# Latest Podcast
# Description
In this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in the Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit's scripts for updates.
# Tradecraft
[#]
CloudGrappler is a new security tool that simplifies the search for high-quality threat data in cloud environments like AWS and Azure, by scanning for specific events and providing reports and recommendations to improve security.
[#]
The blog post discusses GMER, a tool for uncovering stealthy rootkits hidden in Windows kernel mode, which is crucial for cybersecurity defense measures.
[#]
Cobalt Strike is a post-exploitation toolset that can be expanded with community-created scripts, and the Community Kit serves as a central collection of these resources, offering a downloadable script for easy updates or acquisition of the entire suite.
[#]
NativeDump is a tool that captures the lsass process memory without using the standard MinidumpWriteDump function, creating a Minidump by manual process with only the essential streams, which works on Windows 10 and 11 and can evade some security detections.
[#]
The Wayback Google Analytics tool is designed for cyber investigators to collect Google Analytics codes from websites across different time periods to aid in uncovering connections between sites in OSINT investigations.
[#]
CHAOS is an open-source Remote Administration Tool (RAT) that can create binaries to control remote systems, with features like reverse shell, file management, and system information retrieval; it can be installed locally, via Docker, or deployed on Heroku.
[#]
A security researcher discovered a command injection vulnerability in the CHAOS RAT v5.01 web panel, allowing remote execution of commands via spoofed agent callbacks, and has published a proof of concept on GitHub to demonstrate the exploit.
[#]
The content provides a walkthrough of detecting and responding to a simulated cyber attack using Sysmon and Windows Event Logs, showcasing how an attacker can escalate privileges and the steps a defender takes to identify and mitigate the attack.
[#]
Auditor is an open-source app that checks if your phone's operating system is free from malware like Pegasus by sending regular integrity certifications to your email.
# News
[#]
ALPHV/BlackCat ransomware group has enhanced their money laundering activities, moving $3.5 million in bitcoin through mixers, following a lucrative attack on UnitedHealth Group's Change Healthcare, amidst internal disputes and fake disbanding claims.
[#]
Nearly 8.5 million individuals' personal data was exposed in a U.S. Environmental Protection Agency breach, with the Cybersecurity and Infrastructure Security Agency now informed.
[#]
The U.S. Department of Health alerts healthcare IT help desks of sophisticated social engineering attacks aimed at enrolling new devices for multi-factor authentication to access and divert payments, highlighting the use of AI voice imitation and providing mitigation strategies like call-back verification and help desk training.
[#]
Acuity, a federal technology consulting firm, has stated that a recent breach only involved outdated and non-sensitive data contrary to IntelBroker's claim of significant government and military information theft, with Acuity taking prompt action to address the vulnerability in its Tekton CI/CD server.
[#]
Google Chrome has introduced a V8 Sandbox feature to isolate potential memory corruption within the JavaScript engine, reducing the risk of security breaches with minimal performance impact.
[#]
Recent cyber incidents include Acuity's GitHub breach, Prudential Insurance's data compromise, PandaBuy's customer information theft, Russian criminal record exposure by RGB-TEAM, and suspected ransomware disabling Jackson County's IT systems, alongside reported vulnerabilities and AI usage in elections, with solutions ranging from patch updates to heightened security measures.
[#]
A fake Bing ad for NordVPN was actually for SecTopRAT, a trojan, and despite being removed from Dropbox, the malicious campaign persists, redirecting to a new domain.
[#]
Crowdfense is offering up to $30 million for new zero-day exploits for mobile operating systems and browsers, with specific bounties detailed for full-chain exploits deliverable via SMS or MMS, as well as for remote code execution and sandbox escapes.
[#]
Researchers at ETH Zurich have revealed a new form of cyber attack called Ahoi which compromises confidential virtual machines by exploiting vulnerabilities in hardware-based security technologies used by AMD and Intel, with Linux kernel patches now available to address the issue.
[#]
A security flaw in HTML email allows content to change when forwarded, so use text-only emails and open links and attachments in isolated virtual machines to stay safe.
[#]
Change Healthcare faces a second extortion attempt by a ransomware group named RansomHub that claims possession of 4 TB of sensitive data, shortly after allegedly settling with a $22 million ransom for a previous attack by ALPHV.
[#]
Security teams should be aware of a new malicious software named Latrodectus that evades detection and spreads through phishing emails to deliver additional malware and execute commands remotely.
[#]
The Notepad++ development team warns of a counterfeit website impersonating the official one and asks the public to help report it for potential security risks and trademark infringement.
[#]
Cybercriminals target Latin America with a sophisticated phishing scheme that delivers malware via email attachments and evades detection by varying its behavior based on the recipient's IP address.
[#]
Google is suing two developers for tricking over 100,000 users into downloading fake crypto investment apps, resulting in significant financial loss.
[#]
The cybercriminal group Solar Spider is using an updated JavaScript remote access Trojan named JSOutProx to target financial institutions in the Middle East, and companies can defend against it by training employees to recognize suspicious communication and ensuring thorough incident investigation and remediation.
[#]
Yossi Sariel, head of Israel's cyber spy unit Unit 8200, was inadvertently revealed as the author of an intelligence AI book due to a link to his personal email, while security vulnerabilities in Android Pixel devices and other systems require immediate updating to mitigate exploitation risks.
[#]
Cybercriminals in Latin America are using phishing emails with ZIP files that appear to be invoices but actually contain malware-loaded HTML files that redirect users in Mexico to a captcha page which then leads to the downloading of a PowerShell script designed to steal sensitive information.
[#]
KUIPER is a cross-platform ransomware capable of encrypting files on Windows, Linux, and macOS, which avoids affecting system files, deletes backups, hampers antivirus defense, and demands ransom through notes left in encrypted directories.
[#]
A serious path traversal vulnerability in CData's Java-based business integration products could allow attackers to access sensitive data or control applications unless patched with the provided hotfixes.
[#]
MuddyWater has been using a new command-and-control framework called DarkBeatC2 to escalate cyber attacks against Israeli targets amidst broader geopolitical conflicts, indicating a need for strengthened international digital defense strategies.
[#]
Modash provides a free tool to analyze Instagram influencers, showing follower count, engagement rate, and presence of fake followers, with detailed metrics available through a subscription service.
