Shows
HAQ.NEWS2024-04-18 : Dial-Up : Matthew Hickey Hey! The other day I gave my good friend HackerFantastic call. We chatted a bit about his family and he also dropped a sweet war story. You should give it a listen! https://twitter.com/hackerfantastic https://hacker.house/ ps don't forget my daughter & I created a fun challenge where you can win a laptop. details -> https://haq.news/2024/04/12/ 2024-04-1811 min
HAQ.NEWS2024-04-11 : Daily : Gracie FolkinsA cybersecurity researcher, k0shl, discussed methods for exploiting a Windows telephony service issue, which could control memory wrongly. A malware called Nitrogen tricks users into downloading fake apps leading to ransomware but can be prevented with various strategies. On Reddit, there’s talk about the dangers of batch files in Windows due to argument escaping issues. The C2 Cloud project lets testers control compromised systems efficiently. A Proof of Concept showed a flaw in Jasmin Ransomware’s web panel, allowing unauthorized file access. Carlos Polop’s guide covers penetration testing extensively. Use Countik, an online tool, for analyzing TikTok...2024-04-1205 min
HAQ.NEWS2024-04-10 : Daily : Gracie FolkinsA cybersecurity researcher shares techniques for crafting XSS payloads through JavaScript event handlers and HTML entities to bypass WAFs. The SiCat tool hunts for security exploits using sources including databases like Exploit-DB. There’s a case study of a hacked Confluence server outlining the intruder’s steps, utilizing Unix logs and SSH brute force tactics. Shortemall automates finding content behind Short URLs, while Damn Vulnerable RESTaurant exists for training on API vulnerabilities. Techniques for XSS attacks by modifying code to evade filters are discussed. OSINT helps in phishing scams prevention and probes. Linux by Vikku offers resources for bug boun...2024-04-1105 min
HAQ.NEWS2024-04-09 : Daily : Gracie FolkinsIn this recent rundown CloudGrappler, a tool for finding threat data in cloud AWS/Azure, and GMER, which detects rootkits in Windows kernel, are highlighted for their importance in cyber security. A blog talking about Cobalt Strike, mentioning how its post-exploit toolkit can use the Community Kit’s scripts for updates.2024-04-1010 min
HAQ.NEWS2024-04-08 : Daily : Gracie FolkinsA Proof of Concept for CVE-2024-3273 shows how to hack into D-Link NAS devices, GDBFuzz improves testing for gadgets and stuff, and Genzai helps find weak spots in IoT things by checking out their dashboards and passwords. The ’nexus’ plugin for IP.Board had a bad security problem but got fixed, and now there’s another tool to break into those D-Link NAS devices using the CVE-2024-3273 weakness. Looking at JumpServer, there’s a couple of CVEs, CVE-2024-29201 and CVE-2024-29202, and you gotta update some things to stop hackers. ADOKit helps test Azure stuff, and DeWaterm...2024-04-0803 min
HAQ.NEWS2024-04-07 : Daily : Gracie FolkinsA cybersecurty hobbyist showed how to use vm2 JavaScript sandbox vulnerabilities to get into a Linux server, find a hash, and root access in a HackTheBox Codify challenge. Web cache issues, which can leak info, need careful monitoring; techniques like underscores in headers and fuzzing help prevent these attacks. The OSTE-Web-Log-Analyzer is a tool in Python for analyzing web logs to spot web attacks. C2 Cloud makes pentesting simpler with its web interface for handling backdoor sessions. To get Wi-Fi passwords from Windows after a breach, you need admin rights or the user’s context, and it’s suggested to n...2024-04-0804 min
HAQ.NEWS2024-04-06 : Daily : Gracie FolkinsToday, AttackGen is a cybersecurity tool for creating scenarios to test incident responses. A blog recommends more secure Wi-Fi password practices. There’s a GitHub Ansible playbooks for fixing a vulnerability CVE-2024-3094. An article offers a comprehensive guide to phishing investigations using Microsoft tools. White Knight Labs’ GitHub focuses on cyber operations tools. Cofense specializes in cyber threat training and detection. Rundll32.exe exploitation is tackled by Cybereason’s AI platform per another article. Bsides Cymru 2023 introduced a method for process injection without traditional threads. OffSec EXP-401 course gives insight into exploit development. Windows HOSTS file management is explai...2024-04-0705 min
HAQ.NEWS2024-04-05 : Daily : Gracie FolkinsIn a recent post, Incinerator was introduced as a tool for reversing engineering Android malware and for security audits on apps. Discussions on r/netsec highlighted "Gram", a web application for threat modeling that works alongside system inventories. Chiasmodon came up as a CLI OSINT tool helping hackers gather info on domains and expanding with features like facial recognition. Readers also learned about alternatives to Netcat like Rlwrap, Rustcat, Pwncat, and Windows ConPty shell for secure connections in penetration testing. Lastly, Tunnelmole was mentioned for safely sharing local servers with the internet.2024-04-0605 min
HAQ.NEWS2024-04-04 : Daily : Gracie FolkinsTechniques for stealing AD CS certificates include exporting and bypassing restrictions using tools like Mimikatz. DLL Proxy Loading is a method where an attacker substitutes a legitimate DLL with a fake one to execute malicious code. Secator is a tool that automates security assessments by integrating multiple security commands. ST Smart Things Sentinel is for IoT security, scanning for vulnerabilities and adding devices to a network for monitoring. Portr is an open-source tool for secure SSH tunneling. A privilege escalation bug in Microsoft Intune has been patched by Microsoft. Steganography is used to embed malicious shellcode into images to...2024-04-0403 min
HAQ.NEWS2024-04-03 : Daily : Gracie FolkinsVolWeb helps investigators extract data from memory images, simplifies forensics. LDAP Watchdog monitor changes in LDAP entries, slacks alerts, skips some attributes. CVE-2024-3094, a cybersecurity flaw, learned to detect xz backdoor, updating systems to keep safe. NetScout is a tool for OSINT to dig into URL-related data. Sophisticated UNAPIMON malware evades detection, suggesting better security steps. Root access on macOS gain by filesystem mount tweak now patched. OCEANMAP backdoor used by APT28, allows remote manipulation. Generate Cobalt Strike beacons on Linux with CrossC2. Hakoriginfinder figures original hosts behind proxies. Evilginx 3.3 works with GoPhish, improves phishing campaigns. PowerShell DFIR...2024-04-0406 min
HAQ.NEWS2024-04-02 : Daily : Gracie FolkinsA security engineer found two methods to bypass DOMPurify's protection by targeting how XML and HTML parsers work. The Drozer framework is used for testing Android app vulnerabilities, it's user-friendly and can be set up using Docker. It's important to check Active Directory admin groups to reduce risks. GitHub's xz-vulnerable-honeypot shows how to set up a honeypot detecting SSH attacks. AssetViz draws subdomains as a mind map for penetration testers. ChaiLdr repository helps avoid antivirus using shellcode loader techniques. Misusing the DLL Search Order can allow malware on Windows, so defenses are needed. An Android 14 kernel exploit affects Pixel...2024-04-0305 min
HAQ.NEWS2024-04-01 : Daily : Gracie FolkinsThe HEDnsExtractor tool helps cyber security folks by pulling out domains/IP networks that could be bad news. Sadly, there's a nasty bug CVE-2024-0204 in GoAnywhere Admin that lets sneaky folks make high-privilege accounts they shouldn't. For you tech heads, there's a guide to writing 64-bit Linux shellcode so you can say "Hello World" with your CPU. R2Frida is a cool thing mixing radare2 with Frida to tweak live processes. Gynvael Coldwind busted a sneaky attack hiding in xz/liblzma that messes with data and sneaks in a backdoor. DroidLysis speeds up reverse engineering for Android apps...2024-04-0105 min
HAQ.NEWS2024-03-31 : Daily : Gracie FolkinsKen Shirriff takes a dive into a military-grade chip to explore its gate array design and compares it with custom chips, outlining the costs and production differences. A cyber security fan uncovers how to hack into the Rebound box on HackTheBox with techniques that bump up privileges. Trail of Bits launches Ruzzy, a fuzzer to sniff out Ruby code bugs. "forensictools" toolkit makes a one-stop virtual spot for digital forensics, loaded with a bunch of analysis tools. An article unveils a hacking trick to mess with turnstiles using the Wiegand protocol. Lastly, C2 Tracker on GitHub keeps an eye...2024-03-3103 min
HAQ.NEWS2024-03-30 : Daily : Gracie FolkinsThis article teaches malware develpers how to dodge antivirus by changing NTFS attributes, in-memory tricks, digital certificates, and more, with tips for security pros. There’s updates on malware IOCs vital for knowing and stopping threats. Cloud_Enum looks for open cloud stuff on AWS, Azure, and others using keywords. Telerecon helps with Intel on Telegram, like scraping chats and seeing user links, but you need to set it up right. Awesome Cloud Security Labs has free security exercises for cloud tech. Netlas.io scans the internet for research and can spot industrial controls online needing better security. Backslash-powered-scanner fi...2024-03-3005 min
HAQ.NEWS2024-03-29 : Daily : Gracie FolkinsThis series helps with emulating IoT malware using Docker and Qiling. A pro explains using Velociraptor on VMware ESXi hypervisors for forensics. Security flaws in ChatGPT allow XSS attacks. A JavaScript file cleverly hides AsyncRAT deployment. There's a binary exploitation roadmap from basics through pwn.college. SARA teaches making Android Trojans. BruteUnpackage cracks compressed file passwords. Demonstrate elevated privileges with CVE-2024-1086 on Linux. CVE-2023-48788 exploit for Fortinet's FortiClient EMS is on GitHub. Understand Open Redirect vulnerability in IIS using JavaScript. CVE-2024-25153 proof-of-concept affects Fortra FileCatalyst Workflow. Xiaomi WiFi routers had security issues now fixed. A 64-bit...2024-03-2909 min
HAQ.NEWS2024-03-28 : Daily : Gracie FolkinsIn a recent blog post, a data-only exploitation technique has been discussed which affects the Linux kernel’s io_uring. The technique lets attackers control memory pages and escalate privileges without changing kernel code. Zero Day Engineering offers masterclasses in software vulnerability research and exploit development with resources from conferences. A security researcher showed steps for unpacking Agent Tesla malware, analyzing its stages, and decrypting the payload. Ryan Weil explained deobfuscating the control flow in Agent Tesla by creating a plugin for de4dot and restoring code readability. Frida is a toolkit for modifying how programs run across multiple op...2024-03-2804 min
HAQ.NEWS2024-03-27 : Daily : Gracie FolkinsA new exploit for local privilege escalation in Linux kernels (CVE-2024-1086) affects versions 5.14 to 6.6. A security flaw’s been found that let’s people get more access on Apple macOS systems by messing with file system mount options; it’s been fixed now. There’s this thing, ChromeKatz, that can grab cookies from Chromium browsers. AutoWLAN helps set up a mobile hotspot with a Raspberry Pi and lets people make it more secure. Matthew Alt showed how to mess with STM32F4 microcontrollers using EMFI. Agenda ransomware is hitting VMWare’s vCenter and ESXi servers hard with their new tricks...2024-03-2704 min
HAQ.NEWS2024-03-26 : Daily : Gracie FolkinsA vulnerability in JustSystems Ichitaro Word Processor was fixed after Cisco Talos reported it. Git-Rotate helps avoid IP detection on GitHub during password attacks. AzureNum gathers data on Microsoft Entra IDs. There's a way to disable Windows Defender by tweaking system permissions. An OS engineer explains overcoming a Linux kernel bug (CVE-2023-0461) using advanced hacking techniques. DynamicMSBuilder makes .NET builds unique to dodge security checks. Dropper on GitHub crafts risky Office docs. BlueSpy steals audio from Bluetooth gadgets without user permision. Radamsa tests program stability with bad data. "WhoIsWho" shows other ways to do "whoami" tasks. Chiasmodon is...2024-03-2605 min
HAQ.NEWS2024-03-25 : Daily : Gracie FolkinsCybersecurity AI Pentest Muse offers creative solutions for professionals, helping analyze code and craft payloads. Alisa Esage shares JIT engine and VM escape exploits on GitHub. unKover, a PoC anti-rootkit, detects malicious drivers using specialized techniques. A new malware analysis toolkit features 98 tools for various tasks, plus updates. DroneXtract analyzes data from DJI drones, including file parsing and telemetry. bootfuzz tests MBR-based system BIOS, requesting more tests on physical hardware. Octopii by RedHunt Labs scans for personal identifiable information using OCR and NLP technologies. Osintracker provides a browser-based tool for OSINT investigators. OffSec-Reporting by Syslifters enables cybersecurity report generation...2024-03-2503 min
HAQ.NEWS2024-03-24 : Daily : Gracie FolkinsKubesploit is a framework for attacking container environments, with modules for both exploits and defenses. Ken Shirriff explores the Intel 8088 prefetch system, which boosts performance by pre-fetching instructions. A cyber security tutorial demonstrates how to exploit a vulnerability in Metabase. The Sr2T tool converts security scan reports into readable formats. A new tool extracts URLs and paths from web pages, suggesting improvements for handling applications. Researchers exploit a Chrome vulnerability by manipulating heap allocation patterns. Olivier Laflamme’s blog teaches emulating IoT firmware using QEMU. Reverser_ai offers automated reverse engineering tools on consumer hardware. The rev.ng de...2024-03-2503 min
HAQ.NEWS2024-03-23 : Daily : Gracie FolkinsThe amazing nimvoke is a Nim library for safely doing indirect syscalls and making DInvoke style delegate declarations, with examples shown for use in Nim projects. Skytrack is a Python tool for tracking planes using public data, creating PDFs about them, plus a feature to convert tail numbers and ICAO codes. A security researcher found a bug to listen in on Bluetooth speakers with Just Work pairing, tested with nRF Connect app. NetSoc_OSINT by XDeadHackerX can get info from social networks without needing an account or API. Testing file upload vulnerabilities includes several advanced methods like checking PHP f...2024-03-2305 min
HAQ.NEWS2024-03-22 : Daily : Gracie FolkinsToday’s cybersecurity updates cover a range of topics, starting with techniques for SMB enumeration. WebSockets face risks from CSWSH, and there’s a keylogger that uses DNS tunneling for data exfiltration. GitHub now offers code scanning autobix, while a Chrome vulnerability (CVE-2023-3079) threatens JavaScript engine security. "asploit" emerges as a new tool for server-side backdoors, and "Bob the Smuggler" adeptly hides malicious payloads using HTML Smuggling. OSTE-Meta-Scanner scans for web injection flaws, and Attacknet challenges blockchain nodes. Abusing DACL for domain control is explained, and Hadess enlightens on cybersecurity. Rembg handles background removal in images. Wigle.net help...2024-03-2307 min
HAQ.NEWS2024-03-21 : Daily : Gracie FolkinsAt SpecterOps, they found that Microsoft Exchange Server might lead to domain control attacks due to permission setups in Active Directory, unless mitigated by splitting permissions or restricting Exchange’s rights. MultiDump is a new tool avoiding Windows LSASS memory dump detection with encryption and requires updated parsing tools. Another article showcases how to exploit Android Jetpack Navigation to access any app fragment. Guillaume Caillé describes bypassing ‘Loader Lock’ by DLL side-loading differently. Microsoft’s PyRIT helps identify risks in generative AI, while OWASP OFFAT tests APIs for vulnerabilities. Tutorials and tools are discussed for IP search engines and Extractif...2024-03-2106 min
HAQ.NEWS2024-03-20 : Daily : Gracie FolkinsTechniques for discreetly loading DLLs using Windows Thread Pool API's and exploiting Windows kernel vulnerabilities through ROP chains are explained. Clément Amic focuses on exploiting Java deserialization flaws, and the GAP-Burp-Extension helps with fuzzing web apps. Learn a Direct Pointer execution method for shellcode, and check out RustRedOps, a Rust-based repository for Red Team tools. GitAlerts aids in monitoring sensitive files on GitHub, while an exploit, CVE-2023-6241, is out for bypassing memory protections on Pixel 8. Tips for preventing secrets leaks in Docker images, detecting yellow tracking dots with Dotspotter, and exploiting facial recognition systems are discussed. Emora e...2024-03-2005 min
HAQ.NEWS2024-03-19 : Daily : Gracie FolkinsToday, Trail of Bits releasing weAudit, which helps with code auditing in VSCode. There's a tool called Instagram User ID Finder for users to find Instagram IDs without logging in. The site Kontragenta.net offers a database for verifying information about legal subjects and others. Various OSINT tools are listed for cyber intelligence like search engines, and domain info. A text talks about a free phone number search tool for investigating numbers. An expert released a kernel exploit analysis for Android 14 on Google Pixel devices. Geowifi helps find WiFi networks by BSSID/SSID. ShodanX is a cybersecurity tool for...2024-03-1906 min
HAQ.NEWS2024-03-18 : Daily : Gracie FolkinsToday, MapXplore is a tool that improts data from sqlmap to PostgreSQL or SQLite, makin it easer for searching and managing information. linWinPwn is a bash script for auditing and penetration testing Active Directory on Linux systems. There’s a new set of proof-of-concept modules for Windows OS kernel-mode rootkit techniques, focusing on various methods and compatible with 64-bit Windows 10 post the 2004 update. luijait created DarkGPT, an AI-based Open Source Intelligence tool that uses GPT-4-200K to spot compromised databases, needing Python 3.8. DNS-Tunnel-Keylogger is for sending keystrokes via DNS tunneling from a compromised system to an attacker server. Wa...2024-03-1803 min
HAQ.NEWS2024-03-17 : Daily : Gracie FolkinsIn a recent hacking challenge, participants aim to gain unauthorized administrative access on a Windows domain using various cyber-attack methods. Dorkish is a Chrome extension aiding in OSINT for better reconnaissance with custom search queries. An article explains advanced malware development techniques for executing malicious code stealthily by exploiting Windows features. LLM4Decompile is a new tool using language models for decompiling binary code for improved cybersecurity analysis. Shelter technique conceals payloads in memory using ROP-based obfuscation and encryption. AttackGen assists organizations in testing incident response via customizable scenarios. DirDar finds restricted web directories, and Backup-Finder for Burp Suite...2024-03-1702 min
HAQ.NEWS2024-03-16 : Daily : Gracie Folkins The International Monetary Fund's email system was hacked and they're looking into it but no other part of the system is in trouble. BunnyLoader 3.0 malware can steal logins and act like it's not bad stuff. The U.S. Department of Justice grabbed $2.3 million in cryptocurrency from Binance for a scam. Aylo Global Entertainment stopped people in Texas from going to PornHub and wants a new way to make sure users are old enough. Some guy from Moldova got in trouble for 42 months cause he ran a bad site named E-Root. IT helpdesk folks are being tricked by hackers...2024-03-1606 min
HAQ.NEWS2024-03-15 : Daily : Gracie FolkinsThe Tor Project made WebTunnel to help people avoid internet blocks. Cryptocurrency services share tools for secret money stuff. Google Chrome is fighting off bad websites now. There's trouble with eSIM swapping hurting bank safety. Mikhail Vasiliev got caught and is in jail now. A big problem happened with France Travail, showing a lot of people's personal info. Restoro and Reimage have to pay a lot for making mistakes. Microsoft's new thing, Copilot for Security, is supposed to protect computers better.2024-03-1506 min
HAQ.NEWS2024-03-14 : Daily : Gracie FolkinsResearchers from Salt Labs discovered critical vulnerabilities in ChatGPT and GitHub, leading to rapid resolutions. A high-severity flaw in Kubernetes (CVE-2023-5528) demands urgent patching for Windows nodes. Henry Onyedikachi Echefu's involvement in a $6 million BEC scam underscores the FBI's warning about rising BEC losses. PixPirate Android malware targets Brazil's Pix payment platform by avoiding launcher icon detection. BlackCat ransomware's suspected exit scam follows the Change Healthcare data leak. Amidst cyberattacks, Microsoft's March 2024 Patch Tuesday addressed 60 security issues, and ZeroFox introduced an EASM service with threat intelligence. Major breaches and cybersecurity incidents continue to challenge global security efforts.2024-03-1403 min
HAQ.NEWS2024-03-13 : Daily : Gracie FolkinsSiemens urges updates for fire protection system vulnerabilities, posing remote attack risks. GitGuardian report reveals 12 million secrets exposed on GitHub, notably in IT and education. A breakthrough 3D nanoscale optical disk promises revolution in data storage. FortiGuard Labs unveils a complex Java-based RAT phishing campaign. Techniques discovered for bypassing AI restrictions, raising security concerns. EquiLend and Leicester City Council experience cyberattacks, while a WordPress plugin flaw and D-Link router vulnerability pose widespread threats. South Korean national arrested in Russia for cyber espionage, and a former Google engineer in the US for stealing tech secrets.2024-03-1305 min
HAQ.NEWS2024-03-12 : Daily : Gracie FolkinsRoku experienced a data breach affecting over 15,000 customer accounts, leading to fraudulent activities. The Cybersecurity and Infrastructure Security Agency (CISA) faced a breach from Ivanti product vulnerabilities. A counterfeit Leather wallet app was implicated in cryptocurrency theft and removed from the Apple App Store. QNAP addressed security flaws in NAS devices, and a banking trojan called CHAVECLOAK targeted Brazilian users, underscoring the urgency of robust cybersecurity measures. Paysign investigates a data breach potentially impacting 1.2 million records. New sanctions target individuals associated with Intellexa Consortium's Predator spyware.2024-03-1203 min
HAQ.NEWS2024-03-11 : Daily : Gracie FolkinsThe Magnet Goblin group exploits vulnerabilities to install malware on systems, urging the adoption of patches and security measures like network segmentation. A notable exploit involves a vulnerability in the Popup Builder plugin for WordPress, risking over 3,300 websites. The cryptocurrency sector faces attacks exploiting smart contract flaws, resulting in significant losses mitigated by token burns and bounties. Acuity Inc. suffered a data breach, leaking sensitive federal information for $3,000 in Monero. Canva reported vulnerabilities affecting font security, recommending sandboxing and patching. In 2015, 000webhost experienced a data breach, exposing 15 million records.2024-03-1103 min
HAQ.NEWS2024-03-10 : Daily : Gracie FolkinsThe Fortinet FortiOS vulnerability CVE-2024-21762 threatens 150,000 devices, requiring updates for mitigation. Microsoft strengthens security after Russian hackers exploit an old account. Hacker Ebrietas in the USA earns rewards for exposing T-Mobile flaws. South Korea's National Police Agency creates a tool to detect deepfakes with 80% accuracy, enhancing election security. Security vulnerabilities identified in video doorbells, QNAP NAS systems, and Canon printers necessitate firmware updates. A new Google Chrome extension monitors extension ownership changes. The Have I Been Pwned API helps check for personal data breaches. NUKEMAP visualizes nuclear detonations' impacts. Magnet Goblin cybercrime group leverages malware in attacks.2024-03-1004 min
HAQ.NEWS2024-03-09 : Daily : Gracie FolkinsA malware campaign called Balada Injector exploits a vulnerability in the Popup Builder WordPress plugin, impacting over 3,300 sites, preventable by updating the plugin. HKCERT warns of increased phishing in Hong Kong. Magnet Goblin targets Ivanti VPN and Magento servers using NerbianRAT malware. Rhysida's ransomware attack on Lurie Children's Hospital in Chicago involved data theft. pgAdmin addressed a critical vulnerability in version 8.4. Midnight Blizzard, a Russian group, stole Microsoft's source code. Meta plans interoperability for its messaging services, aligning with the EU's Digital Markets Act.2024-03-0905 min
HAQ.NEWSDial-Up : Jack RhysiderJared Folkins calls up Jack Rhysider. He asks him about his Dad, CactusCon, and if Jack has any advice for job seekers in this difficult job market.2024-03-0811 min
HAQ.NEWS2024-03-08 : Daily : Gracie FolkinsIn the news, the Xunlei Accelerator app, deemed a security threat, contains outdated elements leading to potential system breaches. TA4903, disguising as U.S. agencies, uses QR codes in BEC attacks, while compromised WordPress sites spread bruteforcing scripts, indicating strategic shifts. Tycoon and Storm-1575 target U.S. schools with advanced phishing; the Bifrost Trojan attacks Linux users through typosquatting. Cisco, Qualcomm, Microsoft, and Veritas address significant vulnerabilities. The Play ransomware group, JetBrains TeamCity, and Northeast Orthopedics face data breaches, alongside millions of Glosbe and Tesla users. North Korean hackers deploy ToddlerShark malware, and various entities face increased cyber threats...2024-03-0805 min
HAQ.NEWS2024-03-07 : Daily : Gracie FolkinsIn the news, Chinese state-sponsored hackers executed the Volt Typhoon cyber intrusion, revealing significant U.S. infrastructure vulnerabilities. Fidelity Investments notified customers of a potential data breach due to a LockBit ransomware attack. The EU mandated Apple to fix two critical iOS vulnerabilities. Amidst escalating cyber threats, Canada's FINTRAC and Duvel Moortgat Brewery faced significant cyberattacks. Globally, companies and governments are being urged to enhance cyber defenses and patch vulnerabilities to combat sophisticated cyber-espionage and ransomware campaigns.2024-03-0704 min
HAQ.NEWS2024-03-06 : Daily : Gracie FolkinsMicrosoft is engaging in archival storage research for cloud-scale data preservation, focusing on DNA and silica media. Dataplane.org reports a new DNS scanning technique called Destination-Adjacent Source Address Spoofing since August 2023, possibly originating from China. The BlackCat ransomware group appears to have conducted an exit scam. A retired US Army Lieutenant Colonel is charged for allegedly transmitting classified information on a dating app. The RA World ransomware group uses leaked Babuk source code for cyberattacks. Meta Platforms faced a global outage affecting multiple services, with no official explanation provided. QEMU vulnerabilities are being exploited by attackers to create...2024-03-0605 min
HAQ.NEWS2024-03-05 : Daily : Gracie Folkins The ALPHV/BlackCat ransomware group's site disappeared after claiming an attack on Change Healthcare, which affected prescription services, while Russian operatives recorded a German military Webex conversation about Ukraine's missile strategies, leading to a German investigation. The European Commission fined Apple $1.95 billion for anti-competitive App Store practices, which Apple will contest. WordPress plugin users were alerted to a Godzilla Web Shell exploit, advised to update systems. Hikvision patched two vulnerabilities in HikCentral Professional, recommending software updates. Georgia Tech researchers developed malware that could attack logic controllers like Stuxnet via web APIs. Ukraine claimed hacking Russia's Ministry of D...2024-03-0503 min
HAQ.NEWS2024-03-04 : Daily : Gracie FolkinsRecent discoveries reveal critical vulnerabilities in Eken and Tuck's doorbell cameras, leading to unauthorized access and resulting in some retailers offering refunds and discontinuing sales. Additionally, cybersecurity specialists have identified unconventional breach methods used by Red Teams and criminals, such as USB drops, mailed compromised devices, attacks on port authorities, drone-based strategies, insider schemes, and exploiting weak drivers for initial access. The 6th Edition of the Hacker Powered Security Report also sheds light on modern penetration testing, comparing traditional Penetration Testing as a Service (PTaaS) with automated approaches, focusing on their efficiency, quality, and overall worth.2024-03-0402 min
HAQ.NEWS2024-03-03 : Daily : Gracie FolkinsPhishing campaigns target FCC and crypto firm employees with CryptoChameleon, leading to over 100 breaches. An Indian content farm mimics news outlets to push gambling and crypto scams. Hikvision and Ivanti Pulse Secure address critical vulnerabilities. U.S. cybersecurity agencies alert on Phobos ransomware. NSO Group is compelled to share Pegasus source code with Meta. ConnectWise ScreenConnect and SolarWinds fix severe exploits. McAfee Labs highlights malware in PDFs, and Shodan scans for internet-connected devices.2024-03-0404 min
HAQ.NEWS2024-03-02 : Daily : Gracie FolkinsIn the news, the UnitedHealth Group and Change Healthcare reported cyberattacks by the ALPHV/Blackcat ransomware gang, affecting healthcare services. CutOut.Pro refutes a data breach claim despite evidence. Anurag Sen exposed a leak from YX International, risking two-factor codes. Fulton County and Houser LLP are addressing separate security incidents. The U.S. Commerce Department investigates auto cyber risks, while Golden Corral faces a breach lawsuit. CryptoChameleon targets crypto platforms, with increased security advised.2024-03-0204 min
HAQ.NEWS2024-03-01 : Daily : Gracie FolkinsAnd in the news, GitHub has introduced default push protection to enhance security against data leaks in public repositories. The ASIO director of Australia highlighted increasing cyber threats to infrastructure, notably from nation-state espionage. Infoblox exposed the Savvy Seahorse phishing campaign, leveraging social media for fraud. Cutout.Pro addressed a data breach impacting 20 million users. Citrix and Sophos encountered leap year bugs, disrupting services. Pepco Group lost $17 million due to a sophisticated phishing attack, prompting a security overhaul. Ivanti faced attacks by UNC5325, linked to China, necessitating patches. The Silver SAML attack threatens identity systems, countered by Entra ID...2024-03-0103 min
HAQ.NEWS2024-02-29 : Daily : Gracie FolkinsIn the news, Microsoft warns of an exploited Windows Kernel issue (CVE-2024-21338). The BlackCat/ALPHV ransomware group attacked Change Healthcare, stealing data. SpikedWine targeted EU diplomats with "WineLoader" malware. Epic Games denies server breach by Mogilevich group. Palo Alto Networks faces a lawsuit over forecasts. North Korea's Lazarus hackers exploited a patched Windows AppLocker flaw. The US restricts Sandvine and Chengdu Beizhan Electronics for surveillance and nuclear roles. Cencora reports a data breach. The Iranian UNC1549 group targets aerospace for espionage. Japan's CSIRT warns of 'Comebacker' malware in PyPI packages. Russian hackers attack Ubiquiti EdgeRouters. Cisco Talos finds...2024-02-2904 min
HAQ.NEWS2024-02-28 : Daily : Gracie FolkinsIn the news, businesses are adopting automated AI fraud detection and real-time monitoring. Importance is given to phone number analysis and IRBIS People Search for security intelligence. ESPY Ltd emphasizes fraud prevention through telecom data and two-factor authentication. PCI DSS 4.0 standards will mandate web application firewalls by March 2025. Recent threats include Google OAuth2 exploits, UAC-0099 cyber attacks, and WinRAR vulnerabilities. Reports highlight increasing malware and phishing, with recommendations for fundamental security practices and memory-safe programming for reducing vulnerabilities.2024-02-2903 min
HAQ.NEWS2024-02-27 : Daily : Gracie FolkinsIn cryptocurrency news there is upheaval with a gambling platform rug pull, significant financial losses from various attacks, and the revelation of an Australian's disappearance post-bank error. In cybersecurity, the BitForex platform is under scrutiny for a possible exit scam, while the Aleo blockchain and Tornado Cash encountered data and code breaches respectively. Additionally, the South African parliament suffered a data leak, and new malware, "Angel Drainer," targets cryptocurrency users. Security research highlights browser vulnerabilities, and Microsoft exposes a critical Windows flaw. In lighter news, FunnyPlaying's FPGBC Kit brings nostalgia with a modern twist on the Game Boy Color.2024-02-2703 min
HAQ.NEWS2024-02-26 : Daily : Gracie FolkinsIn the news, research by Lab52 unveils efforts by the Turla group with a modified Kazuar trojan. PayPal targets stolen super-cookies threats. Axie Infinity's Jeff Zirlin and wallets face crypto-theft, highlighted by PeckShield. The LockBit group threatens with new FBI material leaks. A critical SQL Injection flaw in WordPress's Ultimate Member plugin demands updates. The RCMP combats a cyberattack aftermath, while ConnectWise ScreenConnect users must upgrade due to severe exploits.2024-02-2603 min
HAQ.NEWS2024-02-25 : Daily : Gracie FolkinsA Russian national is on trial for a cyberattack on a power grid that led to a blackout in 38 villages. North Korean hackers infiltrated the Russian Ministry of Foreign Affairs using KONNI malware. Sony's Insomniac Games alerts employees to a data breach by Rhysida ransomware group. The FTC sues H&R Block for deceptive free online filing ads. LAX airport's database was compromised by IntelBroker, exposing 2.5 million records. The LockBit ransomware group has extorted over a billion dollars, with authorities disrupting their operations. Microsoft releases PyRIT for AI systems security testing. Australian telecom Tangerine discloses a breach affecting 230,000 users...2024-02-2605 min
HAQ.NEWS2024-02-24 : Daily : Gracie FolkinsIn the news, US companies face fines for not adhering to SEC's cybersecurity disclosure rules, urging improved incident responses. Research indicates GPT-4 could autonomously execute website exploits, highlighting AI security risks. Avast is fined $16.5 million by the FTC for unsanctioned data sales, necessitating a new privacy framework. Law enforcement disrupts the LockBit ransomware group, seizing $110 million. A compromised Python package led to a supply chain attack, while Malawi's government and ConnectWise ScreenConnect combat separate cybersecurity incidents. U-Haul's data breach impacts 67,000 customers, and Optum confronts a cyberattack suspected from nation-state actors.2024-02-2500 min
HAQ.NEWS2024-02-23 : Daily : Gracie FolkinsAnd in the news a critical vulnerability in the Spring Framework (CVE-2024-22243) could lead to serious security breaches, urging updates. Threat actors exploit flaws in VMware, Microsoft Exchange, and Cisco, with law enforcement targeting groups like LockBit. The 8220 Gang targets cloud infrastructure, and I-Soon, a Chinese firm, faces a data leak. Users should utilize tools like Tor.taxi for dark web safety and be wary of TeaBot trojan infections from the Google Play Store. Updates are crucial for ConnectWise ScreenConnect vulnerabilities (CVE-2024-1708, CVE-2024-1709).2024-02-2402 min
HAQ.NEWS2024-02-22 : Daily : Gracie FolkinsToday in the news, critical security issues include an authentication bypass vulnerability in ConnectWise ScreenConnect, requiring immediate updates. Two individuals were convicted for mail fraud involving counterfeit iPhones. Apple enhances iMessage encryption with PQ3 to combat future quantum attacks. GDPR impacts lead to significant data storage and processing reductions in Europe. A scam with a fake Exodus cryptocurrency wallet resulted in substantial Bitcoin theft. North Korean group Lazarus targets security researchers via LinkedIn. Dancho Danchev exposes LockBit ransomware associate. Cado Security identifies a malware campaign, Commando Cat, targeting Docker APIs. An SQL Injection vulnerability was found in the AI C...2024-02-2203 min
HAQ.NEWS2024-02-21 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 21st, 2024, and you are listening to Hack News Daily. An employee at the Stratford-on-Avon District Council misused their access to steal 79,000 email addresses to promote a private business. This action resulted in a police caution and led the council to implement data breach resolution measures. A report highlights that up to 275 credit unions using CU Solutions Group's content management system were at risk. They were vulnerable to account takeover and credential theft due to critical vulnerabilities. However, these have been mitigated by an update, and the implementation of mu...2024-02-2105 min
HAQ.NEWS2024-02-20 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 20, 2024, and you are listening to Hack News Daily. First up, a big cyber incident in Romania: the Backmydata ransomware has hit multiple hospitals, locking up their systems. Security experts recommend using Check Point Harmony Endpoint and running the latest updates from Microsoft and Adobe to stay safe. And remember, with Valentine’s Day just past, cyber threats are on the rise, so stay vigilant. In the United States, Infosys McCamish Systems reported a breach affecting over 57,000 people, with Social Security numbers leaked. If you're affected, you might be elig...2024-02-2004 min
HAQ.NEWS2024-02-19 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 19, 2024, and you are listening to Hack News Daily. Cybersecurity updates are critical, and here's what's happening in the world of cyber safety: Cybersecurity firm ESET has released patches for a significant vulnerability, known as CVE-2024-0353, affecting various Windows security products. This is a high-severity local privilege escalation issue. It's important for users to update their systems immediately to avoid potential abuse by attackers. In other news, multiple Apple Watch Ultra 2 users have reported unauthorized remote access attempts. These incidents led to devices acting on their own, entering in...2024-02-1902 min
HAQ.NEWS2024-02-18 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 18, 2024, and you are listening to Hack News Daily. In our cybersecurity roundup today, Google Chrome is stepping up its game with a new feature called "Private Network Access protections". This is designed to keep your internal network devices safe from public website exploits by checking connectivity requests more thoroughly. For those interested in the technical details, the process involves CORS-preflight requests, which might block suspicious attempts. A serious warning for Microsoft Outlook users: A flaw dubbed MonikerLink, identified as CVE-2024-21413, could let bad actors run unauthorized code or...2024-02-1804 min
HAQ.NEWS2024-02-17 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 17th, 2024, and you are listening to Hack News Daily. First up, an Enea report uncovers the 'MMS Fingerprint' attack by NSO Group, which sneaks into WhatsApp to gather information on your phone without you doing anything. It's like a reminder that even our messages need strong guards. In other news, Vyacheslav Igorevich Penchukov, a cybercriminal from Ukraine, could face up to 40 years in prison for his role in the Zeus and IcedID banking malware, causing lots of trouble and financial losses. The U.S. Cybersecurity and In...2024-02-1704 min
HAQ.NEWS2024-02-16 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 16th, 2024, and you are listening to Hack News Daily. In today's update, the FBI has taken action against a group of hackers from Russia by stopping a harmful program on certain internet routers. They advise everyone with these routers to reset them and pick new passwords to stay safe online. The U.S. State Department is offering a reward of up to $15 million for information that helps catch members of a notorious hacking group responsible for stealing over $300 million worldwide. A major flaw named "KeyTrap" could have caused big pr...2024-02-1603 min
HAQ.NEWS2024-02-15 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 15th, 2024, and you are listening to Hack News Daily. In today's cyber news, the PlayDapp gaming platform experienced a major security issue when an unauthorized person created 1.79 billion PLA tokens. This happened because they got hold of a private key they shouldn't have. The company has stopped all transactions and asked exchanges to block the hacker's wallets to fix the problem. Meanwhile, Zenlayer, a company that handles lots of internet data, accidentally left a huge amount of information unprotected online. This mistake exposed 380 million records, but the good ne...2024-02-1502 min
HAQ.NEWS2024-02-14 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 14th, 2024, and you are listening to Hack News Daily. First up, there's a new vulnerability that was used by hackers to sneak past Microsoft Defender SmartScreen. This vulnerability was exploited to distribute a harmful malware called DarkMe, targeting financial traders. But don't worry, this has been patched, and if you're using Trend Micro solutions, you're already protected against it. For Bank of America customers, there's an important update. A third-party provider, Infosys McCamish Systems, was hacked, and personal information like names, Social Security numbers, and financial details were ac...2024-02-1402 min
HAQ.NEWS2024-02-13 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 13th, 2024, and you are listening to Hack News Daily. Let's dive into the latest in cybersecurity. This week, we've seen quite a bit happening across the globe. First off, a major labor union, SEIU, faced a ransomware attack. Meanwhile, Hyundai Motor Europe also experienced a cyber-attack. Two US insurance firms were hit by SIM swap breaches, and over in France, there's been a massive data compromise affecting health insurance. Looking at international espionage, Chinese hackers have been spying on Dutch Defense. Back in the US, Pennsylvania's court system wa...2024-02-1302 min
HAQ.NEWS2024-02-12 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 12th, 2024, and you are listening to Hack News Daily. In our top story today, ExpressVPN, a tool many people use to keep their internet activity private, fixed a problem where some private information could accidentally get out when certain settings were used on Windows computers. They're advising everyone to update their software to version 12.73.0 or change the settings to avoid this issue. It's a good reminder of why keeping our software up to date is important for staying safe online. Moving on, Google Chrome, the web browser that lo...2024-02-1202 min
HAQ.NEWS2024-02-11 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 11th, 2024, and you are listening to Hack News Daily. First up, big news for anyone with insurance through Washington National or Bankers Life. Over 66,000 customers got caught in a net of trouble because of something called SIM-swapping attacks. This sneaky trick lets hackers take over your phone number to get at your personal info. The companies are digging into what happened and suggesting everyone use extra security, like authentication apps, to keep safe. Next, there's a shadow moving across the internet, targeting small office and home office devices wo...2024-02-1103 min
HAQ.NEWS2024-02-10 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 10th, 2024, and you are listening to Hack News Daily. Today, we've got some interesting updates from the world of cybersecurity. First up, U.S. law enforcement has made a big move against the KV-botnet, a group of compromised routers used by hackers sponsored by China. They've managed to disrupt its operations, which is a big win for internet safety. But, the hackers are already trying to come back with new tactics, so it's important for everyone to keep their devices updated and secure. In other news, there's a ma...2024-02-1002 min
HAQ.NEWS2024-02-09 : Daily : Gracie FolkinsI’m Gracie Folkins, today is February 9th, 2024, and you are listening to Hack News Daily. Today, we’ve got a roundup of some serious cyber news you'll want to know about. First off, the U.S. State Department is taking a stand against cybercrime, offering a reward of up to $10 million for info on the Hive ransomware group's leaders. This comes after the FBI managed to sneak into their network, saving potential victims over $130 million in ransom payments. In the world of malware, there's a new variant of XLoader targeting Android users. It kicks into...2024-02-0904 min
HAQ.NEWS2024-02-08 : Daily : Gracie Folkins I'm Gracie Folkins, and this is Hack News Daily for February 8th, 2024. Leading today's cybersecurity developments, Google is enhancing its malware defense strategy in Singapore by trialing a security feature designed to prevent the installation of sideloaded Android apps that request high-risk permissions. This initiative seeks to minimize the risk of financial fraud and the dissemination of malware via third-party app installations. In cybercrime news, the breach of the Russian cybercrime forum Mazafaka has exposed its founder, identified as a lawyer with ties to Russia's GRU. This individual is accused of providing cybercriminals with advice...2024-02-0803 min
BrakeSec Education Podcast2020-013- part 2, education security, ransomware, april mardock, Nathan McNulty, and Jared folkinsApril Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District OpSecEdu - https://www.opsecedu.com/ Slack https://www.a4l.org/default.aspx https://clever.com/ BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) https://www.k12cybersecurityconference.org/ https://acpenw.sched.com/ Bypassing s...2020-04-071h 02BrakeSec Education Podcast2020-012-April Mardock, Nathan McNulty, Jared Folkins, school security, ransomware attacksApril Mardock - CISO - Seattle Public Schools Jared Folkins - IT Engineer - Bend La Pine Schools Nathan McNulty - Information Security Architect - Beaverton School District OpSecEdu - https://www.opsecedu.com/ Slack https://www.a4l.org/default.aspx https://clever.com/ BEC - https://www.trendmicro.com/vinfo/us/security/definition/business-email-compromise-(bec) https://www.k12cybersecurityconference.org/ https://acpenw.sched.com/ Bypassing...2020-03-2948 min
CyberSpeaksLIVEKushtaka: High-Fidelity Sensors for Under-Resourced Blue TeamsThis week we are joined by Jared Folkins (@JF0LKINS) as he introduces us to his open source honeypot sensor system, Kushtaka, that helps you detect cyber attackers before they become entrenched.Jared will be joined by Nathan McNulty (@nathanmcnulty), to give his firsthand account of using Kushtaka in production.This week we also introduce a new segment where we'll be highlighting a non-profit charity or upcoming conference each episode. This week we'll be talking with wirefall, founder of @Dallas_Hackers and board member @BSidesDFW.About Jared:After surviving the dot-com crash...2020-02-2058 min
Getting Into InfosecBONUS - CliffsNotes To The First 20 Episodes!Having completed 20 episodes, I decided to take a moment to go over each episode briefly.
Thanks to call my guests!
Ep01 - Dan Borges: https://twitter.com/1njection
Ep02 - 0daySimpson: https://twitter.com/0daySimpson
Ep03 - Christina Hanson
Ep04 - Matt Toth: https://twitter.com/willhackforfood
Ep05 - Rob Carson: https://twitter.com/robcarson05
Ep06 - Robin Stuart: https://twitter.com/rcstuart
Ep07 - Clay Wells: https://twitter.com/ttheveii0x
Ep08 - Elvis Chan: https://twitter.com/FBISanFrancisco
2019-04-2730 min
Getting Into InfosecJared Folkins - 18 YRO Manager To Education Security To Human HeroJared Folkins understands people, technology, and the world around him. He can smell a toxic environment from a mile away and has used that EIQ spider-sense for good. Jared shares with us some VERY personal stories (tear-jerker warning!) in integrity and life decisions as well a bunch of on-the-job war stories, including a famous one featured in the news! This is probably my most dramatic episode yet.
Notes:
At 18, he got promoted to manage a team of 50 because he wasn't lazy.
In hindsight, he was able to see indicators of the dot com...2019-04-0354 min