Week 35, August 28-September 3, 2023

Week 35, August 28-September 3, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

Microsoft Entra ID is facing risks as experts warn that cybercriminals could use it for elevated privilege, meaning they could get more control over a computer system than they should. Then there’s news about Rust Libraries, a type of software, sending sensitive computer info to a Telegram Channel. The third key update concerns KmsdBot Malware now attacking Internet of Things (IoT) Devices with new abilities. On the international front, a Chinese hacking group has been exploiting a weakness in Barracuda software to go after government, military, and telecom sectors. Lastly, companies running Citrix NetScaler should be alert, as ransomware hackers are exploiting a critical vulnerability to lock up systems and demand money.

Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

DNSWatch is a Python tool designed to monitor and analyze DNS (Domain Name System) traffic on a network. The tool captures both DNS requests and responses, displaying them along with their source and destination IP addresses. For those who want a deeper look, an optional verbose mode allows for detailed packet inspection. The tool also offers the flexibility to save the captured data to an output file and even filter DNS traffic by targeting a specific IP address. Additional features include the option to save DNS requests in a database for later analysis, evaluate different DNS types, and support for DNS over HTTPS (DoH).

RedCloudOS is a Debian-based operating system designed for Red Teams to evaluate the cloud security of major Cloud Service Providers like AWS, Azure, and GCP. The system comes packed with a variety of tools tailored for different tasks such as enumeration, exploitation, and post-exploitation within these cloud environments. Users can easily navigate through these tools, as they are organized by the service provider and further categorized into specific functions. The OS features Terminator as the default terminal for ease of use and multitasking. Tools can be launched in four different ways, including menu launchers and various script execution methods. While most tools are fully integrated, some like Impacket and Redboto only list scripts and folder paths, with plans for proper launchers in future releases.

Humanify is a tool designed to un-minify Javascript code, making it easier to read and understand. It utilizes large language models like ChatGPT and llama2 to offer intelligent suggestions for renaming variables and functions. The actual process of un-minifying the code is handled at the AST level by Babel, ensuring that the code remains equivalent to its original form. The tool also features the ability to unbundle Webpack bundles using Webcrack. Overall, Humanify aims to simplify the process of decoding minified Javascript code without altering its core structure.

That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.