Week 37, September 11-17, 2023

Week 37, September 11-17, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

Vietnamese Hackers and Facebook Messenger
Hackers from Vietnam are using Facebook Messenger to spread harmful Python-based software. It’s important to be extra careful about the links you click on while chatting.

Critical GitHub Issue
There is a big security problem with GitHub that puts more than 4,000 code storage places at risk. If you use GitHub, keep an eye out for any updates or warnings.

Google Chrome and Privacy
Google Chrome is making changes to better protect your private information. They’re getting rid of tracking cookies, so companies can’t easily follow what you do online.

Microsoft and Phishing in Teams
If you use Microsoft Teams at work, be alert. Microsoft warns of new scams that trick people into giving away private info through Teams messages.

TikTok and Child Data Fine in E.U.
TikTok is in hot water for not protecting the personal info of young users in the European Union.

 


Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

Sucosh is an automated source code vulnerability scanner designed for Python (Flask and Django) and NodeJs frameworks. It’s particularly useful for code reviews in web application development and source code analysis. The tool can identify a wide range of vulnerabilities including Remote Code Execution (RCE), Server-Side Template Injection (SSTI), Insecure Deserialization, Server-Side Request Forgery (SSRF), SQL Injection (SQLI), and Cross-Site Request Forgery (CSRF), among others. Currently, it supports Python-based frameworks like Flask and Django, as well as NodeJs using ExpressJS. Future updates are planned to add support for other programming languages such as PHP, .NET, and Go. Sucosh also offers input tracking features and can check for dangerous functions, vulnerable dependencies, and secret data like AWS keys. The tool even allows for custom rule integration through YAML configuration files.

Burp DOM Scanner is an extension for Burp Suite designed to scan and crawl Single Page Applications (SPAs). It employs a Chromium browser to specifically look for DOM-based Cross-Site Scripting (XSS) vulnerabilities. The extension is capable of capturing all types of web requests, including XHR, fetch, and websockets, allowing these to be forwarded to Burp’s Proxy, Repeater, and Intruder for further analysis. This tool relies on DOMDig as its crawling and scanning engine. DOMDig operates within the Chromium browser and is unique in its ability to crawl complex web applications by monitoring DOM modifications and tracking various types of web requests. It simulates real-user interactions to discover injection points, making it an effective tool for identifying vulnerabilities. Node and DOMDig are required dependencies for running this extension.

HTMLSmuggler is a JavaScript payload generator aimed at bypassing Intrusion Detection Systems (IDS) and delivering malicious payloads through HTML smuggling. The tool capitalizes on the web’s dynamic nature to sneak harmful content past traditional network security controls like firewalls, without triggering any alerts. The core functionality allows for the creation of a standalone JavaScript library that holds a user-defined malicious payload. This library can then be incorporated into phishing sites, email attachments, or other vectors to evade detection and deliver the payload to the target system. It features a built-in, highly configurable JavaScript obfuscator to further conceal the payload and can be used as an independent library or integrated into JavaScript frameworks like React or Vue.js.

 


That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.

 

Related posts