// Jared Folkins

# Latest Podcast

# Description

A cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user's context, and it's suggested to not use WPA2 PSK for private networks.The Xen hypervisor got updated to fix handling of page table entries for superpages. Mahmoud Attia explains how to automate finding XSS vulnerabilities and avoid WAF detection using certain tools. A blog post explained how to create a backdoored Amazon Machine Image (AMI). Another post shows an exploit for BioTime software, allowing directory walking and code execution. A step-by-step method was given to analyze and get a malicious file from a site. MayflyHack has new cybersecurity resources like setting up a SCCM lab, network architecture, image creation, infrastructure deployment, and config management. The site itself provides tutorials for developing cyber security environments. Red Team Attack Lab uses real systems and vulnerabilities for offensive cybersecurity without cloud service costs. OpenGFW firewall is open-source, inspired by China's firewall. Using Validin, 36 phishing domains linked to Latrodectus were found. Global Socket helps to securely communicate through firewalls using encrypted traffic. Japan EQ Locator helps visualize earthquake data, available on GitHub.QuickStego hides text in images, while QuickCrypto does the same with encryption. A Local Privilege Escalation (LPE) vulnerability in macOS filesystems was discovered and patched. Samuel Groß discussed finding vulnerabilities in image format parsers that impact Apple's messenger apps. DroneXtract is softwre for analyzing DJI drone data. Articles explore Windows Containers creation and windows APIs. Web cache attacks can lead to site takeovers, but James Kettle suggests defenses like not caching error pages. FreeTube is a YouTube app for private viewing, and SearXNG is a private metasearch engine that doesn't track users.

# Tradecraft

[#] A cybersecurity enthusiast demonstrates how to exploit four vulnerabilities in the vm2 JavaScript sandbox to gain access to a Linux server, crack a hash to escalate privileges, and leverage script weaknesses for root access on a HackTheBox Codify challenge.
Read More @ gitlab.io
[#] Web cache vulnerabilities can expose sensitive information and should be monitored closely, with specific techniques like using underscores in headers and fuzzing with tools to identify and mitigate potential attacks.
Read More @ reddit.com
[#] The OSTE-Web-Log-Analyzer is a Python tool used for automating the analysis of web server logs to identify web application attacks, monitor request rates, and detect automated scanners.
Read More @ securityonline.info
[#] The C2 Cloud is a web-based command and control framework that streamlines penetration testing by managing multiple backdoor sessions through an easy-to-use interface with support for reverse TCP, HTTP, and HTTPS shells.
Read More @ securityonline.info
[#] Understanding and extracting Wi-Fi network passwords from Windows systems after a security breach requires either administrative privileges or the context of the user who set up the connection, highlighting the need to avoid WPA2 PSK for sensitive networks and instead use stronger, multi-factor authentication methods.
Read More @ r-tec.net
[#] An update has been made to the Xen hypervisor to fix an issue with how page table entries (PTEs) were managed for superpages, by adjusting the conditions under which the fast path is used and ensuring the PSE bit is not improperly cleared.
Read More @ xen.org
[#] Mahmoud Attia outlines a methodology for automating the discovery of XSS vulnerabilities using tools like waybackurls, gau, and Burp Suite, and offers strategies for avoiding WAF detection while testing.
Read More @ medium.com
[#] A blog post demonstrates how to create and distribute a backdoored Amazon Machine Image that can compromise an AWS account, highlighting the need for caution when using or making AMIs public.
Read More @ appsecco.com
[#] The repository details a security exploit for BioTime software, which includes multiple vulnerabilities allowing for directory traversal and potential remote code execution, demonstrated via a Python script.
Read More @ github.com
[#] The article demonstrates a step-by-step analysis of retrieving a malicious file from a website designed to redirect to a legitimate site, by mimicking a Google ad click, ultimately revealing how to obtain and decode the executable for further examination.
Read More @ huntress.com
[#] The Red Team Attack Lab is a virtual lab setup for offensive cybersecurity practice using realistic operating systems and vulnerabilities, which is managed locally using Vagrant and Ansible, avoiding the cost of cloud services.
Read More @ github.com
[#] The OpenGFW firewall is an open-source project inspired by China's Great Firewall, featuring full network protocol support, encrypted traffic detection, and powerful rule management for enhancing Linux security environments.
Read More @ com.br
[#] Using Validin, a passive DNS tool, 36 phishing domains associated with Latrodectus were uncovered by analyzing redirects and IP addresses, with a focus on domains redirecting to legit PDF hosting sites but used for malicious intent.
Read More @ embeeresearch.io
[#] Global Socket is a tool that allows two computers in separate private networks to establish secure communication through firewalls and NAT by initiating services like SSHD on one machine and connecting from another using a secret key and strong encryption.
Read More @ gsocket.io
[#] This text provides instructions on how to navigate the Japan EQ Locator's earthquake data visualization tool, which includes features for moving, zooming, and altering the view, and whose earthquake data comes from the Japan Meteorological Agency, with the source code available on GitHub.
Read More @ github.io
[#] QuickStego is a software that lets you conceal text within images, which only users of QuickStego can decipher, though it doesn't encrypt the text and for encrypted steganography, QuickCrypto is recommended, which also conceals files within images.
Read More @ quickcrypto.com
[#] A security researcher discovered a Local Privilege Escalation (LPE) vulnerability in macOS filesystems, allowing a user to gain root access by manipulating mount options, which was patched in updates from Apple for Ventura, Monterey and Sonoma.
Read More @ alter-solutions.fr
[#] Samuel Groß from Project Zero discusses vulnerabilities in image format parsers, particularly targeting interactionless code paths in messenger apps within the Apple ecosystem, using a low-overhead fuzzing approach to find and report multiple issues that were subsequently fixed, focusing on enhancing security by reducing attack surfaces and promoting continuous fuzz-testing by developers.
Read More @ blogspot.com
[#] DroneXtract is a digital forensics software suite used to analyze DJI drone data for things like flight paths and telemetry, with features for visualizing data, checking data integrity, and uncovering hidden information in media files.
Read More @ github.com
[#] A technical exploration into the creation of Windows Containers reveals the process of transforming a Job Object into a Server Silo using Windows APIs, aiming to understand the system's attack surface.
Read More @ quarkslab.com
[#] This article explains the steps involved in converting a standard Job Object into a Server Silo for Windows Containers, detailing key RPC calls and Kernel mechanisms.
Read More @ quarkslab.com
[#] Web cache attacks manipulate unkeyed inputs or exploit misconfigurations, allowing attackers to serve error pages or harmful payloads, and defenses include not caching error codes or sanitizing cache configurations.
Read More @ medium.com
[#] James Kettle's research presents a methodology for exploiting web cache key handling vulnerabilities to perform attacks such as site takeover and denial of service, and offers techniques to identify and exploit these vulnerabilities effectively.
Read More @ portswigger.net
[#] FreeTube is an open-source desktop application created for viewing YouTube content privately, without ads, and without using official YouTube APIs, thereby preventing Google from tracking your cookies and JavaScript, with additional features including subscriptions without an account, various theme support, and recommendations to use a VPN or Tor for enhanced privacy.
Read More @ github.com
[#] SearXNG is a privacy-focused metasearch engine that compiles results from various search services without tracking or profiling its users, offering documentation for use and development, and is open for community contributions via GitHub.
Read More @ github.com

# News

[#] The U.S. Department of Health and Human Services advises healthcare sector IT help desks to enhance verification processes, as attackers impersonate employees to enroll rogue multi-factor authentication devices and redirect financial transactions.
Read More @ bleepingcomputer.com
[#] Cisco has informed customers about a cross-site scripting vulnerability in end-of-life small business routers, advising to disable remote management and block relevant ports as there will be no patch released.
Read More @ securityaffairs.com
[#] Cybercriminals are exploiting a critical Magento flaw, tracked as CVE-2024-20720, to plant backdoors for stealing payment data, with six individuals recently charged in Russia for related crimes, requiring merchants to apply Adobe's February security updates promptly.
Read More @ thehackernews.com
[#] Over 92,000 D-Link NAS devices are at risk due to an arbitrary command injection flaw and a hardcoded backdoor account, users should stop using these unsupported models and update to secure devices.
Read More @ bleepingcomputer.com
[#] Terraform Labs and its founder were found guilty of fraud for lying about the stability of their Terra coin, leading to $40 billion in damages, with the founder now in custody for multiple criminal cases.
Read More @ web3isgoinggreat.com
[#] A Bing advertisement falsely representing NordVPN was discovered to distribute the SecTopRAT malware, prompting the removal of the malicious Dropbox account and an ongoing investigation into the active malvertising campaign.
Read More @ scmagazine.com
[#] Dell has patched a high-severity BIOS vulnerability impacting PowerEdge and Precision Rack servers which could have allowed unauthorized privilege escalation; users should apply the update immediately.
Read More @ securityonline.info
[#] Cybersecurity firm Wiz.io has discovered vulnerabilities in the AI service Hugging Face that could allow attackers to execute code and access private AI models, prompting collaboration between the two companies to enhance security measures.
Read More @ hackread.com
[#] Panera Bread experienced a significant IT outage on March 22, affecting ordering systems and raising concerns about a potential ransomware attack, but they have resumed operations without confirming the cause.
Read More @ darkreading.com
[#] The Kaspersky fan club forum experienced a data breach affecting 57,000 users and the Russian Prosecutor's Office was also hacked, leaking criminal records; users should reset passwords and be cautious of phishing attempts.
Read More @ hackread.com
[#] Magento stores are being attacked by malware exploiting CVE-2024-20720, which inserts a persistent backdoor in the XML code, along with stealing payment info, requiring merchants to scan for backdoors and update to the latest Magento versions to prevent further compromise.
Read More @ securityonline.info
[#] Recent Windows 10 updates have disrupted Microsoft Connected Cache node discovery, but administrators can restore functionality using DOCacheHost policy configuration or Group Policies as temporary measures while Microsoft works on a solution.
Read More @ bleepingcomputer.com
[#] Xen Security Advisory CVE-2015-7835 (XSA-148) indicates a vulnerability where Paravirtualization (PV) guests could create large writable page mappings that might allow malicious administrators to take control of a system, with patches available for Xen versions 3.4 and newer to fix the issue.
Read More @ xen.org
[#] Brazilian law enforcement, trained by The Exodus Road at TraffickWatch Academy and equipped with Cellebrite's digital investigative tools, rescued a teenager from human traffickers and exposed an international criminal network.
Read More @ cellebrite.com
[#] The error message indicates that the web page you are trying to access is missing on the server, and the solution is to ensure that the URL is correct, the filename matches precisely, and proper file permissions are set.
Read More @ github.io
[#] The Linux 6.5 kernel has a vulnerability identified as CVE-2024-26630, where a pointer leak can occur due to a read-after-type-change in the cachestat() function, and users should apply the provided fix to prevent potential security breaches.
Read More @ packetstormsecurity.com
[#] A malicious campaign has been detected by AhnLab Security Intelligence Center, exploiting Google Ads tracking to distribute malware, which impersonates legitimate installer files for apps like Notion and Slack, and injects Rhadamanthys malware into Windows system files to steal user data.
Read More @ ahnlab.com
[#] An Israeli intelligence leader accidentally revealed his identity online due to a security oversight linked to a book he published under a pseudonym about AI in warfare.
Read More @ theguardian.com
[#] The page titled "My interesting researches" cannot be located, suggesting a need to check the website's structure or update the link to provide the intended information.
Read More @ github.io

# F.A.Q


Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.


I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.


FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.


I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.


This isn't an Ad.

current friend of haq 2024-04-07

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Jared Folkins