HAQ.NEWS
HAQ.NEWS
Jared Folkins
The HAQ.NEWS podcast is brought to you by Jared & Gracie Folkins. It is a daily blog post of information security [tradecraft] tooling news. It's grown into Gracie Folkins reading the [news] daily while Jared Folkins chats with Hackers of all type in the industry, via phone, and with permission he shares the recordings of their conversations. Head over to https://haq.news to learn more!
2024-02-09 : Daily : Gracie Folkins
I’m Gracie Folkins, today is February 9th, 2024, and you are listening to Hack News Daily. Today, we’ve got a roundup of some serious cyber news you'll want to know about. First off, the U.S. State Department is taking a stand against cybercrime, offering a reward of up to $10 million for info on the Hive ransomware group's leaders. This comes after the FBI managed to sneak into their network, saving potential victims over $130 million in ransom payments. In the world of malware, there's a new variant of XLoader targeting Android users. It kicks into action right after installation and tricks users with phishing notifications. McAfee suggests beefing up your device's security to fend off these sneaky threats. Security updates are crucial, folks. Ivanti is urging updates for Connect Secure, Policy Secure, and ZTA gateways due to a risky XXE flaw in the SAML component. This bug could let hackers in without needing any user interaction. Patches were out as of January 31, so make sure your systems are up to date. Raspberry Robin malware is getting smarter and faster, buying up exploits for fresh vulnerabilities to dodge detection and stick around longer on infected systems. It's a reminder of how cyber threats are always evolving. Over in France, a massive data breach has hit healthcare payment providers Viamedis and Almerys, affecting 33 million people. Although financial info was safe, personal details were exposed, upping the risk of phishing and fraud. LastPass users, beware! A fake app called "LassPass Password Manager" popped up on the Apple App Store, mimicking the real deal but leading to a suspicious site. Steps are being taken to get rid of this impostor. A duo allegedly scammed Apple out of $2.5 million by hacking into systems and snagging gift cards and hardware. Their tactics included using remote desktops and VPNs to hide their tracks. A newly spotted vulnerability in the Apache bRPC framework could let attackers sneak in through HTTP request smuggling. The fix? Upgrade to version 1.8.0 or apply the available patch. TOTOLINK routers have a critical flaw that could let hackers take control without needing a password. The manufacturer hasn't responded yet, so users should stay alert for updates. On the legal side, Jim Dempsey is pushing for laws that make software makers more accountable for security lapses, aiming to clearly define when they should be liable for vulnerabilities. Google's getting a facelift, updating its sign-in pages to a sleeker, more personalized design. Keep an eye out for a new look on services like Gmail. Kaspersky Labs discovered a new banking Trojan targeting Brazilian banks, named "Coyote". It's sneaky, using advanced techniques to hide and steal data. A look at CISA's Known Exploited Vulnerabilities in 2023 by Horizon3.ai shows that even with safer programming languages like Rust, security risks from exposed endpoints and logic bugs are still a big deal. For those looking to beef up their cybersecurity, "Hadess" is offering a suite of services including Red Team exercises and Blockchain Security. A serious SQL injection vulnerability in the WordPress Booking Calendar plugin was swiftly dealt with by the Wordfence team, protecting over 60,000 sites from potential attacks. CISA's latest alert adds a Google Chromium bug to its watchlist, highlighting the need for federal agencies to patch up by February 27 to avoid remote attacks. The Chinese cyber-espionage group Volt Typhoon went unnoticed for five years in US networks, showcasing the stealth and persistence of modern cyber threats. Scammers are using Facebook job ads to spread malware via Discord, highlighting the creative tactics of malvertisers. And that wraps up today's cyber news. Come back tomorrow for more Hack News Daily for the latest updates. You can find links to all the cyber news, red team tradecraft tooling, and more at HAQ.NEWS. Gracie Folkins out.
Feb 9, 2024
4 min
2024-02-08 : Daily : Gracie Folkins
I'm Gracie Folkins, and this is Hack News Daily for February 8th, 2024. Leading today's cybersecurity developments, Google is enhancing its malware defense strategy in Singapore by trialing a security feature designed to prevent the installation of sideloaded Android apps that request high-risk permissions. This initiative seeks to minimize the risk of financial fraud and the dissemination of malware via third-party app installations. In cybercrime news, the breach of the Russian cybercrime forum Mazafaka has exposed its founder, identified as a lawyer with ties to Russia's GRU. This individual is accused of providing cybercriminals with advice on avoiding legal consequences and potentially participating in state-backed hacking operations. Dispelling recent rumors, cybersecurity experts confirmed that the claim of 3 million electric toothbrushes involved in a DDoS attack was purely speculative. This serves as a reminder of the importance of safeguarding all internet-connected devices from misuse. The FBI has successfully dismantled the KV-botnet, hindering the Volt Typhoon hacker group's efforts, associated with China, to attack U.S. infrastructure. Despite this setback, the group made an attempt to re-establish their network shortly thereafter. Software security is in the spotlight as JetBrains encourages TeamCity users to install a critical update for CVE-2024-23917, addressing a vulnerability that could lead to server takeovers at the admin level. In the microblogging realm, Spoutible has addressed an API flaw that compromised user data, including hashed passwords and 2FA seeds, urging users to immediately update their security configurations. The financial cybersecurity landscape has seen a surge in crypto ransom attacks, with payments in 2023 doubling to an unprecedented $1 billion. These attacks are increasingly targeting major institutions, with substantial sums laundered through platforms such as the Russian exchange Garantex. Highlighting the innovative use of technology, a Raspberry Pi Pico has been demonstrated to extract BitLocker encryption keys from susceptible laptops in less than a minute, underscoring the ongoing struggle between security experts and attackers. The Linux community is currently addressing a critical buffer overflow vulnerability in the bootloader shim, CVE-2023-40547, which could allow the execution of arbitrary code at boot. Recommended measures include utilizing HTTPS for network booting and applying necessary updates. The Raspberry Robin worm is evolving, employing new methods for privilege escalation and exploiting compromised Discord downloads for attacks. Lastly, NCC Group's recent research offers insights into securing emerging technologies and highlights current security challenges, from AI threat models to zero-day exploits. That concludes today's episode of Hack News Daily. Join us tomorrow for the latest in cybersecurity. Visit HACK[.]NEWS for links to all the stories and more. This is Gracie Folkins, signing off.
Feb 8, 2024
3 min