VayFul Security - September 03 2024

Hi all!

Welcome back, here is your dose of VayFul Security, a list of what we are enjoying…

📰 SECURITY BYTES

State-backed Attackers and Commercial Surveillance Vendors Repeatedly Use The Same Exploits - Google's Threat Analysis Group (TAG) raises concerns about a disturbing trend. TAG has observed state-backed attackers utilizing exploits previously associated with commercial surveillance vendors like NSO Group and Intellexa. This tactic involves deploying the same vulnerabilities against targets, blurring the lines between traditional espionage and commercially-driven cybercrime. #cybercrime #cyberespionage #ios #chrome #exploits #APT29

North Korean Threat Actor Citrine Sleet Exploiting Chromium Zero-day - Microsoft has issued a security alert regarding a recent attack campaign by the North Korean threat actor group, Citrine Sleet. The attackers exploited a previously unknown vulnerability (zero-day) in the Chromium browser (used by Chrome and other browsers) to gain remote access to targeted systems. #chromium #0day #cyberattack

Rocinante: Mobile Trojan-horse Targeting Brazilian Banks with Phishing and Remote Access - Threat researchers have identified a new Trojan malware dubbed "Rocinante" specifically targeting Brazilian banking institutions. Rocinante employs a combination of tactics like keylogging, phishing attacks, and remote access sessions to steal sensitive information from infected devices. #mobile #trojan #malware #phishing #attacks

Zero-Day Exploit Targets Versa Director, Lumen Warns of Ongoing Campaign - Lumen highlights a zero-day exploit targeting Versa Director, a widely used software-defined wide area network (SD-WAN) platform. Black Lotus Labs, Lumen's security research team, identified and reported the vulnerability (CVE-2024-39717) affecting all Versa Director versions before 22.1.4. #0day #exploits #sd-wan

Beware the Unpatchable: Corona Mirai Botnet Spreads via Zero-Day - Akamai SIRT report reveals a concerning attack campaign. A Mirai botnet variant, dubbed "Corona Mirai," is exploiting a zero-day vulnerability (CVE-2024-7029) to infect AVTech CCTV cameras. This vulnerability allows remote code execution with elevated privileges, potentially granting attackers full control of compromised devices. #cctv #cameras #mirai #botnet #rce

🔥 INTERESTING WRITEUPS

CVE-2024-7347: Buffer overread in the ngx_http_mp4_module - [2142$ Bounty]

SSRF when configuring Website Backup on Acronis Cloud -  [500$ Bounty]

📝 BLOGS & ARTICLES

Identification Of Malicious Extension - Researchers from Jupresear have developed a novel approach to identify malicious browser extensions. Their work,outlined in a recent post, focuses on analyzing extension behavior to uncover red flags indicative of harmful intent. #reverse-engg #malicious #crypto #extension #analysis

How Reverse Engineering Saved Me ~87% Cost on Car Mods! - The author describes how they utilized reverse engineering to achieve desired car modifications at a fraction of the cost. By understanding the underlying software and hardware of their vehicle, they were able to modify it themselves, saving a staggering 87% compared to conventional methods. #car #software #reverse #engg

Bypassing Airport Security via SQL Injection - Carroll suggests a potential vulnerability in the process that allows pilots and flight attendants to bypass airport security screenings. His analysis focuses on the employment status verification aspect of the KCM process, which might be susceptible to SQL injection attacks. #airport #security #bypass #sql #injection 

False File Immutability: A New Class of Windows Vulnerabilities - Elastic Security Labs unveils a novel class of Windows vulnerabilities dubbed "False File Immutability (FFI)." This vulnerability exploits incorrect assumptions about file immutability, allowing attackers to bypass security measures and potentially gain unauthorized access to critical system resources. #windows #vulnerability #unauthorized #access

Researcher Discovered Vulnerabilities in RADIUS Protocol: Blast-RADIUS - Blast-RADIUS is a vulnerability that affects the RADIUS protocol. RADIUS is a very common protocol used for authentication, authorization, and accounting (AAA) for networked devices on enterprise and telecommunication networks. #wifi #radius #mitm #vulnerability

🛠️TOOLS

PasswordPusher - Securely share sensitive information with automatic expiration & deletion after a set number of views or duration. Track who, what and when with full audit logs. #password #sharing #manager

Port-jump - Some security by obscurity using "port-jumping". A silly PoC to use HOTP to update port numbers to a service as time progresses.#tcp  #port #jumping

Agevault - Directory encryption tool using age file encryption using age file encryption. It locks/unlocks a vault (directory) with a passphrase-protected identity file. #vault #directory #encryption

Awesome-windows - An awesome & curated list of tools and apps for Windows 10/11. #awesome #windows #resources

🧠 TUTORIALS & SKILL-BUILDING

Remediating 1000s of untracked security vulnerabilities in nixpkgs - Pierre Bourdon (delroth) says through vendoring, many packages in nixpkgs end up including obsolete and vulnerable versions of their dependencies. This is especially prevalent for Rust, Go, JavaScript, Java and .NET software using strict lockfiles. How bad is the current situation really? #dependencies #software #security

Fortifying the Foundations: Elevating Security in Nix and NixOS - Dominic Mills-Howell talk discusses the mechanisms in place to reduce reliance on external binaries, ensuring code integrity during compilation, and implementing mechanisms for delivering up-to-date, secure software sustainably. Nix security team that focuses on streamlining processes, enhancing NixOS and Nixpkgs security. #nixos #package #security 

Scammers PANIC After I Hack Their Live CCTV Cameras! -  NanoBaiter, scambaiting videos where we track down and identify scammers, Stop potential scams in progress, and Report the information to law enforcement! In today's video after gaining access to a scam call center's CCTV, I decided to confront the scammers with their REAL names and personal Information! #cctv #hacking #expose #scammers

Meta is getting ready for post-quantum cryptography - Meta Tech Podcast you’ll meet Sheran and Rafael, two engineers leading Meta’s post-quantum readiness work. They sit down with Pascal Hartig (@passy) to discuss the threat of quantum computing and how Meta is working to keep today’s users safe from the quantum attacks of tomorrow. #quantum #cryptography #threats

🎁 MISCELLANEOUS

How Meta enforces purpose limitation via Privacy Aware Infrastructure at scale - Facebook Engineering delves into the concept of "Privacy-Aware Infrastructure" within the company known as Meta.This initiative emphasizes the principle of "purpose limitation," ensuring data is collected and used only for specific, pre-defined purposes. #privacy #aware #infrastructure

China’s AI Engineers Are Secretly Accessing Banned Nvidia Chips - Chinese AI developers are finding ways to access advanced American AI chips, such as Nvidia's H100 chips, despite U.S. export controls that have prevented Chinese companies from directly importing these chips. #nvidia #AI #chips

Green Berets Showcase Disruptive Cyber Tech at Swift Response 2024 Exercise - U.S. Army successful integration of "disruptive cyber technology" by Green Berets during the Swift Response 2024 military exercise in Sweden. The technology enabled a Special Forces Operational Detachment Alpha (ODA) team to remotely identify and manipulate target building security systems, facilitating infiltration for a follow-up ground operation. #military #cybersecurity #exercise

AI cameras spot toddlers not wearing seat belts -  A recent trial of AI-powered cameras in Devon and Cornwall has identified a concerning trend: over 100 children were caught not wearing seatbelts. These cameras, designed to detect phone use and other driving offenses, highlight the importance of child safety in vehicles. #AI #camera #driving #without #seatbelts

🎯 QUOTE OF THE DAY

⭐ HOW DID WE DO?

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here.

That’s a wrap!

Thank you for reading,
VayFul Team