// Jared Folkins

# Latest Podcast

# Description

In this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in the Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit's scripts for updates.

# Tradecraft

[#] CloudGrappler is a new security tool that simplifies the search for high-quality threat data in cloud environments like AWS and Azure, by scanning for specific events and providing reports and recommendations to improve security.
Read More @ kitploit.com
[#] The blog post discusses GMER, a tool for uncovering stealthy rootkits hidden in Windows kernel mode, which is crucial for cybersecurity defense measures.
Read More @ reddit.com
[#] Cobalt Strike is a post-exploitation toolset that can be expanded with community-created scripts, and the Community Kit serves as a central collection of these resources, offering a downloadable script for easy updates or acquisition of the entire suite.
Read More @ github.com
[#] NativeDump is a tool that captures the lsass process memory without using the standard MinidumpWriteDump function, creating a Minidump by manual process with only the essential streams, which works on Windows 10 and 11 and can evade some security detections.
Read More @ github.com
[#] The Wayback Google Analytics tool is designed for cyber investigators to collect Google Analytics codes from websites across different time periods to aid in uncovering connections between sites in OSINT investigations.
Read More @ github.com
[#] CHAOS is an open-source Remote Administration Tool (RAT) that can create binaries to control remote systems, with features like reverse shell, file management, and system information retrieval; it can be installed locally, via Docker, or deployed on Heroku.
Read More @ github.com
[#] A security researcher discovered a command injection vulnerability in the CHAOS RAT v5.01 web panel, allowing remote execution of commands via spoofed agent callbacks, and has published a proof of concept on GitHub to demonstrate the exploit.
Read More @ chebuya.com
[#] The content provides a walkthrough of detecting and responding to a simulated cyber attack using Sysmon and Windows Event Logs, showcasing how an attacker can escalate privileges and the steps a defender takes to identify and mitigate the attack.
Read More @ github.com
[#] Auditor is an open-source app that checks if your phone's operating system is free from malware like Pegasus by sending regular integrity certifications to your email.
Read More @ medium.com

# News

[#] ALPHV/BlackCat ransomware group has enhanced their money laundering activities, moving $3.5 million in bitcoin through mixers, following a lucrative attack on UnitedHealth Group's Change Healthcare, amidst internal disputes and fake disbanding claims.
Read More @ scmagazine.com
[#] Nearly 8.5 million individuals' personal data was exposed in a U.S. Environmental Protection Agency breach, with the Cybersecurity and Infrastructure Security Agency now informed.
Read More @ scmagazine.com
[#] The U.S. Department of Health alerts healthcare IT help desks of sophisticated social engineering attacks aimed at enrolling new devices for multi-factor authentication to access and divert payments, highlighting the use of AI voice imitation and providing mitigation strategies like call-back verification and help desk training.
Read More @ securityaffairs.com
[#] Acuity, a federal technology consulting firm, has stated that a recent breach only involved outdated and non-sensitive data contrary to IntelBroker's claim of significant government and military information theft, with Acuity taking prompt action to address the vulnerability in its Tekton CI/CD server.
Read More @ scmagazine.com
[#] Google Chrome has introduced a V8 Sandbox feature to isolate potential memory corruption within the JavaScript engine, reducing the risk of security breaches with minimal performance impact.
Read More @ thehackernews.com
[#] Recent cyber incidents include Acuity's GitHub breach, Prudential Insurance's data compromise, PandaBuy's customer information theft, Russian criminal record exposure by RGB-TEAM, and suspected ransomware disabling Jackson County's IT systems, alongside reported vulnerabilities and AI usage in elections, with solutions ranging from patch updates to heightened security measures.
Read More @ checkpoint.com
[#] A fake Bing ad for NordVPN was actually for SecTopRAT, a trojan, and despite being removed from Dropbox, the malicious campaign persists, redirecting to a new domain.
Read More @ packetstormsecurity.com
[#] Crowdfense is offering up to $30 million for new zero-day exploits for mobile operating systems and browsers, with specific bounties detailed for full-chain exploits deliverable via SMS or MMS, as well as for remote code execution and sandbox escapes.
Read More @ packetstormsecurity.com
[#] Researchers at ETH Zurich have revealed a new form of cyber attack called Ahoi which compromises confidential virtual machines by exploiting vulnerabilities in hardware-based security technologies used by AMD and Intel, with Linux kernel patches now available to address the issue.
Read More @ packetstormsecurity.com
[#] A security flaw in HTML email allows content to change when forwarded, so use text-only emails and open links and attachments in isolated virtual machines to stay safe.
Read More @ schneier.com
[#] Change Healthcare faces a second extortion attempt by a ransomware group named RansomHub that claims possession of 4 TB of sensitive data, shortly after allegedly settling with a $22 million ransom for a previous attack by ALPHV.
Read More @ theregister.com
[#] Security teams should be aware of a new malicious software named Latrodectus that evades detection and spreads through phishing emails to deliver additional malware and execute commands remotely.
Read More @ thehackernews.com
[#] The Notepad++ development team warns of a counterfeit website impersonating the official one and asks the public to help report it for potential security risks and trademark infringement.
Read More @ bleepingcomputer.com
[#] Cybercriminals target Latin America with a sophisticated phishing scheme that delivers malware via email attachments and evades detection by varying its behavior based on the recipient's IP address.
Read More @ thehackernews.com
[#] Google is suing two developers for tricking over 100,000 users into downloading fake crypto investment apps, resulting in significant financial loss.
Read More @ thehackernews.com
[#] The cybercriminal group Solar Spider is using an updated JavaScript remote access Trojan named JSOutProx to target financial institutions in the Middle East, and companies can defend against it by training employees to recognize suspicious communication and ensuring thorough incident investigation and remediation.
Read More @ darkreading.com
[#] Yossi Sariel, head of Israel's cyber spy unit Unit 8200, was inadvertently revealed as the author of an intelligence AI book due to a link to his personal email, while security vulnerabilities in Android Pixel devices and other systems require immediate updating to mitigate exploitation risks.
Read More @ theregister.com
[#] Cybercriminals in Latin America are using phishing emails with ZIP files that appear to be invoices but actually contain malware-loaded HTML files that redirect users in Mexico to a captcha page which then leads to the downloading of a PowerShell script designed to steal sensitive information.
Read More @ securityonline.info
[#] KUIPER is a cross-platform ransomware capable of encrypting files on Windows, Linux, and macOS, which avoids affecting system files, deletes backups, hampers antivirus defense, and demands ransom through notes left in encrypted directories.
Read More @ infosecwriteups.com
[#] A serious path traversal vulnerability in CData's Java-based business integration products could allow attackers to access sensitive data or control applications unless patched with the provided hotfixes.
Read More @ securityonline.info
[#] MuddyWater has been using a new command-and-control framework called DarkBeatC2 to escalate cyber attacks against Israeli targets amidst broader geopolitical conflicts, indicating a need for strengthened international digital defense strategies.
Read More @ securityonline.info
[#] Modash provides a free tool to analyze Instagram influencers, showing follower count, engagement rate, and presence of fake followers, with detailed metrics available through a subscription service.
Read More @ modash.io

# F.A.Q


Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.


I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.


FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.


I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.


This isn't an Ad.

current friend of haq 2024-04-09

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Jared Folkins