# Latest Podcast
# Description
A cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there's talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware's web panel, allowing unauthorized file access. Carlos Polop's guide covers penetration testing extensively. Use Countik, an online tool, for analyzing TikTok accounts. An article guides on OSINT for map investigations. Shortemall v3.0, released on April 5, 2024, scans for hidden content in short URLs.
# Tradecraft
[#]
A cybersecurity researcher known as k0shl discussed the intricate methods used to exploit a Windows telephony service vulnerability, bypassing security protections to gain unauthorized memory control.
[#]
The Nitrogen malware campaign is tricking system administrators into downloading fake PuTTY and FileZilla installers from malicious ads, leading to network access and ransomware deployment, with protection possible through DNS filtering, ad blocking, and Managed Detection and Response systems.
[#]
The security discussion on Reddit focuses on the risks of using batch files in Windows due to improper escaping of command-line arguments, which could be exploited by attackers if they can control the arguments passed to the CreateProcess function.
[#]
The C2 Cloud project is a web-based command and control framework that gives penetration testers the ability to manage multiple compromised systems through a straightforward interface, similar to how one would operate instances in a cloud service.
[#]
A Proof of Concept (PoC) was created to demonstrate a vulnerability in the Jasmin Ransomware web panel that allows unauthorized file access due to improper session verification and unsanitized file path input.
[#]
The blog discusses utilizing a free online tool called Countik to analyze TikTok accounts by monitoring engagement, hashtags, and mentions for research purposes.
[#]
The article provides a guide on using Open Source Intelligence (OSINT) methods for map investigations, including tools for comparing maps, simulating sun shadows, tracking weather, and finding various map-related data online.
[#]
Shortemall is a tool for scanning and analyzing hidden content within short URLs, with features like targeting specific providers, auto-configuration, enhanced screenshot capabilities, and total code refactoring for efficiency, released in version 3.0 on April 5, 2024.
# News
[#]
A vulnerability in UPS's parcel tracking system allows attackers to obtain personal information such as receiver and sender details, shopping habits, and potentially photos of delivery locations by enumerating valid tracking numbers.
[#]
Raspberry Robin, a Windows worm known for evasion techniques, now spreads via Windows Script Files, necessitating updated detection methods and security measures to counteract the threat.
[#]
Tarrant County Appraisal District in Texas was attacked by the Medusa ransomware gang, leading to a demand for a $100,000 ransom and threats to release 218GB of stolen data if not paid.
[#]
Microsoft failed to secure an Azure server, exposing internal data like code and credentials, which could allow attackers to access more company systems.
[#]
The U.S. Environmental Protection Agency has confirmed a data leak by USDoD, which was already public, but this highlights the need for improved security measures for government agencies.
[#]
Researchers at VU Amsterdam have developed a new variant of the Spectre v2 attack which leaks information from Intel CPUs, and Intel has updated its mitigation guidance in response.
[#]
AT&T confirms a data breach affecting 51 million customers, originally undetected since 2019, now providing one year of Experian credit monitoring to the affected with enrollment due by August 30, 2024.
[#]
Cybercriminals are using fake GitHub repositories with malicious code that appears legitimate to trick users into downloading malware, which includes a disguised Keyzetsu clipper capable of misdirecting cryptocurrency transactions, highlighting the importance of cautious code evaluation from open-source platforms.
[#]
Greylock McKinnon Associates, a consulting firm for the U.S. Department of Justice, suffered a data breach affecting over 340,000 individuals, involving personal and medical information, with delayed notification and identity theft services offered post-incident.
[#]
A critical vulnerability in Rust's standard library on Windows, identified as CVE-2024-24576, could allow command injection attacks; developers should update to version 1.77.2 to fix the issue.
[#]
A malware campaign called eXotic Visit targets Android users in India and Pakistan through apps on Google Play and dedicated websites, using XploitSPY to steal data, with researchers advising affected users to remove these malicious apps.
[#]
Hacker known as "ShopifyGUY" leaked personal data of 7.5 million boAt customers, and to prevent future incidents, companies should use anti-exfiltration tools and encrypt databases at rest.
[#]
Cybersecurity firm Proofpoint has discovered an email phishing campaign using an AI-generated PowerShell script to distribute the Rhadamanthys information stealer to German organizations.
[#]
The server is currently unable to locate the requested resource, indicating a possible incorrect URL or a removed page; LiteSpeed Technologies clarifies that server content issues are outside their jurisdiction.
[#]
Cybersecurity experts have uncovered a new wave of Raspberry Robin malware attacking through WSF files, evading antivirus programs and using advanced techniques to prevent analysis and detection.
[#]
Security researchers at Cisco Talos have identified a new malware named "FlexStarling" targeting North African human rights activists with spear-phishing emails and credential theft.
[#]
The Havoc C2 Framework provides a guide that assists defensive cybersecurity operators in understanding and combating command and control (C2) threats.
[#]
Cybersecurity researchers have discovered a new exploit called Native Branch History Injection that allows kernel memory leaks on Intel systems, bypassing prior Spectre v2 mitigations, with a solution being to deny access to unprivileged eBPF by default.
[#]
Several cryptocurrency platforms and projects have experienced security incidents, including a $23 million alleged theft by STFIL, the shutdown of a Bored Ape-themed restaurant, a $40 billion fraud case involving Terraform Labs, questionable governance actions by SushiSwap, a pre-announced scam project collecting nearly $29,000, repeated hacks of FixedFloat exchange, Solana's problems with trading bot exploits, Prisma Finance's $12 million hack with unusual demands from the attacker, the sentencing of Sam Bankman-Fried to 25 years for the FTX collapse, and accusations of a $10 million rug pull by LENX co-founder.
[#]
Fortinet has issued patches for critical vulnerabilities impacting products like FortiClient, FortiSandbox, FortiOS, and FortiProxy, which could allow full system control and data leaks, requiring users to update immediately.
[#]
Security researchers have discovered a new Spectre variant (CVE-2024-2201) targeting Branch History Injection in CPUs with speculative execution, prompting users to apply the latest patches from system and hardware vendors and to consult cybersecurity teams for updated defense strategies.
[#]
Cybercriminals are tricking system administrators into downloading malware-laced fake software updates from Google Ads, which can lead to data theft and ransomware; users should only download from trusted sources and monitor for unusual system behavior.
[#]
Microsoft's April 2024 Patch Tuesday addresses 157 vulnerabilities, with updates for Chromium-related issues in Edge and critical remote code execution flaws in Microsoft Defender for IoT.
[#]
The r/ReverseEngineering subreddit features an announcement about a new tool that uses AI to automate searches in reverse engineering and binary analysis.
[#]
Malware disguised with a valid Microsoft certificate, found in the LaiXi Android app, prompts Microsoft to update its revocation list as part of Patch Tuesday, addressing the Windows vulnerability CVE-2024-26234 due to active exploitation.
[#]
Microsoft patched 149 security flaws including an actively exploited proxy driver spoofing vulnerability and a SmartScreen prompt bypass, while Adobe, SAP, Fortinet, VMware, and Cisco also released important security updates.
[#]
A severe flaw in Rust's standard library exposes Windows to command injection attacks unless batch files are moved out of the PATH environment variable.
[#]
The 'MayflyHack, Code, Sleep, Repeat' webpage you are trying to find has been moved or deleted, but you can discover guides on setting up a virtual lab with Proxmox, pfSense, Packer, Terraform, and Ansible on the site.
[#]
The article provides a collection of interactive dashboards for OSINT analysts and cyber security enthusiasts to monitor various global threats and dynamic processes such as cyber threats, internet infrastructure, transportation, space events, weather, environmental data, natural disasters, criminal activities, and shadow mapping for geolocation, offering real-time updates and data visualization tools.
[#]
Upcoming events include Nothing's presentation on April 18, 2024, Google I/O on May 14, 2024, and Microsoft Build on May 21, 2024, with a notable release of "Fast & Furious 11" on April 4, 2025.
[#]
Google has launched the Find My Device network that allows lost Android phones to be located using surrounding devices, even when they are offline, and plans to expand the service to include headphones and Bluetooth beacons.
[#]
An OSINT-focused event in Amsterdam, OSINTerdam #7, is scheduled for April 20th, with discussions on narrative intelligence and practical open-source intelligence tools followed by networking and an afterparty.
[#]
The page you are trying to reach cannot be found, and you may need to go back to the previous page or look in the Help Center for assistance.
[#]
The message indicates that a GitHub Pages site expected at this address does not exist, and it suggests checking the documentation to correctly set up a new site.