HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

A cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there's talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware's web panel, allowing unauthorized file access. Carlos Polop's guide covers penetration testing extensively. Use Countik, an online tool, for analyzing TikTok accounts. An article guides on OSINT for map investigations. Shortemall v3.0, released on April 5, 2024, scans for hidden content in short URLs.

# Tradecraft

[#] A cybersecurity researcher known as k0shl discussed the intricate methods used to exploit a Windows telephony service vulnerability, bypassing security protections to gain unauthorized memory control.
Read More @ whereisk0shl.top
[#] The Nitrogen malware campaign is tricking system administrators into downloading fake PuTTY and FileZilla installers from malicious ads, leading to network access and ransomware deployment, with protection possible through DNS filtering, ad blocking, and Managed Detection and Response systems.
Read More @ malwarebytes.com
[#] The security discussion on Reddit focuses on the risks of using batch files in Windows due to improper escaping of command-line arguments, which could be exploited by attackers if they can control the arguments passed to the CreateProcess function.
Read More @ reddit.com
[#] The C2 Cloud project is a web-based command and control framework that gives penetration testers the ability to manage multiple compromised systems through a straightforward interface, similar to how one would operate instances in a cloud service.
Read More @ github.com
[#] A Proof of Concept (PoC) was created to demonstrate a vulnerability in the Jasmin Ransomware web panel that allows unauthorized file access due to improper session verification and unsanitized file path input.
Read More @ github.com
[#] The author, Carlos Polop, provides a comprehensive guide on penetration testing including methodologies, tools, and techniques useful for security professionals and enthusiasts.
Read More @ gitbook.io
[#] The blog discusses utilizing a free online tool called Countik to analyze TikTok accounts by monitoring engagement, hashtags, and mentions for research purposes.
Read More @ osintteam.blog
[#] The article provides a guide on using Open Source Intelligence (OSINT) methods for map investigations, including tools for comparing maps, simulating sun shadows, tracking weather, and finding various map-related data online.
Read More @ redteamrecipe.com
[#] Shortemall is a tool for scanning and analyzing hidden content within short URLs, with features like targeting specific providers, auto-configuration, enhanced screenshot capabilities, and total code refactoring for efficiency, released in version 3.0 on April 5, 2024.
Read More @ github.com

# News

[#] A vulnerability in UPS's parcel tracking system allows attackers to obtain personal information such as receiver and sender details, shopping habits, and potentially photos of delivery locations by enumerating valid tracking numbers.
Read More @ insinuator.net
[#] Raspberry Robin, a Windows worm known for evasion techniques, now spreads via Windows Script Files, necessitating updated detection methods and security measures to counteract the threat.
Read More @ bromium.com
[#] Tarrant County Appraisal District in Texas was attacked by the Medusa ransomware gang, leading to a demand for a $100,000 ransom and threats to release 218GB of stolen data if not paid.
Read More @ scmagazine.com
[#] Microsoft failed to secure an Azure server, exposing internal data like code and credentials, which could allow attackers to access more company systems.
Read More @ scmagazine.com
[#] The U.S. Environmental Protection Agency has confirmed a data leak by USDoD, which was already public, but this highlights the need for improved security measures for government agencies.
Read More @ scmagazine.com
[#] Researchers at VU Amsterdam have developed a new variant of the Spectre v2 attack which leaks information from Intel CPUs, and Intel has updated its mitigation guidance in response.
Read More @ packetstormsecurity.com
[#] AT&T confirms a data breach affecting 51 million customers, originally undetected since 2019, now providing one year of Experian credit monitoring to the affected with enrollment due by August 30, 2024.
Read More @ bleepingcomputer.com
[#] Cybercriminals are using fake GitHub repositories with malicious code that appears legitimate to trick users into downloading malware, which includes a disguised Keyzetsu clipper capable of misdirecting cryptocurrency transactions, highlighting the importance of cautious code evaluation from open-source platforms.
Read More @ thehackernews.com
[#] Greylock McKinnon Associates, a consulting firm for the U.S. Department of Justice, suffered a data breach affecting over 340,000 individuals, involving personal and medical information, with delayed notification and identity theft services offered post-incident.
Read More @ packetstormsecurity.com
[#] A critical vulnerability in Rust's standard library on Windows, identified as CVE-2024-24576, could allow command injection attacks; developers should update to version 1.77.2 to fix the issue.
Read More @ theregister.com
[#] A malware campaign called eXotic Visit targets Android users in India and Pakistan through apps on Google Play and dedicated websites, using XploitSPY to steal data, with researchers advising affected users to remove these malicious apps.
Read More @ thehackernews.com
[#] Hacker known as "ShopifyGUY" leaked personal data of 7.5 million boAt customers, and to prevent future incidents, companies should use anti-exfiltration tools and encrypt databases at rest.
Read More @ darkreading.com
[#] Cybersecurity firm Proofpoint has discovered an email phishing campaign using an AI-generated PowerShell script to distribute the Rhadamanthys information stealer to German organizations.
Read More @ bleepingcomputer.com
[#] The server is currently unable to locate the requested resource, indicating a possible incorrect URL or a removed page; LiteSpeed Technologies clarifies that server content issues are outside their jurisdiction.
Read More @ jmpeax.dev
[#] Cybersecurity experts have uncovered a new wave of Raspberry Robin malware attacking through WSF files, evading antivirus programs and using advanced techniques to prevent analysis and detection.
Read More @ thehackernews.com
[#] Security researchers at Cisco Talos have identified a new malware named "FlexStarling" targeting North African human rights activists with spear-phishing emails and credential theft.
Read More @ securityonline.info
[#] The Havoc C2 Framework provides a guide that assists defensive cybersecurity operators in understanding and combating command and control (C2) threats.
Read More @ reddit.com
[#] Social platform X fixed a URL alteration issue where inserting "Twitter" into any website name in a posted link, such as netflitwitter.com, changed the display to a legitimate domain like Netflix.com, although clicking it led users to the actual, potentially malicious site.
Read More @ theregister.com
[#] Cybersecurity researchers have discovered a new exploit called Native Branch History Injection that allows kernel memory leaks on Intel systems, bypassing prior Spectre v2 mitigations, with a solution being to deny access to unprivileged eBPF by default.
Read More @ thehackernews.com
[#] Google introduces Chrome Enterprise Premium for $6 per user per month, offering enhanced security features to prevent data loss and integration with AI-driven security tools.
Read More @ theregister.com
[#] Several cryptocurrency platforms and projects have experienced security incidents, including a $23 million alleged theft by STFIL, the shutdown of a Bored Ape-themed restaurant, a $40 billion fraud case involving Terraform Labs, questionable governance actions by SushiSwap, a pre-announced scam project collecting nearly $29,000, repeated hacks of FixedFloat exchange, Solana's problems with trading bot exploits, Prisma Finance's $12 million hack with unusual demands from the attacker, the sentencing of Sam Bankman-Fried to 25 years for the FTX collapse, and accusations of a $10 million rug pull by LENX co-founder.
Read More @ web3isgoinggreat.com
[#] Fortinet has issued patches for critical vulnerabilities impacting products like FortiClient, FortiSandbox, FortiOS, and FortiProxy, which could allow full system control and data leaks, requiring users to update immediately.
Read More @ securityonline.info
[#] Security researchers have discovered a new Spectre variant (CVE-2024-2201) targeting Branch History Injection in CPUs with speculative execution, prompting users to apply the latest patches from system and hardware vendors and to consult cybersecurity teams for updated defense strategies.
Read More @ securityonline.info
[#] Cybercriminals are tricking system administrators into downloading malware-laced fake software updates from Google Ads, which can lead to data theft and ransomware; users should only download from trusted sources and monitor for unusual system behavior.
Read More @ securityonline.info
[#] Microsoft's April 2024 Patch Tuesday addresses 157 vulnerabilities, with updates for Chromium-related issues in Edge and critical remote code execution flaws in Microsoft Defender for IoT.
Read More @ sans.edu
[#] The r/ReverseEngineering subreddit features an announcement about a new tool that uses AI to automate searches in reverse engineering and binary analysis.
Read More @ reddit.com
[#] Malware disguised with a valid Microsoft certificate, found in the LaiXi Android app, prompts Microsoft to update its revocation list as part of Patch Tuesday, addressing the Windows vulnerability CVE-2024-26234 due to active exploitation.
Read More @ securityonline.info
[#] Microsoft patched 149 security flaws including an actively exploited proxy driver spoofing vulnerability and a SmartScreen prompt bypass, while Adobe, SAP, Fortinet, VMware, and Cisco also released important security updates.
Read More @ theregister.com
[#] A severe flaw in Rust's standard library exposes Windows to command injection attacks unless batch files are moved out of the PATH environment variable.
Read More @ thehackernews.com
[#] The 'MayflyHack, Code, Sleep, Repeat' webpage you are trying to find has been moved or deleted, but you can discover guides on setting up a virtual lab with Proxmox, pfSense, Packer, Terraform, and Ansible on the site.
Read More @ github.io
[#] The article provides a collection of interactive dashboards for OSINT analysts and cyber security enthusiasts to monitor various global threats and dynamic processes such as cyber threats, internet infrastructure, transportation, space events, weather, environmental data, natural disasters, criminal activities, and shadow mapping for geolocation, offering real-time updates and data visualization tools.
Read More @ habr.com
[#] Upcoming events include Nothing's presentation on April 18, 2024, Google I/O on May 14, 2024, and Microsoft Build on May 21, 2024, with a notable release of "Fast & Furious 11" on April 4, 2025.
Read More @ rozetked.me
[#] Google has launched the Find My Device network that allows lost Android phones to be located using surrounding devices, even when they are offline, and plans to expand the service to include headphones and Bluetooth beacons.
Read More @ rozetked.me
[#] An OSINT-focused event in Amsterdam, OSINTerdam #7, is scheduled for April 20th, with discussions on narrative intelligence and practical open-source intelligence tools followed by networking and an afterparty.
Read More @ eventbrite.com
[#] The page you are trying to reach cannot be found, and you may need to go back to the previous page or look in the Help Center for assistance.
Read More @ linkedin.com
[#] The message indicates that a GitHub Pages site expected at this address does not exist, and it suggests checking the documentation to correctly set up a new site.
Read More @ github.io

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-04-11

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins