# Latest Podcast
# Description
In a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local servers with the internet.
# Tradecraft
[#]
The post introduces Incinerator, an advanced tool designed for reverse engineering Android malware, which can also be applied to security audits of non-malicious applications.
[#]
The discussion on r/netsec is about "Gram," a self-hosted web application for threat modeling, which integrates with system inventories for enhanced reporting, compliance, and diagram-driven analysis, targeting potential security threats in system designs.
[#]
Chiasmodon is a command-line OSINT tool for hackers to gather information on domains, including emails, credentials, and network infrastructure, which also allows for data output customization and is expanding to include searches by company name, phone number, and facial recognition.
[#]
This article advises on alternative tools to Netcat for establishing secure connections during penetration testing, such as Rlwrap, Rustcat, Pwncat, and Windows ConPty shell, and provides installation and usage details for each.
# News
[#]
A new malware named "Latrodectus" is being used in cyberattacks, which employs techniques to avoid detection by sandbox environments and may become more prevalent following efforts to shut down the related Qbot malware.
[#]
The US Department of State is investigating after classified government data was allegedly stolen by a hacker who accessed Acuity's IT using a GitHub zero-day vulnerability, but Acuity claims the data was not sensitive.
[#]
Acuity, a U.S. federal technology consulting firm, experienced a data breach through a GitHub zero-day vulnerability, leading to a leak of supposed Five Eyes intelligence communications and sensitive government and military information by IntelBroker, which the Department of Homeland Security claims contains test data.
[#]
Hoya Corporation is dealing with a cyberattack that took some servers offline, affecting production and order systems, and is now working on system restoration and investigating potential data breaches with external experts.
[#]
A critical security vulnerability, CVE-2024-2879, in the WordPress LayerSlider plugin allows unauthenticated SQL injection attacks, and users must update to the patched version 7.10.1 to protect over 1 million sites.
[#]
Cybersecurity researchers at Cisco Talos have identified a campaign by Vietnamese threat actors called CoralRaider, using malware such as RotBot to steal financial data across Asia through credential and social media account theft, employing Telegram for data exfiltration and trading the stolen information on underground markets.
[#]
On April 2, 2024, Jackson County experienced disruptions in IT systems due to a ransomware attack, affecting tax and license services, prompting officials to declare a state of emergency and close relevant offices until April 5 for recovery and investigation.
[#]
Security researcher Barket Nowotarski has identified a new denial of service attack technique called "CONTINUATION Flood" which exploits the HTTP/2 protocol, causing web servers to crash by overwhelming them with multiple CONTINUATION frames without the 'END_HEADERS' flag, and server operators should update affected systems as many popular implementations including Node.js, Envoy, and Apache are vulnerable.
[#]
Ivanti has promised to improve their security design and processes after serious vulnerabilities in their products were exploited, and they will be working on faster patch deployment and better customer support.
[#]
Cybersecurity experts have identified a phishing campaign that targets the oil and gas sector with evolved Rhadamanthys malware, capable of stealing data and evading detection, following a law enforcement takedown of the LockBit ransomware group.
[#]
AT&T is facing lawsuits after acknowledging that a 2019 data breach compromised personal information of 73 million customers, and has been accused of poor security and delayed breach notification.
[#]
The U.S. State Department is investigating a cyber incident where a hacker, known as IntelBroker, claims to have leaked classified data from a government contractor Acuity, including personal details of Five Eyes alliance employees.
[#]
The hosting company PowerHost's Chilean division IxMetro was hit by a new ransomware called SEXi, which encrypted their VMware ESXi servers and data backups, demanding an unsustainable bitcoin ransom, while security experts advise against paying, as most victims don't recover their data even after payment.
[#]
SurveyLama, an online survey platform, confirmed that a February 2024 data breach exposed sensitive information of 4.4 million users, and impacted individuals are advised to reset their passwords immediately, especially if reused on other sites.
[#]
A Reddit moderator points out that messages can be concealed using invisible Unicode characters, which could pose security risks if not addressed properly.
[#]
In 2023, the U.S. Department of Homeland Security's Cyber Safety Review Board criticized Microsoft for insufficient security after hackers, likely Chinese espionage group Storm-0558, used a six-year-old Azure signing key to access emails during an Exchange Online attack, an issue Microsoft has yet to fully explain or rectify.
[#]
The Zodiac Killer's 340-character cipher, long a subject of mystery, has been resolved, providing new insights into the historical case.
[#]
Security researchers found a critical vulnerability in several D-Link NAS devices, with an estimated 92,000 devices at risk, and users should urgently update their firmware and change default passwords.
[#]
ChatGPT's content and safety measures are being bypassed through various jailbreak prompts on hacker forums, leading to its use in sophisticated phishing attacks, while defenders employ tools like CheckGPT and advanced AI models to detect and counteract AI-generated malicious activity.
[#]
Matthew Kierans pled guilty to stealing the identity of coworker William Donald Woods for over 30 years, resulting in Woods being wrongfully jailed and fined, while Kierans must now face up to 32 years in prison and pay a $1.25 million fine.
[#]
Cybersecurity researchers have identified a new ransomware group named Red CryptoApp, known for publishing victims' names on a 'wall of shame' to coerce payments, with primary attacks on the US across multiple sectors, and protection involves regular data backups and phishing awareness.
[#]
Before the 2022 FIFA World Cup in Qatar, BlackTech hackers infiltrated a telecom provider's network and could have disrupted the event's communications, which was only discovered by NetWitness six months later, signaling the need for comprehensive security audits for such large-scale events.
[#]
Hoya, a Japanese lens manufacturer, is investigating a cyber incident that stopped production and disrupted their ordering system, after unauthorized system access was detected on March 30.
[#]
The Omni Hotels & Resorts' computer network was compromised by a cyberattack, causing system outages that affected bookings, payments, and door locks, with restoration efforts underway and a security firm investigating data loss.
[#]
Leicester City Council has acknowledged a data breach by ransomware group INC Ransom, who claim to have stolen 3 TB of data and leaked residents' personal documents online, prompting a response from local cybercrime authorities and advice for vigilance among those affected.
[#]
Google recently announced that forensic companies have exploited two zero-day Android flaws in Pixel phones, one causing information disclosure and the other allowing privilege escalation, and GrapheneOS suggests an auto-reboot feature to prevent such attacks.
[#]
Resecurity researchers discovered a new version of the JSOutProx malware attacking financial institutions in the APAC and MENA regions via GitLab abuse, and provide recovery and defensive measures against this persistent threat.
[#]
Vulnerable drivers are being exploited in BYOVD attacks, allowing threat actors to gain kernel-level privileges and disable security solutions, but proactive measures like tamper protection and updated security practices can mitigate these threats.
[#]
City of Hope, a cancer treatment center, experienced a data breach affecting over 827,000 people with personal and medical information potentially stolen between September 19 and October 12, 2023.
[#]
Ivanti has patched four new vulnerabilities in Connect Secure and Policy Secure that could lead to code execution or denial-of-service attacks; users should update immediately.
[#]
Microsoft's new Outlook app for Windows is under scrutiny for reportedly sharing extensive user data with over 800 third parties, raising significant privacy concerns.
[#]
A new vulnerability in HTTP/2 protocol called CONTINUATION Flood allows attackers to send endless streams of CONTINUATION frames to a server, which can cause DoS attacks by using up server memory or CPU, and users should upgrade their software to avoid this issue.
[#]
A state-sponsored group, likely using the alias 'Jia Tan', nearly succeeded in a long-term effort to insert a backdoor into the XZ Utils compression tool used in Linux distributions, but their changes were discovered before causing widespread damage.
