Week 44, October 30-November 5, 2023
Week 44, October 30-November 5, 2023. Cybersecurity Weekly Updates.
This week in the world of cybersecurity:
Hackers are targeting Israeli groups with harmful programs to delete data. There’s also a new security problem found in NGINX software that’s used with Kubernetes, which needs urgent attention. Companies are being warned because ServiceNow let out some information by accident. This has made other companies think about their own security. Another concern is hackers using fake dating apps to put spyware on Android phones in Arabic-speaking areas.
There’s news that Atlassian is telling people about a bad security hole in Confluence, which could lead to losing data. Also, the government in Canada has decided not to allow WeChat and Kaspersky on its devices. Meta is trying something new in Europe, where they’re asking for money for using their service without ads, and this is to follow privacy rules.
Iranian hackers are trying to get into financial and government groups in the Middle East. North Korean hackers are also doing wrong things by targeting people who know a lot about cryptocurrencies with harmful software for macOS. There’s been an alarm about attacks that are using a known weakness in BIG-IP systems.
Some bad people used a weak spot in Apache software for ransomware attacks, and there have been attacks on cloud services through a flaw in Linux. Some bad software called NodeStealer is messing with Facebook business accounts by putting out bad ads. Lastly, Okta, a company that helps with security, says that a breach affected 134 of its customers.
Recent Tools and Techniques
These are some of the recent tools and techniques in the cyber-security sphere that have captured my attention.
Ghost Scheduled Task is a proof-of-concept (POC) tool designed for security researchers and IT professionals to demonstrate the creation of Windows scheduled tasks using direct registry manipulation, a technique that can be used for stealthy persistence. It can create tasks that are hidden from view due to a restrictive security descriptor and avoid detection by not triggering the usual Windows event logs when tasks are created or modified. The tool supports adding or deleting tasks on both local and remote systems, including tasks that can run under specific user accounts and at varied schedules. It works by mimicking the task creation process, which usually requires system restart or service reload for execution. This tool has been tested to work on recent Windows platforms without alerting the built-in security defenses like Microsoft Defender for Endpoint. It requires high-level system privileges for operation and can be particularly useful for understanding security measures and potential vulnerabilities in task scheduling on Windows systems.
Superman is a command-line tool designed to terminate protected processes. It’s tailored for use in security research and educational purposes, allowing users to specify the process ID (PID) they wish to terminate. The tool supports various options, including a recursive process kill feature, the ability to set a kill interval in milliseconds, and commands to display help instructions or the program’s version. Superman also includes a specific functionality to kill the Windows Defender process (MsMpEng.exe) by using its PID and recursive options. Users must understand that they are responsible for any legal issues that may arise from the use of Superman and should handle the tool accordingly.
MailChecker is a tool for disposable email validation across various programming languages. It helps ensure the email format is correct and checks against a list of over 55,000 disposable email domains to block temporary emails. MailChecker can be a critical tool for businesses and developers who need reliable communication with users and wish to prevent spam and miscommunication by verifying email authenticity. It’s straightforward to implement MailChecker into webhooks through services like Hook0, or to incorporate dynamic charts in emails using Image-Charts, which simplifies creating charts via a single URL without the need for server-side rendering. MailChecker is compatible with multiple languages including NodeJS, JavaScript, PHP, Python, Ruby, Rust, Elixir, Clojure, and Go, offering a unified API for email validation tasks. The tool’s installation and usage instructions vary with each version update, but are clearly documented for ease of transition and use.
That’s a wrap on this week’s edition of the Cyber-Security Update. Remember, the cyber-security landscape is ever-changing, and staying informed is your primary defense. Hopefully, the insights and information shared today will assist in navigating this complex domain and in strengthening defenses against potential threats. Stay vigilant, stay informed, and look forward to more insights into the world of cyber-security in next week’s edition.
To stay in sync with the weekly cyber-security roundups, remember to subscribe to the newsletter and follow on social media platforms. If there are any questions or specific topics you’d like to see covered, don’t hesitate to get in touch.
