HAQ.NEWS

// Jared Folkins

# Latest Podcast

# Description

How to exploit the id parameter using Time-based Blind SQL Injection and Wayback Machine for vulnerabilities. Autorize is a Burp Suite extension for finding API vulnerabilities with user tokens. Hidden content can be found on 404 error pages using tools like dirsearch. Subdomain takeovers use tools like Subfinder, HTTPX, and Nuclei. A hacker used Dorki.io for an SSRF vulnerability to get AWS EC2 credentials. It discusses finding DOM-based XSS via client-side JavaScript, Bruno IDE for APIs, Reporting API for monitoring errors, and profiling subdomains with httpx and EyeWitness. Techniques for discovering APIs and methods for recon in bug bounties are detailed. Various vulnerabilities in GOG Galaxy and solutions for HTTP parser inconsistencies are explored, alongside insights into NetScout and Klarna’s Gram tools. Tools like unch, Scout Suite, SharpPersistSD, and EFuzz are also reviewed for security testing and auditing.

# Tradecraft

[#] This article describes how to exploit the id parameter on web applications using Time-based Blind SQL Injection, focusing on utilizing historical URLs from the Wayback Machine to identify potential vulnerabilities.
Read More @ medium.com
[#] Autorize is a Burp Suite extension that automates the detection of API vulnerabilities like broken object level authorization by injecting user tokens and analyzing response differences.
Read More @ danaepp.com
[#] Websites showing 404 errors can still have hidden content and vulnerabilities, discovered using tools like dirsearch, leading to findings such as AWS credentials and XSS issues.
Read More @ freedium.cfd
[#] Subdomain takeovers involve exploiting inactive or misconfigured subdomains to gain control, typically using tools like Subfinder, HTTPX, and Nuclei to identify unclaimed subdomains, and then reclaiming them through S3 buckets, Azure services, or similar methods.
Read More @ medium.com
[#] Using Dorki.io, a hacker exploited an SSRF vulnerability to extract AWS EC2 credentials from a metadata service, demonstrating the need for secure configurations and isolation of internal services.
Read More @ hashnode.dev
[#] This article explains how to identify and exploit DOM-based Cross-Site Scripting (XSS) vulnerabilities through client-side JavaScript source code analysis, using URL parameters to inject HTML or JavaScript.
Read More @ medium.com
[#] Bruno is an open-source IDE for exploring and testing APIs, storing collections directly on your filesystem using a plain text markup language, Bru, and supports collaboration via Git without cloud-sync for enhanced data privacy.
Read More @ github.com
[#] The Reporting API helps web developers monitor client-side errors by sending violation reports from users' browsers to a specified endpoint, and Google offers open source solutions to filter and analyze these reports for better security.
Read More @ googleblog.com
[#] This article explains how to identify and profile live subdomains of a target using tools like httpx and EyeWitness for DNS resolution in penetration testing.
Read More @ medium.com
[#] The article outlines five methods for discovering APIs, including using API documentation, conducting OSINT research, analyzing HTML and JavaScript, active scanning and fuzzing, and examining mobile applications.
Read More @ medium.com
[#] An ethical hacker discovered and reported multiple security vulnerabilities, including information disclosure, broken access control, and IDORs, in a voice communication solutions company by examining subdomains, API endpoints, and JS files.
Read More @ medium.com
[#] The article describes a methodology for thorough reconnaissance in bug bounty programs, including finding internet assets through SSL certificates, subdomain enumeration, and using tools like Amass, Shodan, and httpx, as well as exploiting vulnerabilities found in Docker registries.
Read More @ medium.com
[#] Rafael da Costa Santos' blog delves into HTTP parser inconsistencies across web technologies, showing how attackers can bypass security rules using pathname manipulation and offers solutions like reverse proxy validation to prevent these vulnerabilities.
Read More @ hashnode.dev
[#] Researchers found bugs in the GOG Galaxy 2.0 gaming platform, leading to a Denial-of-Service (CVE-2023-50915) and Local Privilege Escalation (CVE-2023-50914) vulnerabilities, and they suggest using filesystem and IPC abuse techniques to exploit these flaws.
Read More @ anvilsecure.com
[#] The Web Penetration Testing Course repository contains materials on basic programming, information gathering, and web penetration testing techniques, last updated on May 13, 2024.
Read More @ github.com
[#] Researchers analyzed 3.1 million public AMIs across 27 AWS regions and found 500 GB of sensitive data, such as credentials and API keys, highlighting the importance of carefully inspecting AMIs before publishing.
Read More @ securitycafe.ro
[#] NetScout is an OSINT tool that identifies domains, subdomains, directories, endpoints, and files for a given seed URL, using APIs like BinaryEdge and SERP API for data collection and offering various configurations for in-depth analysis.
Read More @ github.com
[#] Klarna's Gram is a collaborative web app for creating threat models using dataflow diagrams, offering features like automatic threat and control suggestions, system reviews, and integration with corporate tools like Jira and SSO.
Read More @ github.com
[#] The "unch" tool encodes hidden messages using invisible Unicode characters and can decode them, supporting various input methods and customization options.
Read More @ github.com
[#] "Attacking Rust" identifies and solves common security vulnerabilities in Rust code such as buffer overflows, unsafe code, and race conditions, using practical examples and best practices for secure coding.
Read More @ devsecopsguides.com
[#] This post covers techniques for attacking various programming languages and environments such as Java, PHP, NodeJS, APIs, Docker containers, and AWS, with detailed guides available on the provided blog links.
Read More @ twitter.com
[#] This article discusses the essentials of building a well-documented detection knowledge base for SOCs, including choosing a platform, structuring metadata, and outlining detailed detection documentation steps.
Read More @ detect.fyi
[#] Scout Suite v5.14 is a tool for auditing multi-cloud security that now supports Digital Ocean and includes updates for AWS and Azure.
Read More @ securityonline.info
[#] SharpPersistSD is a .NET library for embedding post-compromise persistence on remote machines by modifying security descriptors for services, WMI, and registry keys, enabling privileged access and code execution even for non-admin users.
Read More @ github.com
[#] SharpPersistSD is a .NET library that allows for persistent backdoors on remote machines by modifying Security Descriptors, which is particularly useful in domain environments.
Read More @ github.com
[#] This post covers vulnerabilities in ChatGPT, specifically "Prompt Leaking" and "Prompt Injection," detailing how these were used to achieve remote code execution through Python code injection, and recommends strict input sanitization to mitigate such risks.
Read More @ blazeinfosec.com
[#] EFuzz is a versatile fuzzer that records interactions between a program and its environment, then replays these interactions with mutations to discover bugs or crashes in Linux user-mode software.
Read More @ github.com

# News

[#] Kaspersky's ICS CERT division found critical flaws in Telit Cinterion cellular modems, including a heap overflow vulnerability (CVE-2023-47610) that enables remote code execution via SMS, with mitigation strategies such as disabling SMS sending and verifying application signatures.
Read More @ scmagazine.com
[#] Helsinki's education division experienced a data breach due to an unpatched server vulnerability, impacting tens of thousands of students, guardians, and personnel, revealing sensitive information.
Read More @ bleepingcomputer.com
[#] MITRE released EMB3D, a new threat-modeling framework for embedded devices to help manufacturers understand and mitigate vulnerabilities during the design phase, resulting in more secure infrastructure.
Read More @ thehackernews.com
[#] Russian hackers defaced multiple British local and regional newspaper websites, posting messages claiming responsibility and warning of the vulnerabilities in content management systems.
Read More @ securityaffairs.com
[#] The Post Millennial hack exposed data for over 26 million people, including names, emails, passwords, and more, urging those affected to reset passwords and monitor account activity.
Read More @ bleepingcomputer.com
[#] Firstmac Limited experienced a data breach by the Embargo cyber-extortion group, affecting personal and financial customer information, but have since enhanced security measures and offered identity theft protection services.
Read More @ bleepingcomputer.com
[#] The Black Basta ransomware group has targeted over 500 entities since April 2022, exploiting vulnerabilities and using phishing, with recent attacks showing increased activity and ties to the FIN7 group.
Read More @ thehackernews.com
[#] Europol is investigating claims that IntelBroker stole confidential data from its Europol Platform for Experts, though no operational data was compromised.
Read More @ theregister.com
[#] Cybersecurity researchers have identified multiple critical vulnerabilities in Cinterion cellular modems that could allow threat actors to execute code remotely and gain unauthorized access, suggesting organizations disable non-essential SMS messaging and implement security controls.
Read More @ thehackernews.com
[#] Prompt injection attacks exploit how data and commands are mixed in Large Language Models (LLMs), causing vulnerabilities that are difficult to fully secure against, though efforts are being made to improve defenses through input cleaning and access-control mechanisms.
Read More @ schneier.com
[#] Romance scammers are targeting cryptocurrency investors using fake exchanges and social engineering, so be cautious and verify the legitimacy of any investment platform.
Read More @ securityonline.info
[#] Cybersecurity researchers found a malicious Python package mimicking the popular requests library that hides a Golang-based Sliver C2 framework inside an image file, targeting macOS systems.
Read More @ thehackernews.com
[#] Australian lender Firstmac Limited disclosed a data breach caused by the Embargo extortion group, impacting sensitive customer information, and recommends vigilance for suspicious account activity.
Read More @ securityaffairs.com
[#] A serious path traversal vulnerability in Apache OFBiz (CVE-2024-32113) allows remote code execution; users must update to version 18.12.13 to mitigate the risk.
Read More @ securityonline.info
[#] NHS England Digital has issued an urgent alert about critical vulnerabilities (CVE-2024-0799, CVE-2024-0800, CVE-2024-0801) in Arcserve’s Unified Data Protection (UDP) platform, advising immediate application of security patches to avoid potential exploitation.
Read More @ securityonline.info
[#] A security study revealed that FIDO2, a passwordless authentication standard, is vulnerable to session hijacking through MITM attacks due to inadequate validation by identity providers.
Read More @ securityonline.info
[#] Encrypted email service Proton Mail has handed over user information to Swiss police, citing legal compliance, while Google patched a known Chrome security hole, and Wichita's government struggles with a ransomware attack from LockBit group.
Read More @ theregister.com
[#] Authorities charged Dmitry Yuryevich Khoroshev as the leader of the LockBit ransomware group through extensive digital breadcrumbs, although the accused denies the claim.
Read More @ krebsonsecurity.com
[#] PowerDNS has released a security update to fix a DoS vulnerability (CVE-2024-25581) in DNSdist versions 1.9.0 through 1.9.3 by releasing version 1.9.4 and providing workarounds for those unable to upgrade immediately.
Read More @ securityonline.info
[#] Cacti has released an update to fix several critical vulnerabilities, including a severe remote code execution flaw (CVE-2024-25641), and users should upgrade to version 1.2.27 or later immediately.
Read More @ securityonline.info
[#] Microsoft Edge users should immediately update to version 124.0.2478.97 to fix a zero-day 'Use After Free' vulnerability (CVE-2024-4671) and three other security flaws.
Read More @ securityonline.info
[#] A new ransomware named Trinity, which shares code and tactics with Venus ransomware, uses double extortion by encrypting data and threatening to leak it unless ransom is paid.
Read More @ securityonline.info
[#] Scattered Spider, a cybercriminal group, is targeting finance and insurance industries with sophisticated phishing attacks using lookalike domains to steal credentials, emphasizing the need for proactive defense strategies including monitoring for fake domains, employee training, and multi-factor authentication.
Read More @ securityonline.info

# F.A.Q

Problem

Many websites are using AI/ML to create clickbait which actually doesn't have any valuable content.

Value

I use AI to de-clickbait the clickbait by allowing AI to read my news for me. Then it creates a meaningful tldr; regarding the articles of interest which helps discern what I should read. It is saving me a ton of time.

Why

FWIW HAQ.NEWS really started out as my personal news feed, enriched by Ai, and converted into something quick and easy to read. But then I started getting requests for features like rss, Gracie got involved, and with the super-power of Ai things have taken on a life of their own.

Sharing

I currently post daily infosec news to x, linkedin, mastodon and rss.

I also post daily infosec podcasts and interviews to apple podcasts and spotify.

Ads

This isn't an Ad.

current friend of haq 2024-05-14

I want to encourage people and projects that impress me, by posting a banner linking their work, as it's my desire to help others. I do not take or make any money.

Thanks,
Jared Folkins