intelligence gathering

GitLab has released a security update that fixes two critical vulnerabilities, one of which (CVE-2023-7028) allows an attacker to exploit a flaw in the mailbox authentication process to hijack a user account by sending a password reset email to an unauthenticated mailbox. The vulnerability affects multiple versions of GitLab Community Edition (CE) and Enterprise Edition (EE).GitLab has released a fix and advises users to upgrade to the fixed version as soon as possible and enable dual authentication for added security.

The U.S. Securities and Exchange Commission compromised the X (formerly twitter) account after unidentified individuals took control of the X (formerly twitter) account cell phone number. Approval for the Bitcoin ETF to be listed on all registered national stock exchanges was posted through the account, which did not have two-factor authentication enabled at the time of the theft.The X security team recommends that all users enable two-factor authentication to secure their accounts.

The Syrian hacker group calling itself Anonymous Arabia has released a remote access Trojan horse called Silver RAT, which bypasses security software and covertly launches hidden applications.

Turkish hackers have recently utilized Microsoft SQL (MS SQL) servers, which have weak security globally, to carry out attacks. This action was designed to gain initial access and was linked to financial gain. The attack targeted the U.S., EU and Latin America (LATAM) regions. Researchers at the security firm Securonix named the operation RE#TURGENCE.

A new variant of Bandook Remote Access Trojan (RAT) is spread through carefully designed phishing emails targeting Windows users. The new variant utilizes a link embedded in a disguised PDF file to induce users to download and decompress a .7z compressed file containing malware, which is then injected into the msinfo32.exe system file to manipulate computers and steal information behind the scenes.

Remcos RAT is a powerful remote-control Trojan horse capable of stealing system data, cookies, and web browser login information, which was used by UAC-0050 for espionage purposes, targeting Ukrainian and Polish entities for intelligence gathering.

The information-stealing malware is actively utilizing an unspecified Google OAuth endpoint called MultiLogin to hijack user sessions and allow users to continue accessing Google services even after resetting their passwords.

Google agreed to pay $5 billion to settle a privacy lawsuit alleging that the company tracked users in incognito mode. The lawsuit accused Google of using tools such as Google Analytics to collect data on users even when they thought they were browsing privately.

On New Year's Eve 2024, Orbit Bridge was hit by a massive hack that cost over $82 million. The incident sparked panic in the crypto community and highlighted once again the importance of cryptocurrency security.

Re-generate Google services cookies using undocumented OAuth2 functionality, regardless of IP or password reset.