HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

Today, AttackGen is a cybersecurity tool for creating scenarios to test incident responses. A blog recommends more secure Wi-Fi password practices. There’s a GitHub Ansible playbooks for fixing a vulnerability CVE-2024-3094. An article offers a comprehensive guide to phishing investigations using Microsoft tools. White Knight Labs' GitHub focuses on cyber operations tools. Cofense specializes in cyber threat training and detection. Rundll32.exe exploitation is tackled by Cybereason's AI platform per another article. Bsides Cymru 2023 introduced a method for process injection without traditional threads. OffSec EXP-401 course gives insight into exploit development. Windows HOSTS file management is explained for enhancing security. Monitoring Windows services is crucial for protecting against malicious activities. Payload-Generator simplifies Cobalt Strike payload building. Huntress analysts found ransomware misuse of data backup tools. A cloud penetration test showed a new technique for lateral movement exploiting PSRemoting. Taherio/redi on GitHub scripts the setup of CobaltStrike redirectors. A resource offers cybersecurity techniques for penetration testing. Tim Bandos emphasizes using MITRE's ATT&CK Framework for threat hunting. Vulnerability Management bootcamp helps start cybersecurity careers. A Cobalt Strike setup guide explains various red team operation techniques. FortyNorth Security's tool EDD is for domain data enumeration. A course teaches creating a detection playbook in Security Onion 2.3. HOPain OSINT Search Tools Version 2.0 gathers open-source intelligence. Fast-recon Python script automates sensitive file searches for domains. Web-traffic-generator simulates web traffic. Splunk Attack Range builds cyber attack simulations. Subdomain fuzzing nets a $35,000 bug bounty. Nemanja Mijailovic shares how to download Bandcamp albums not in a user's collection.

# Tradecraft

[#] AttackGen is a tool designed for cybersecurity professionals to test incident response using scenarios generated by artificial intelligence based on the MITRE ATT&CK framework, with options for deployment as a Docker container and feedback mechanisms for scenario quality.
Read More @ kitploit.com
[#] The blog details techniques for extracting saved Wi-Fi network passwords post-system compromise, emphasizing the risks of WPA2 PSK security and recommending the use of WPA2/3 Enterprise with multi-factor authentication for better protection.
Read More @ r-tec.net
[#] A repository on GitHub provides Ansible playbooks to detect and fix a security vulnerability known as CVE-2024-3094 within the XZ compression utility on Linux systems.
Read More @ github.com
[#] The article provides a comprehensive phishing investigation guide, detailing prerequisites, workflow, and step-by-step instructions for using Microsoft tools and PowerShell scripts to identify and respond to email threats in an organizational environment.
Read More @ microsoft.com
[#] White Knight Labs' GitHub profile showcases repositories focused on cyber operations, including malware, command execution via WMI, and Cobalt Strike tool development.
Read More @ github.com
[#] To defend against cyber threats including business email compromise, credential theft, malware, QR code phishing, ransomware, smishing, and vishing, Cofense provides training, email threat detection and response, phishing intelligence, and compares favorably with competitors.
Read More @ cofense.com
[#] Rundll32.exe, a Microsoft tool, is used by cyber attackers to load and execute malicious code, often evading detection, but Cybereason's AI-driven platform can detect and visualize such threats for quicker response and remediation.
Read More @ cybereason.com
[#] The GitHub repository 'CCob/ThreadlessInject' showcases a technique for process injection without traditional methods, by using remote function hooking, as presented at Bsides Cymru 2023.
Read More @ github.com
[#] A detailed review of the OffSec EXP-401 Advanced Windows Exploitation course covers complex exploit development, with personal insights on the difficulty and value of each day's content.
Read More @ voidsec.com
[#] The information details how to use, update, and manage the HOSTS file in Windows to block unwanted internet connections, enhancing computer security and privacy by preventing ads and tracking, with specific instructions and tools provided for various versions of Windows.
Read More @ mvps.org
[#] Monitoring Windows services is essential for cybersecurity as attackers can use them to execute malicious code with high privileges, persist on systems across reboots, and interfere with legitimate processes or security software, and using tools and patterns to detect unusual service activity can help mitigate this threat.
Read More @ detect.fyi
[#] The Payload-Generator is an aggressor script for Cobalt Strike designed to simplify the process of building payloads, specifically by automating C# binary creation with MSBUILD.
Read More @ github.com
[#] Huntress analysts discovered a ransomware group using data backup utilities to exfiltrate information from compromised systems, and recommend close monitoring of such tools for unusual activity.
Read More @ huntress.com
[#] A recent cloud penetration test revealed a method of lateral movement from a Microsoft cloud environment to on-premise machines using PSRemoting, which was achieved by obtaining contributor privileges on a resource group, leveraging permissions on a Function App and its hybrid connections, and exploiting managed identity access to a Key Vault.
Read More @ whiteknightlabs.com
[#] The GitHub repository taherio/redi provides a script that automates the setup of CobaltStrike redirectors using nginx for HTTP/HTTPS traffic or dnsmasq for DNS requests, with automatic letsencrypt SSL certificate configuration for secure communication.
Read More @ github.com
[#] The resource provides practical cybersecurity techniques for penetration testing and security exploitation, including code snippets and commands for various attacks such as SQL injection, Active Directory attacks, code execution, and persistence tactics.
Read More @ ired.team
[#] Tim Bandos at Digital Guardian shows how to use MITRE's ATT&CK Framework for high fidelity threat hunting, focusing on detecting and countering specific techniques like Macro Execution, Command Obfuscation, and Regsvr32's AppLocker bypass.
Read More @ digitalguardian.com
[#] Tim Bandos shares advanced methods for using the MITRE ATT&CK framework to hunt for cyber threats, focusing on detecting command and control activities, lateral movement, and data exfiltration to strengthen cybersecurity defenses.
Read More @ digitalguardian.com
[#] A detailed guide on starting a career in cybersecurity through Vulnerability Management, offering a hands-on bootcamp with exercises on using Nessus for network scanning and analysis.
Read More @ shellsharks.com
[#] The text is a guide on setting up and using Cobalt Strike, including creating listeners, generating payloads, commanding beacons, and utilizing advanced features like argument spoofing, process injection, keylogging, and browser pivoting for red team operations.
Read More @ github.com
[#] FortyNorth Security developed a .NET tool named EDD for domain data enumeration, enhancing capabilities similar to PowerView with functions for retrieving domain details, identifying kerberoastable user accounts, and locating users or groups across network workstations, and welcomes community contributions on GitHub.
Read More @ fortynorthsecurity.com
[#] This course teaches how to create a detection playbook in Security Onion 2.3, covering installation, detection writing with Suricata and Sigma, playbook creation, and operational deployment across various log sources.
Read More @ securityonionsolutions.com
[#] The HOPain OSINT Search Tools Version 2.0 serves as a comprehensive resource for conducting open-source intelligence gathering across various platforms such as social media, search engines, and databases, providing tools to find information ranging from email addresses to data breaches.
Read More @ surge.sh
[#] The repository "fast-recon" by Dan McInerney contains a Python script that automates the process of using Google and Pastebin searches to find potentially sensitive files associated with a specific domain.
Read More @ github.com
[#] The web-traffic-generator is a simple Python script for creating simulated "organic" web traffic by randomly browsing the internet starting from predefined URLs, useful for network defense simulations.
Read More @ github.com
[#] The Splunk Attack Range is a project for building and simulating cyber attacks in controlled environments to develop and test detection systems.
Read More @ github.com
[#] Abdullah Nawaf and Orwa Atyat combined subdomain fuzzing with exploitation of multiple security vulnerabilities to successfully achieve remote code execution, which resulted in a $35,000 bug bounty reward.
Read More @ medium.com
[#] Nemanja Mijailovic describes how to reverse engineer the Bandcamp mobile app to download albums that have been removed from the user's collection using the app's API, overcoming obfuscated code and authentication challenges.
Read More @ mijailovic.net

# News

[#] A malware named "Latrodectus", likely evolved from the banking trojan IcedID, uses sandbox evasion tactics to ensure its malicious payloads infect real victims and has been actively distributed by threat actor TA578 via contact form impersonation since mid-January 2024.
Read More @ packetstormsecurity.com
[#] Ivanti, a company specializing in remote-access technologies, is overhauling its security model by enhancing engineering, security management, and partnerships, while also introducing AI-driven tools for document search and call routing to address recent severe vulnerabilities in their products.
Read More @ packetstormsecurity.com
[#] Cisco has alerted users about a cross-site scripting vulnerability in some of their small business routers no longer supported, advising a switch to devices that still get security updates.
Read More @ packetstormsecurity.com
[#] Microsoft resolved a Sysprep error 0x80073cf2 on Windows 10 version 22H2 by releasing the KB5035941 update, with a manual fix involving removing a specific Microsoft Edge package via PowerShell.
Read More @ bleepingcomputer.com
[#] Cybercriminals are exploiting high interest in AI by hijacking Facebook profiles and running malvertising campaigns that trick users into downloading password-stealing malware pretended to be AI services, with a recent fake Midjourney page affecting 1.2 million followers before being shut down by Facebook.
Read More @ bleepingcomputer.com
[#] IntelBroker hacker group leaked personal information of over 22,000 Home Depot employees, excluding customer data, and the United States Department of Justice is investigating the breach.
Read More @ hackread.com
[#] Omni Hotels & Resorts experienced a significant cyberattack disrupting its operations over Easter, prompting an investigation with cybersecurity experts to determine data impact and system restoration.
Read More @ scmagazine.com
[#] Acuity, a federal contractor, acknowledged a security breach in GitHub repositories resulted in the theft of outdated non-sensitive government data, with no current sensitive client data affected, and measures are being implemented to prevent future incidents.
Read More @ bleepingcomputer.com
[#] Microsoft has been criticized by the US Cybersecurity and Infrastructure Security Agency for security failures that allowed cyber-espionage by nation-states, yet continues to receive substantial government contracts without strict cybersecurity compliance requirements.
Read More @ theregister.com
[#] Researchers have uncovered vulnerabilities in AI service platforms that could let attackers hijack shared infrastructures, recommending the use of sandboxed environments and stringent access controls to mitigate risks.
Read More @ thehackernews.com
[#] Over 4.4 million users of SurveyLama had their personal data including hashed passwords breached, and the company has initiated a universal password reset while the method of breach remains unknown.
Read More @ scmagazine.com
[#] Panera Bread's IT systems were paralyzed by a ransomware attack, which disrupted sales and customer services, until partial recovery via backups.
Read More @ bleepingcomputer.com
[#] A security flaw in self-service check-in terminals at Ibis budget hotels was exposing room keycodes, which after being discovered, was promptly fixed by the hotel chain.
Read More @ theregister.com
[#] The FCC is seeking updates from telecommunication providers about efforts and incidents related to securing the Signal System 7 (SS7) and Diameter protocols against unauthorized location tracking and other vulnerabilities.
Read More @ schneier.com
[#] Fake Adobe Acrobat Reader installers are distributing Byakugan malware, which uses techniques like DLL hijacking and UAC bypass to infect systems, evade security solutions, and perform various harmful activities including data theft and cryptocurrency mining.
Read More @ thehackernews.com
[#] Qlik has fixed a high severity privilege escalation vulnerability in QlikView identified as CVE-2024-29863, and users should update immediately to patched versions May 2023 SR2 or May 2022 SR3.
Read More @ securityonline.info
[#] Over 11,000 Australian businesses were victims of a phishing campaign using Agent Tesla malware, which is known for stealing information and can be controlled remotely via Telegram or Discord; updates and staff training are advised to mitigate risks.
Read More @ darkreading.com
[#] A recent malvertising campaign on Bing that impersonates NordVPN has been deploying a remote access trojan named SecTopRAT, but Malwarebytes customers can block it using DNS Filtering and the malicious download has been removed by Dropbox.
Read More @ malwarebytes.com
[#] A new malware called Latrodectus, used by initial access brokers to bypass sandbox detection, is gaining momentum through email campaigns after the disruption of the QBot malware.
Read More @ darkreading.com
[#] A new version of Babuk ransomware called SEXi is targeting VMware ESXi servers, demanding large ransoms and using the secure messaging app Session for communication, with recommendations to patch systems, secure ESXi environments, and backup data for protection.
Read More @ darkreading.com
[#] A critical flaw in pgAdmin, CVE-2024-3116, could let attackers run malicious code on database servers and administrators should update to version 8.5 to fix it.
Read More @ securityonline.info
[#] Financial organizations in the Asia-Pacific and Middle East are being targeted by the evolving JSOutProx malware, which uses JavaScript and .NET to load malicious plugins for data theft and has recently been spread through fake financial email notifications.
Read More @ thehackernews.com
[#] Multiple hacker groups with links to China have exploited security vulnerabilities in Ivanti appliances, using complex malware to gain access, with researchers tracking and naming these threat actors to better understand and counter their methods.
Read More @ thehackernews.com
[#] Researchers uncovered that Apple's built-in apps extensively track user data, and found the privacy settings are not only hard to navigate but also poorly documented, suggesting a need for more transparent and centralized privacy controls.
Read More @ theregister.com
[#] Cybercriminals are using fake Bing ads to trick users into downloading a fraudulent NordVPN installer containing SecTopRAT malware, which can steal data and control infected systems; users should download software only from official sites and employ robust security measures.
Read More @ securityonline.info
[#] Yubico has fixed a privilege escalation bug in YubiKey Manager for Windows, and users should update to version 1.2.6 or later to prevent attackers from gaining admin rights.
Read More @ securityonline.info
[#] The Byakugan Malware steals data using a deceptive PDF, uses a multi-stage infection process, and evades detection by blending legitimate and malicious elements, with solutions including updating security software and practicing caution with unknown links or attachments.
Read More @ securityonline.info
[#] Cisco Talos has exposed a cybercrime group from Vietnam called CoralRaider, which uses sophisticated malware to steal credentials and financial data from users in multiple Asian countries.
Read More @ securityonline.info
[#] Apache CloudStack has patched three security issues, including a critical vulnerability, and administrators should update their systems to versions 4.18.1.1 or 4.19.0.1 to protect their infrastructure.
Read More @ securityonline.info
[#] The QakBot malware, originally a banking trojan, has resurfaced with new evasion techniques including using the srtasks.exe process for persistence, requiring updated security measures to detect and remove it.
Read More @ securityonline.info
[#] The Japanese company Hoya has experienced a significant cybersecurity incident affecting its IT systems, leading to a halt in some production and sales, with ongoing investigations to determine the extent of any data breaches and the impact on business performance.
Read More @ theregister.com
[#] Visa has detected a new phishing campaign distributing JsOutProx, a remote access trojan targeting financial institutions and their customers, with recommended actions including awareness, secure technologies, and transaction monitoring for mitigation.
Read More @ bleepingcomputer.com
[#] Researchers have identified a new malware called Latrodectus, which is similar to the IcedID loader, and it is mainly spread via phishing emails, often masquerading as fake copyright infringement notices with links leading to malicious JavaScript files designed to evade detection and download further malware payloads.
Read More @ bleepingcomputer.com
[#] MalwareURL provides cyber protection and threat intelligence services, including blacklists and a portal for monitoring threats, with a free trial available.
Read More @ malwareurl.com
[#] SEED Labs has updated their VM setup instructions for students with Apple Silicon machines to use VMWare Fusion Player and now supports Ubuntu 22.04, while continuing to offer resources and cloud setup options for older Ubuntu versions.
Read More @ seedsecuritylabs.org
[#] A detailed analysis of a sophisticated phishing scam masquerading as Paypal was performed, highlighting fake email addresses, a cloned website for credential harvesting, and subsequent steps to report and blacklist the malicious domain.
Read More @ purpl3f0xsecur1ty.tech
[#] Attackers are exploiting the CVE-2024-20720 vulnerability in Magento to insert a backdoor within XML code, requiring immediate patching to versions 2.4.6-p4, 2.4.5-p6, or 2.4.4-p7 and a thorough scan for indicators of compromise.
Read More @ securityaffairs.com
[#] Nozomi Networks Labs recently exposed multiple security flaws in DJI Mavic 3 drones during WiFi transfer mode, with patch details to be shared after fixes are applied.
Read More @ nozominetworks.com
[#] Nozomi Networks discovered vulnerabilities in DJI Mavic 3 drones that could lead to unauthorized data access, and recommends users update their drone firmware to protect against potential security risks.
Read More @ nozominetworks.com
[#] A security issue in HTTP/2 known as CONTINUATION Flood allows an attacker to send endless header streams that can exhaust server memory or CPU, leading to crashes or degraded performance, impacting a large portion of internet traffic and requiring updates for many server implementations to resolve.
Read More @ nowotarski.info
[#] A recent report details a significant race condition vulnerability in Medium's clap feature, affecting article visibility and potential earnings, with a proof of concept provided and the exploit disclosed after a failed bounty negotiation.
Read More @ medium.com

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-06

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins