Welcome to this cyber security week's briefing
1. Kali 2024.2 release and Parrot 6.1 release
2. TotalRecall: A tool to grab Microsoft’s recall snapshots
3. The FBI issues 7000 LockBit ransomware decryption keys
4. TikTok zero-day
1. Kali 2024.2 release and Parrot 6.1 release
Kali has released version 2024.2 a little later than usual, with added packages and having fixed the Y2038 bug.
Here are the changes:
1.18 new tools in the new release with contributions from the community
- autorecon - Multi-threaded network reconnaissance tool
- coercer - Automatically coerce a Windows server to authenticate on an arbitrary machine
- dploot - Python rewrite of SharpDPAPI
- getsploit - Command line utility for searching and downloading exploits
- gowitness - Web screenshot utility using Chrome Headless
- horst - Highly Optimized Radio Scanning Tool
- ligolo-ng - Advanced, yet simple, tunnelling/pivoting tool that uses a TUN interface
- mitm6 - pwning IPv4 via IPv6
- netexec - Network service exploitation tool that helps automate assessing the security of large networks.
- pspy - Monitor Linux processes without root permissions
- pyinstaller - Converts (packages) Python programs into stand-alone executables.
- pyinstxtractor - PyInstalller Extractor
- sharpshooter - Payload Generation Framework
- sickle - Payload development tool
- snort - Flexible Network Intrusion Detection System
- sploitscan - Search for CVE information
- vopono - Run applications through VPN tunnels with temporary network namespaces
- waybackpy - Access Wayback Machine’s API using Python
Desktop changes
This release includes the latest version of GNOME desktop,GNOME 46 and an update to the Xfce specifically for Kali-Undercover, which changes your Kali Linux to a theme similar to Windows 10, possibly for stealth and preventing unnecessary attention. The Xfce update also includes HiDPI (High Dots Per Inch Display) which alters the scaling factor and makes everything look smaller than expected.
Y2038 bug fixed
Also known as the Y2K38, is a problem that will have the dates jump back to Friday 13th December 1901, when the dates reach one second after 03:14 UTC on 19th January 2038, similar to the Y2K bug.
This was fixed by the t64 (64-bit time_t type) transition. time_t stores timestamps. This fix included changing time_t type to be 64 bit where it was 32-bit.
Parrot 6.1 is here with new improvements and updates of packages and libraries. Here are a few improvements made
following ones:
- Anonsurf 4.2: Improved stability and fixed issues in the launcher script for better anonymity and user experience.
- Reintroduction of parrot-updater: The update reminder popup was re-introduced to the system to assist in keeping the system up to date.
- nmap: Patched to fix several errors in its mssql scanning lua script.
- burpsuite 2024.2.1.3: Updated to the latest version and fixed a java version inconsistency on some machines.
- sqlmap 1.8.3: Upgraded to the latest version for better SQL injection detection and testing capabilities.
- sslscan 2.1.3: Updated to its latest version.
- zaproxy 2.14: New version providing enhanced web application security testing tools.
- netexec 1.1.1: Introduced to replace the now legacy crackmapexec tool. Netexec can be used as a drop-in replacement for crackmapexec and offers the same features.
- metasploit 6.4.6: Updated with new exploits and improved penetration testing tools.
- woeusb-ng 0.2.12: Upgraded to enhance the creation of bootable USB drives from Windows ISO files.
- volatility3 1.0.1: Updated for better memory forensics and analysis capabilities.
- rizin 0.7.2: New version providing enhanced reverse engineering tools and features.
- powershell-empire 5.9.5: Updated to improve post-exploitation framework capabilities.
- instaloader 4.11: Upgraded to the latest version for improved Instagram data scraping and downloading.
- gdb-gef 2024.1: Updated with new features and improvements for the GDB Enhanced Features plugin.
- evil-winrm 3.5: Enhanced version for better interaction with Windows Remote Management.
- bind9: Applied an important security update.
- chromium: Applied the latest security updates to ensure safe and secure browsing.
- firefox: Updated with the latest security patches to enhance browsing security and performance.
- webkit: Incorporated security updates to safeguard against vulnerabilities in the web rendering engine.
- golang 1.21: Upgraded to the latest version, bringing performance improvements and new features.
- grub 2.12: Updated to enhance bootloader functionality and security.
- libc6 and glibc6: Security updates applied to improve system stability and security.
- pipewire audio server 1.0.5: Updated for better audio handling and improved performance.
- libreoffice 24.2: New version with enhanced features and security improvements for office suite applications.
- openjdk: Security updates applied to improve Java runtime environment security.
- php8: Incorporated security updates to enhance web development and server-side scripting security.
- ruby 3.1: Updated with the latest security patches to improve development security and stability.
2.TotalRecall: A tool to grab Microsoft’s recall snapshots
Microsoft has faced backlash over the recall feature and security researchers have revealed security flaws in the feature by releasing a tool,” TotalRecall”, which can find and extract everything that Recall has stored.
The researchers pointed out that the screenshots stored contain very sensitive information, with one security expert, Kevin Beaumont reporting that the data was stored in plain text and could enable threat actors to automate scraping on everything you’ve ever looked at within seconds.
TotalRecall automatically finds the Recall snapshots and SQLite database, extracts them to a designated folder, parses the databases for user-specified artefacts, and provides a summary including those artefacts.
3. The FBI issues 7000 LockBit ransomware decryption keys
Victims of LockBit have hope as the FBI has reached out to past LockBit victims disclosing that they have more than 7000 decryption keys, to help the victims get back their data
This follows a recent crackdown on the LockBit operations in February.
However, the FBI warns that LockBit victims are not safe even when the gang’s operations have been disrupted
Any victim is encouraged to visit their Internet crime complaint centre at ic3.gov.
4. TikTok zero-day vulnerability exploited by hackers
Hackers have exploited a zero-day vulnerability in TikTok’s direct messages feature enabling them to hijack the TikTok accounts on high profile organizations and individuals. The known targets include CNN and Sony.
The zero-day only needed the targets to open the malicious message, with no more interaction. The reports are that compromised accounts are few and the information about the compromised accounts or any details regarding the vulnerability are scarce.
This is a developing story.
