LogSnare – Mastering IDOR And Access Control Vulnerabilities Through Hands-On Learnin

From kalilinuxtutorials.com

LogSnare is an intentionally vulnerable web application, where your goal is to go from a basic gopher user of the LogSnare company, to the prestigious acme-admin of Acme Corporation.

The application, while hosting multiple vulnerabilities, serves as a valuable educational tool.

However, the real lesson to be learned here is how to prevent and catch these attacks leveraging proper validation and logging.

After logging in to the demo application, in the top navbar you’ll see a validation toggle which allows you to toggle security controls in real-time.

Read more…

Microsoft Details On Using KQL To Hunt For MFA Manipulations

From gbhackers.com

It is difficult to secure cloud accounts from threat actors who exploit multi-factor authentication (MFA) settings.

Threat actors usually alter compromised users’ MFA attributes by bypassing the requirements, disabling MFA for others, or enrolling rogue devices in the system.

They do so stealthily, mirroring helpdesk operations and making it hard to notice the noise of directory audit logs.

To protect themselves against this insidious attack vector on clouds, organizations need to strengthen monitoring and controls around MFA configuration changes.

Cybersecurity researchers at Microsoft recently detailed using the KQL (Kusto Query Language) to hunt for MFA manipulation.

Read more…

Ukraine says hackers abuse SyncThing tool to steal data

From bleepingcomputer.com

The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed “SickSync,” launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces.

The threat group is linked to the Luhansk People’s Republic (LPR) region, which Russia has occupied almost in its entirety since October 2022. The hacker’s activities commonly align with Russia’s interests.

The attack utilizes the legitimate file-syncing software SyncThing in combination with malware called SPECTR.

Vermin’s apparent motive is to steal sensitive information from military organizations.

Read more…

SPECTR Malware Targets Ukraine Defense Forces in SickSync Campaign

From thehackernews.com

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync.

The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk People’s Republic (LPR). LPR was declared a sovereign state by Russia days prior to its military invasion of Ukraine in February 2022.

Attack chains commence with spear-phishing emails containing a RAR self-extracting archive file containing a decoy PDF file, a trojanized version of the SyncThing application that incorporates the SPECTR payload, and a batch script that activates the infection by launching the executable.

Read more…

FBI Distributes 7,000 LockBit Ransomware Decryption Keys to Help Victims

From thehackernews.com

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it’s in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost.

“We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov,” FBI Cyber Division Assistant Director Bryan Vorndran said in a keynote address at the 2024 Boston Conference on Cyber Security (BCCS).

LockBit, which was once a prolific ransomware gang, has been linked to over 2,400 attacks globally, with no less than 1,800 impacting entities in the U.S. Earlier this February, an international law enforcement operation dubbed Cronos led by the U.K. National Crime Agency (NCA) dismantled its online infrastructure.

Read more…

Microsoft OneDrive cheat sheet: Using OneDrive for Web

From computerworld.com

OneDrive for Web lets you save, access, share, and manage your files in the cloud using your favorite browser. Learn how to use its new interface for a big productivity boost.

Microsoft’s cloud storage, OneDrive, works both as a web app that you use through a browser and as a storage drive integrated into File Explorer in Windows 10 and 11. When you upload a file or folder to the OneDrive web app, it becomes available on your Windows PC through File Explorer, and vice versa. You can also access it on your smartphone or tablet (via the OneDrive app for AndroidiPhone, or iPad) and even on a Mac (via the OneDrive Mac app) if any of these devices are signed in with the same Microsoft account.

Read more…

Linux version of TargetCompany ransomware focuses on VMware ESXi

From bleepingcomputer.com

Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads.

Also known as Mallox, FARGO, and Tohnichi, the TargetCompany ransomware operation emerged in June 2021 and has been focusing on database attacks (MySQL, Oracle, SQL Server) against organizations mostly in Taiwan, South Korea, Thailand, and India.

In February 2022, antivirus firm Avast announced the availability of a free decryption tool that covered variants released up to that date. By September, though, the gang bounced back into regular activity targeting vulnerable Microsoft SQL servers and threatened victims with leaking stolen data over Telegram.

Read more…