FreshRSS

πŸ”’
❌ Secure Planet Training Courses Updated For 2019 - Click Here
☷
β–³ πŸ”ƒ
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

New Malvertising Campaign Distributing PikaBot Disguised as Popular Software

By: Newsroom
The malware loader known as PikaBot is being distributed as part of a malvertising campaign targeting users searching for legitimate software like AnyDesk. "PikaBot was previously only distributed via malspam campaigns similarly to QakBot and emerged as one of the preferred payloads for a threat actor known as TA577," Malwarebytes' JΓ©rΓ΄me Segura said. The malware family,

Tell Me Your Secrets Without Telling Me Your Secrets

By: The Hacker News
The title of this article probably sounds like the caption to a meme. Instead, this is an actual problem GitGuardian's engineers had to solve in implementing the mechanisms for their newΒ HasMySecretLeaked service. They wanted to help developers find out if their secrets (passwords, API keys, private keys, cryptographic certificates, etc.) had found their way into public GitHub repositories. How

Skyhook - A Round-Trip Obfuscated HTTP File Transfer Setup Built To Bypass IDS Detections

By: Zion3R


Skyhook is a REST-driven utility used to smuggle files into and out of networks defended by IDS implementations. It comes with a pre-packaged web client that uses a blend of React, vanilla JS, and web assembly to manage file transfers.


Key Links

Features

  • Round trip file content obfuscation
  • User-configurable obfuscation chaining
  • Self-signed and Lets Encrypt certificate procurement methods
  • Embedded web applications for both configuration and file transfers.
  • Server fingerprinting resiliency techniques:
    • Encrypted loaders capable of dynamically encrypting interface files as the file transfer interface is rendered
    • API and web resource path randomization

Brief Description

Note: See the user documentation for more thorough discussion of Skyhook and how it functions.

Skyhook's file transfer server seamlessly obfuscates file content with a user-configured series of obfuscation algorithms prior to writing the content to response bodies. Clients, which are configred with the same obfuscation algorithms, deobfuscate the file content prior to saving the file to disk. A file streaming technique is used to manage the HTTP transactions in a chunked manner, thus facilitating large file transfers.

flowchart

subgraph sg-cloudfront[Cloudfront CDN]
    cf-listener(443/tls)
end

subgraph sg-vps[VPS]
    subgraph sg-skyhook[Skyhook Servers]
        admin-listener(Admin Server<br>45000/tls)
        transfer-listener(Transfer Server<br>45001/tls)
    end

    config-file(Config File<br>/var/skyroot/config.yml)

    admin-listener -..->|Reads &<br>Manages| config-file

    webroot(Webroot<br>/var/skyhook/webroot)
    transfer-listener -..->|Serves From &<br>Writes Cleartext<br>Files To| webroot
end


    op-browser(Operator<br>Web Browser) -->|Administration<br>Traffic| admin-listener
    op-browser <-->|Obfuscated<br>Data| transfer-listener

subgraph sg-corp[Corporate Environment]
    subgraph sg-compromised[Beachhead Host]
        comp-browser(Web Browser) -->|Reads &<b   r>Writes| cleartext-file(Cleartext Files)
    end
end

comp-browser <-->|Obfuscated<br>Data| cf-listener <-->|Obfuscated<br>Data| transfer-listener

A Brief Example

For example, here is a working obfuscation configuration:

And here is the file transfer interface. Clicking "Download" results in the file being retrieved in chunks that are encrypted with the chain of obfuscation methods configured above.

JavaScript deobfuscates the file before prompting the user to save it to disk.

Below is a request stemming from a download being inspected with Burp. Key elements of the transaction are encrypted to evade detection.



Apple Sets New Rules for Developers to Prevent Fingerprinting and Data Misuse

By: THN
Apple has announced plans to require developers to submit reasons to use certain APIs in their apps starting later this year with the release of iOS 17, iPadOS 17, macOS Sonoma, tvOS 17, and watchOS 10 to prevent their abuse for data collection. "This will help ensure that apps only use these APIs for their intended purpose," the companyΒ saidΒ in a statement. "As part of this process, you'll need

The Power of Browser Fingerprinting: Personalized UX, Fraud Detection, and Secure Logins

By: The Hacker News
The case for browser fingerprinting: personalizing user experience, improving fraud detection, and optimizing login security Have you ever heard of browser fingerprinting? You should! It's an online user identification technique that collects information about a visitor's web browser and its configuration preferences to associate individual browsing sessions with a single website visitor.Β  With
❌