VM#008

Author

Alicja Pawlowska
December 15, 2024

Hi Everyone,

Let's check last week's roundup of the latest cybersecurity news, reports, tools.

Cybersecurity News

  • "Waifu" Unmasked: Brian Krebs Exposes Hacker Behind Major Breaches: Cybersecurity expert Brian Krebs identified "Waifu," the hacker behind major breaches like AT&T and Snowflake, leading to an arrest in Canada. Find out more.

  • NATO’s New Integrated Cyber Defense Center to Be Operational by 2028: NATO is establishing a new cyber center, combining its Cyber Security Center, Cyber Operations Center, and Cyber Threat Analysis Branch to enhance coordination, threat monitoring, and industry collaboration. Find out more.

Vulnerabilities & Exploits & Hacks

  • Salesforce PenTest: Uncovering Hidden Account Takeover Vulnerabilities: A recent penetration test on Salesforce applications revealed both common and lesser-known flaws, ultimately leading to an account takeover risk. The post highlights useful plugins, techniques, and resources for exploring Salesforce security. Find out more.

  • PostgreSQL Deprecates MD5 Passwords, Plans Full Removal by Version 21. Find out more.

Threat Hunting & Malware

  • iVerify’s Mobile Threat Hunting Reveals Pegasus Spyware: In May 2024, iVerify launched its Mobile Threat Hunting feature, enabling users to scan their devices for security threats. The service uncovered multiple Pegasus infections across 2,500 scanned devices, primarily among journalists, government officials, and corporate executives. iVerify’s efforts, which democratized mobile threat detection, revealed the prevalence of sophisticated spyware like Pegasus, developed by the NSO Group (referred to as Rainbow Ronin). Find out more.

  • Malware EagleMsgSpy, a Chinese relative of Pegasus: Lookout detected the EagleMsgSpy surveillance tool family, used by Chinese state agencies since 2017, targeting mobile devices (Android and potentially iOS), requiring physical access for installation, and offering enhanced data encryption and system masking in later variants. Find out more.

Ransomware

  • A newly formed ransomware group known as Termite: The group, using a modified Babuk variant, attacked Blue Yonder, a supply chain software provider, disrupting companies like Starbucks and Morrisons, and stealing 680GB of sensitive data. Find out more.

📰 Reports

  • ODNI Releases New OSINT Guidance
    The Office of the Director of National Intelligence (ODNI) has issued updated guidance to standardize open-source intelligence (OSINT) and promote partnerships between the Intelligence Community and the private sector. Key updates include new terminology, citation mechanisms to maintain low classification levels, and guidelines for using AI in analysis. The guidance.

  • Check Point’s Global Threat Index for November 2024. Report.

Espionage & Counterintelligence

  • Hungarian intelligence services allegedly spied on European officials: Hungarian intelligence allegedly spied on EU officials visiting Budapest between 2015 and 2017, including hacking their devices and searching hotel rooms, as part of an operation by the Hungarian spy agency, Információs Hivatal (IH), which reportedly monitored EU institutions to protect interests linked to Prime Minister Viktor Orbán's family. Find out more.

  • Bulgarian Spy Ring Used High-Tech Gadgets and Honey Traps for Russian Espionage, UK Court Hears: A Bulgarian spy ring allegedly working for Russia used video-recording glasses, airline databases, and honey traps to surveil journalists and dissidents across Europe in 2021–2022, with ties to ex-Wirecard COO Jan Marsalek, British prosecutors revealed. Find out more.

  • Russian Spy Ring Unveiled: A Norfolk-based Russian spy ring led by Orlin Roussev, involving Bulgarian operatives and ties to Chinese intelligence, used honeytraps, surveillance tech, and kidnapping plans while linking to broader Russian global espionage, including cyberattacks, political infiltration, and diaspora recruitment. Find out more.

  • Korean police Chief Reveals Location Tracking Requests for Key Politicians During Martial Law: Police Commissioner Cho Ji-ho testified that during the emergency martial law, the Counterintelligence Commander requested location tracking of key politicians, including Representative Lee Jae-myung, which he deemed illegal and refused to act upon, aligning with allegations made by a former intelligence official. Find out more. (.kr domain)

AI

  • OpenAI Updates: OpenAI plans to launch an autonomous agent next year capable of controlling browsers and computers, taking a step closer to AI personal assistants that can manage tasks like scheduling and booking. Meanwhile, OpenAI's recent partnership with the startup Anduril Industries focuses on the use of artificial intelligence for military purposes. Additionally, the company faces scrutiny over the timing of a “glitch” involving the erasure of evidence in a lawsuit.

  • US Department of Defense Invests in Deepfake Detection: The US Department of Defense has signed a $2.4 million contract with startup Hive AI to develop deepfake detection technology. This is the first contract of its kind for the DOD’s Defense Innovation Unit. 

SOCMINT

  • Meta Tests New Privacy Options for Instagram and Threads: Meta is trialing features to hide view counts on Instagram Reels and replies on Threads, giving users more control over their content visibility.

  • Snapchat Introduces Location Sharing for Family Center:Snapchat's Family Center now includes location-sharing features like live updates, travel notifications, and visibility into teens' location-sharing settings on Snap Map; location sharing remains off by default, limited to accepted friends, with added reminders to review choices.

OSINT

Manhom: Extensive Database of Arab Region Individuals
Manhom.com features a vast collection of profiles, including biographies and social media links, for over 240,000 people across the 🇦🇪🇱🇧🇾🇪🇯🇴. The platform also offers a unique feature to track updates on specific profiles.

Toolkit

Ransomware TTPs toolkit: Tactics, Techniques, and Procedures (TTPs) for several ransomware gangs was launched at https://www.ransomware.live/TTPs. These insights will help security professionals understand the behaviors and methods of these groups, enabling better detection and prevention strategies.

Tip

How to quickly find the manifest.json file of a Chrome extension:

The manifest.json file is the core configuration file for any Chrome extension. It includes metadata and permissions, helping Chrome understand how the extension functions.

Quick Tip to Access It:

  1. Go to chrome://extensions and find the extension ID.

  2. Use this format in your browser: chrome-extension://<ID>/manifest.json.

Why Analyze manifest.json?

  • Check the permissions requested by the extension and ensure it’s not asking for unnecessary access.

Google Updates

  • Google Messages Introduces Five New Security Features: Google Messages now offers enhanced protections, including scam detection for job and package scams, warnings for dangerous links, tools to block unknown international senders, sensitive content blurring for nudity, and contact verification to prevent impersonation.

  • New Google Ads Policy for Dating and Companionship (March 2025): Starting March 2025, Google will require advertiser certification for dating and companionship ads, alongside updates to the Inappropriate and Sexual Content policies. Full enforcement begins March 4, 2025.

  • Google Street View Maps London's Busiest Tube Stations: Transport for London (TfL) and Google have visually mapped 18 of the busiest tube stations, with 36 filmed over the past year. The process involves a person wearing a backpack containing 360-degree cameras walking down every corridor, escalator and platform in each station.

Bing Update

  • Bing removes cache link from search results following Google's lead: Microsoft has removed cache link support from Bing Search, following Google's similar move in February 2024, citing the evolution of the internet towards better reliability and the reduced usefulness of cached content.

Darknet

  • Technical Analysis - The Evolving Security Models of Darkweb Marketplaces: Explore how modern dark web marketplaces have evolved their security measures to outlast predecessors like Silk Road, employing innovative techniques such as JavaScript-free websites, PGP-based authentication, and advanced anti-phishing strategies to maintain anonymity and operational integrity.

  • Russian-Swedish National Sentenced for Laundering 1.2 Million Bitcoins Worth $400 Million on the Darknet: Roman Sterlingov, a Russian-Swedish national, has been sentenced for operating the darknet's longest-running Bitcoin laundering service, which processed nearly $500 million tied to crimes like drug trafficking, cybercrimes, and identity theft.

  • Darkweb Archives: All public/Privately leaked Darkweb Marketplace (DNM) Scripts, Source codes and information. This archive will be a place for researchers, law enforcemet and etc to study DNMs, Fraud Markets and Common Dark Web Scams without the need to venture to Tor/I2P to find them, do research and etc.

Upcoming CyberSec / OSINT Events

Free

  • 🎅 Advent of Code is an annual set of Christmas-themed computer programming challenges that follow anAdvent calendar. It has been running since 2015.

  • Bellingcat Open Source Challenge: Put your open source research skills to the test with Bellingcat's interactive challenges. Progressively unlock each challenge by completing the previous one or wait for timed access.

Other

  • 🎅Punk Security Limited has created an open-source advent calendar, where each day they introduce a new open-source project. Check out thecalendar.

Webinar

  • Operational CTI – Real-World Threat Preparedness
    Join Immersive Labs on Dec 17, 2024, at 7:00 AM PST to learn how they build labs for real-world threat readiness.