VM#003

Author

Alicja Pawlowska
October 06, 2024

Hi Everyone,

Thank you for such a great response/feedback through DMs and on LinkedIn 🥹 

These past two weeks have flown by like a single day.

Let’s recap the latest news, as there have been many interesting updates.

Cybersecurity News

  • Vulnerability Exploit using YouTube to Steal Files: Lyra has discovered a vulnerability that enables cybercriminals to use YouTube to steal your files. Find out more.

  • MoneyGram Cyberattack: MoneyGram has confirmed it suffered a cyberattack, resulting in widespread system outages and numerous customer complaints. Find out more.

  • Cloudflare's Leaked Credential Detection Service:
    Cloudflare has introduced a powerful new feature to detect leaked credentials. It uses the Pwned Passwords database as a data source. Here's how it works:

    • The service scans incoming HTTP requests for authentication patterns.

    • Detected credentials are checked against a list of known leaked credentials (from Cloudflare and Have I Been Pwned databases).

    • The results can be monitored in the Security Analytics dashboard, where users can set custom rules to protect against compromised credentials.

    Supported platforms include: Drupal, Joomla, Ghost, Magento, Plone, WordPress, Microsoft Exchange OWA. Find out more.

  • HP Wolf Security a New Malware via GenAI: HP’s Wolf Security team has detected scripts used to infect systems with Async RAT (a remote access trojan). These scripts appear to be created using GenAI tools. Find out morein the Threat Insights Report - September 2024.

  • DHS Alert: Russia, Iran, and China are likely to use AI for interference in U.S. elections. Find out more.

  • DrayTek Routers: Over 700,000 devices are vulnerable to new security flaws. Find out more.

  • Meta Fined: Meta faces a €91M fine for storing passwords in plaintext. Find out more.

  • How the FBI and Mandiant: caught a ‘serial hacker’ who tried to fake his own death. Find out more.

  • Russian APT Tool Matrix: Came across this interesting resource last week while searching through Russian sources. BushidoToken has created a matrix on Russian APT (Advanced Persistent Threat) tools. Find out more.

Espionage & Counterintelligence

  • State actor suspected behind Dutch police hack: Dutch intelligence services suspect a state actor was behind the hack of the Dutch national police, where hackers stole work details of over 65,000 police officers. No personal data was leaked. Find out more.

  • South Korea criminalizes deepfake porn: South Korea passed a new law criminalizing the possession and watching of sexually explicit deepfakes. Violators face fines up to $22,000 and up to three years in prison. This expands on existing laws banning the creation and distribution of such content. Find out more.

  • Russian Journalists on Trial: Four Russian journalists face trial in Moscow for alleged ties to Navalny's anti-corruption group. Find out more.

  • A Chinese woman was arrested in Germany for suspected espionage. Find out more.

  • The FBI is investigating a Chinese billionaire for tech espionage. Find out more.

  • In Sweden, Iran allegedly hacked a messaging service following Koran burnings. Find out more.

  • Who is #EvilCorp? The NCA, FBI, and AFP have detailed the operations of Evil Corp in their report, "Evil Corp: Behind the Screens." Led by Maksim Yakubets, Evil Corp is a notorious cybercrime group known for creating malware such as Dridex and BitPaymer. The group was formed in 2011 after the Jabber Zeus Crew, later developing GameOverZeus. In 2019, they launched DopplePaymer, followed by WastedLocker and LockBit ransomware in 2022.

SOCMINT

  • YouTube's New Communities Experience: YouTube has launched a Communities feature aimed at enhancing interactions between fans and creators, fostering deeper connections and engagement.

  • LinkedIn Removes Top Voice Badges: LinkedIn will retire itsCommunity Top Voice badge for collaborative articles starting October 8, 2024, affecting users who contributed to such content.

  • TikTok Ban in Court: The future of TikTok hangs in the balance as courts decide whether to uphold a potential ban, with implications for its availability in 2025.

  • TikTok's Misinformation Efforts: TikTok is intensifying its fight against misinformation by terminating accounts linked to Russian media (RT and Sputnik) and partnering with the WHO to promote accurate health information.

  • EU's Request on Algorithm Transparency: The EU is urging YouTube, Snapchat, and TikTok to disclose how they recommend content and address risks related to elections and mental health, seeking greater transparency in their algorithms.

  • WhatsApp and Messenger's Third-Party Calls: In a significant update for EU users, WhatsApp and Messenger will soon support calls from third-party services like iMessage, Telegram, Google Messages, Signal, and other.

  • How to use Telegram and Discord for Data Exfiltration? A guide discusses how to use Telegram and Discord for data exfiltration, highlighting security vulnerabilities in these platforms.

OSINT

Tools

Bellingcat has just launched the new Online Investigations Toolkit. I used their previous toolkit 4 years ago during one of my first OSINT CTFs (time flies, right?) Link.

In the new toolkit, you can discover tools for everything from satellite imagery analysis to social media scraping, transportation tracking, and archiving research material. Link.

Community

🇫🇷 France has a strong network of OSINT communities as well as advanced-level CTFs. One of the OSINT communities, Ozint, is getting a makeover and becoming OSINTOPIA! The Discord server has changed, and Discord is moving! Join them. They are now an association under the law of 1901 - which means they operate as a non-profit organization in France.

Google Updates

  • Chrome Update: Google Chrome introduced App-Bound Encryption in version 127 to enhance the security of sensitive data, such as cookies. However, several infostealer malware developers, including Lumar, MeduzaLummaVidar, and WhiteSnake, have claimed to successfully bypass this security feature. Security researchers have confirmed that Lumma Stealer can indeed bypass the encryption in Chrome version 129, the currently the most recent version of the browser. Full details here.

  • Account Restrictions: Google is restricting new account creations in Russia.

  • Gemini AI in Workspace: Gemini AI will soon be integrated into Google Workspace, following the same enterprise terms as Gmail and Docs. Admins will manage data storage for generated responses.

  • Phishing Risks: HiddenLayer highlights phishing risks with Gemini AI,demonstrating how threat actors could exploit it through prompt injections.

  • Fraud Protection: Google is launching a limited fraud protection pilot program in India, expanding Google Play Protect’s security to apps installed from non-official sources like browsers and messaging apps. The program follows successful pilots in Singapore, Thailand, and Brazil.

Darknet

  • Tails OS Merges with Tor Project: Tails OS has announced a merger with the Tor Project to enhance privacy and security measures.

  • Red Barrels Inc Falls Victim to Nitrogen Ransomware: The Canadian company Red Barrels Inc has reportedly suffered a ransomware attack on 2.10.2024, with the attackers claiming to have acquired 1.8 TB of the organization's database. Claim here (onion link).

Upcoming CyberSec / OSINT Events

Free

  • Skopenow OSINT Live Conference: On October 10th, Gary Ruddell

    will discuss setting up a research environment and utilizing tools from GitHub. Register here for free.

  • Investigative Tech Warriors Summit: Scheduled for October 16 from 1 PM to 4:30 PM US EDT. Learn more and register.

  • Feedly Vulnerability Dashboard Webinar: Join the session on October 23, 2024, at 6:00 PM for real-time CVE intelligence tailored to your tech stack. Register here.

  • e-Crime & Cybersecurity Congress Nordics: On-site event on October 30, 2024, at the Marriott Hotel in Copenhagen, Denmark. Event.

#BlackAlps24: Scheduled for November 6-7, 2024, in Yverdon-les-Bains, Switzerland. The main event is paid, but the Capture The Flag (CTF) competition on November 7 is free. Registration open from July 1 to November 6. Register here.

🙃Bonus

  • HBO Claims it has Unmasked Bitcoin Creator Satoshi Nakamoto in their new documentary Money Electric: The Bitcoin Mystery, premiering on October 8.

  • I-XRAY project video went viral on October 2, 2024, showcasing how AI glasses might be used to reveal personal details just by looking at someone. This experiment is a personal project by developers AnhPhu Nguyen and Caine Ardayfio. More details & Youtube.