Azure signing key to access emails during an Exchange Online attack, an issue Microsoft has yet to fully explain or rectify.
Read More @ bleepingcomputer.com
[#] The Zodiac Killer's 340-character cipher, long a subject of mystery, has been resolved, providing new insights into the historical case.
Read More @ reddit.com
[#] Security researchers found a critical vulnerability in several D-Link NAS devices, with an estimated 92,000 devices at risk, and users should urgently update their firmware and change default passwords.
Read More @ securityonline.info
[#] ChatGPT's content and safety measures are being bypassed through various jailbreak prompts on hacker forums, leading to its use in sophisticated phishing attacks, while defenders employ tools like CheckGPT and advanced AI models to detect and counteract AI-generated malicious activity.
Read More @ packetstormsecurity.com
[#] Matthew Kierans pled guilty to stealing the identity of coworker William Donald Woods for over 30 years, resulting in Woods being wrongfully jailed and fined, while Kierans must now face up to 32 years in prison and pay a $1.25 million fine.
Read More @ packetstormsecurity.com
[#] Cybersecurity researchers have identified a new ransomware group named Red CryptoApp, known for publishing victims' names on a 'wall of shame' to coerce payments, with primary attacks on the US across multiple sectors, and protection involves regular data backups and phishing awareness.
Read More @ hackread.com
[#] Before the 2022 FIFA World Cup in Qatar, BlackTech hackers infiltrated a telecom provider's network and could have disrupted the event's communications, which was only discovered by NetWitness six months later, signaling the need for comprehensive security audits for such large-scale events.
Read More @ darkreading.com
[#] Hoya, a Japanese lens manufacturer, is investigating a cyber incident that stopped production and disrupted their ordering system, after unauthorized system access was detected on March 30.
Read More @ darkreading.com
[#] The Omni Hotels & Resorts' computer network was compromised by a cyberattack, causing system outages that affected bookings, payments, and door locks, with restoration efforts underway and a security firm investigating data loss.
Read More @ theregister.com
[#] Leicester City Council has acknowledged a data breach by ransomware group INC Ransom, who claim to have stolen 3 TB of data and leaked residents' personal documents online, prompting a response from local cybercrime authorities and advice for vigilance among those affected.
Read More @ theregister.com
[#] Google recently announced that forensic companies have exploited two zero-day Android flaws in Pixel phones, one causing information disclosure and the other allowing privilege escalation, and GrapheneOS suggests an auto-reboot feature to prevent such attacks.
Read More @ thehackernews.com
[#] Resecurity researchers discovered a new version of the JSOutProx malware attacking financial institutions in the APAC and MENA regions via GitLab abuse, and provide recovery and defensive measures against this persistent threat.
Read More @ securityaffairs.com
[#] Russian authorities have charged six individuals for executing card-skimming attacks that compromised over 160,000 payment card details which were sold on the dark web since late 2017.
Read More @ scmagazine.com
[#] Vulnerable drivers are being exploited in BYOVD attacks, allowing threat actors to gain kernel-level privileges and disable security solutions, but proactive measures like tamper protection and updated security practices can mitigate these threats.
Read More @ scmagazine.com
[#] City of Hope, a cancer treatment center, experienced a data breach affecting over 827,000 people with personal and medical information potentially stolen between September 19 and October 12, 2023.
Read More @ theregister.com
[#] Ivanti has patched four new vulnerabilities in Connect Secure and Policy Secure that could lead to code execution or denial-of-service attacks; users should update immediately.
Read More @ thehackernews.com
[#] Microsoft's new Outlook app for Windows is under scrutiny for reportedly sharing extensive user data with over 800 third parties, raising significant privacy concerns.
Read More @ schneier.com
[#] A new vulnerability in HTTP/2 protocol called CONTINUATION Flood allows attackers to send endless streams of CONTINUATION frames to a server, which can cause DoS attacks by using up server memory or CPU, and users should upgrade their software to avoid this issue.
Read More @ thehackernews.com
[#] A state-sponsored group, likely using the alias 'Jia Tan', nearly succeeded in a long-term effort to insert a backdoor into the XZ Utils compression tool used in Linux distributions, but their changes were discovered before causing widespread damage.
Read More @ wired.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-05

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins