Week 43, October 23-29, 2023
Week 43, October 23-29, 2023. Cybersecurity Weekly Updates.
This week in the world of cybersecurity:
AI Tools in Companies – It seems that not everyone knows who is using AI tools within their company. This raises questions about safety and proper use.
Firebird Backdoor in Pakistan and Afghanistan – A new dangerous software called Firebird has hit these countries. It’s made by the DoNot Team and could be a big threat.
Guilty Ex-NSA Employee – A former worker at NSA has pleaded guilty for giving away secret information to Russia.
Cybercriminals Arrested in Spain – 34 people who were doing online scams and stealing lots of money got caught in Spain.
iOS Zero-Day Attacks – Experts have found more details about Operation Triangulation. This is a very sneaky attack that targets iPhones and other Apple devices.
Critical Flaws in Popular Platforms – Big problems were found in services like Grammarly and Bukalapak. These issues could let bad people get into your personal information.
VMware Critical Patch – If you use VMware’s vCenter Server, there’s a very important update you need to install. This fix stops a serious security risk that could let hackers get control.
Recent Tools and Techniques
These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.
Kunai is a security monitoring and threat-hunting tool designed specifically for Linux systems. Similar to Sysmon for Windows, it provides advanced features to track and analyze system behavior. What sets Kunai apart is its ability to sort events in chronological order and enrich them through on-host correlation. It is also compatible with Linux namespaces and container technologies, allowing for comprehensive activity tracing even within containers. Under the hood, Kunai operates using eBPF programs, or probes, to gather relevant security data. These probes then pass the information to a userland program responsible for tasks like event re-ordering and correlation. The tool is primarily written in Rust and relies on the Aya library, making it a standalone binary that contains both eBPF probes and the userland program.
EAPHammer is a toolkit designed for executing targeted evil twin attacks on WPA2-Enterprise networks. Ideal for comprehensive wireless assessments and red team activities, it offers an easy-to-use interface for executing powerful wireless attacks with minimal setup. The tool can steal RADIUS credentials from WPA-EAP and WPA2-EAP networks, carry out hostile portal attacks to capture AD credentials, and execute captive portal and karma attacks. It also has built-in Responder integration and supports Open networks as well as WPA-EAP/WPA2-EAP. Additional features include automated PMKID attacks, password spraying, and timed Powershell payloads for wireless pivots. With no manual configuration needed for most attacks and setup, EAPHammer is a versatile tool for wireless network security testing.
Tartufo is a security tool that scans git repositories for sensitive information or secrets hidden in the commit history and branches. It’s effective for catching secrets that were accidentally committed to the repo. The tool examines each commit’s diff and uses both regular expressions and entropy checks to identify potential secrets. Specifically, it calculates the Shannon entropy for text blobs longer than 20 characters in both base64 and hexadecimal character sets. If it finds any high-entropy strings longer than 20 characters, the tool will flag them for review. This makes Tartufo useful for both ongoing security audits and as part of git pre-commit scripts to prevent secrets from being committed in the first place.
That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.
To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.