KazukiLabs NewsLetter Vol. 3 Num. 19
Winamp: Back from the grave to whip some more Llama's asses
Last week has been an emotional one for some, especially people in the UK as at the end of last week a royal change happened as a result of the queen passing away and the crown being replaced by prince charles as the new king. Sadly this is how things are in life, everything sooner or later comes to an end and while it’s unfortunate, that’s just how things are.
This week Mandiant also released a new detailed report about the iranian threat group previously known as UNC788 which with this report and podcast have officially been promoted to a APT42 and thus will be tracked as such in the future. This report is well worth reading or/and listening to as it will be very much related to Iran's ongoing political relationship with the world as the APT group is with high confidence suspected to be a state sponsored one.
~Kazu
News of interests:
APT42 Report: Crooked Charms, Cons, and Compromises
https://www.mandiant.com/resources/blog/apt42-charms-cons-compromises
Kazu: as mentioned above, Mandiant have released a detailed report detailing the activity of the highly suspected iranian state sponsored APT42 which was before known as UNC788 and have with this report and podcast been promoted to a APT group. This report will naturally due to its nature have a high impact on Iran's current relationship with other countries, but it's not expected the group actions will change much and in fact may even increase as further increase in outside hostility towards the country increases.
Tags: Report, APT42, UNC788, Mandiant, InfoSec, CTI, Iran, News
FACEBOOK ENGINEERS: WE HAVE NO IDEA WHERE WE KEEP ALL YOUR PERSONAL DATA
https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/
Kazu: not long ago it was disclosed that twitter does not have control over where a lot of things are such as users data and when a user deletes a DM, they don't really know if it's truly deleted or not and just in a state of Schrødingers where nobody knows.
Well, it's not only twitter, Facebook(i don't care about their new name) is also not much better where it seems documentation is very much optional and no-one really knows where data is and the main policy seems to just be keep piling stuff on top of each other and don't deal with whatever mess is underneath.
Tags: Facebook, Privacy, News, InfoSec
America Could Lose the Tech Contest With China
https://www.foreignaffairs.com/united-states/america-losing-its-tech-contest-china
Kazu: As the cost for both consumers and manufacturers have favoured China for its ability to create cheap chips and parts for electronics, it has become the default place from where most people get their EE stuff from with numbers stating that 98% of US commercial chips are sourced from China.
This has naturally severely reduced the EE Production industry in the US which in turn means that when china shuts down, the US and by extension, the rest of the world, does as well.
Getting the industry back to the US from China may be possible, but it will be an extremely steep and long mountain to climb, even with the added injection of finances from stuff like the "CHIPS Act" to try to do so.
Tags: EE, Electronics, China, Tech, Chips, US, News
Analysis: Banned U.S. AI chips in high demand at Chinese state institutes
Kazu:The US don't like the thought of China getting ahold of advanced chips from Nvidia and Intel which are made in Taiwan which China still considers part of them. and with the increase in demand for universities and such in China for ways to upgrade their systems to speed up technological development, there's been an increased demand for more and more advanced chips.
this is something US don't like very much and having them made so close to china is seen as not good idea either, so US have decided to not only try throw money at the problem in a attempt trying to get more production inside US, but the government have also decided to Ban the sales of Advanced chips from Nvidia to china in attempt to reduce their advancement over US.
Tags: Nvidia, Chips, China, Ban, US, Technology, Politics, Electronics, EE, News
Interviews, Tools, writeups, etc:
Bumblebee Returns With New Infection Technique
https://blog.cyble.com/2022/09/07/bumblebee-returns-with-new-infection-technique/
Kazu: A new malware loader has been found which seems to replace BazarLoader with new tricks up its sleeve, this starts out like most others as a phishing attack but this one uses vhd and lnk file to load into powershell memory.
Tags: InfoSec, CTI, Malware, Loader, Analysis, writeup
New Stealthy Shikitega Malware Targeting Linux Systems and IoT Devices
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
Kazu: Non-Windows systems have been famously touted as being protected against malwares, but this is only due to its limited presence in areas where malwares targets, but as the popularity of non-windows systems keep growing, so does the amount of malware which targets such, like this one which even goes to the length of trying to be as stealthy as possible.
Tags: Malware, crypto, InfoSec, DFIR
Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator Data
https://www.crowdstrike.com/blog/sandbox-scryer-free-threat-hunting-tool/
Kazu: haven't been able to set me really well into how this tool work yet, but from what i can read it seems to be a tool which can be of great help to analysts and threat hunters to do their job faster and easier, so i decided to throw this in so others reading this newsletter know about it. and can check it out for themselves.
Tags: Threat Hunting, Malware, IOC, Analysts, InfoSec, CTI, Tool, CrowdStrike
An interview with Ukrainian hacker ‘Herm1t’ on countering pro-Kremlin attacks
https://therecord.media/an-interview-with-ukrainian-hacker-herm1t-on-countering-pro-kremlin-attacks/
Kazu: Recorded Future is yet again having an interview with someone, and this time it's the Ukrainian hacker known as 'Herm1t' who was also the creator of VX Heaven. In this interview he talks about topics such as Countering pro-kremlin attacks as well as the story behind VX Heaven and it's an interesting read for sure.
Tags: Interview, Herm1t, Recorded Future, CTI, InfoSec
Winamp 5.9 Final released and it still whips the Llama's ass
Kazu: Guess who's baaaack from the death?, It's WInamp which is now in version 5.9(should be 6.0 imo but seems they work on that) and it has a lot of changes and compatibility fixes like making sure it works on windows 11. If you missed Winamp and wanted it back, then here it is, although it does still have some bugs to note, so make sure to read the patch notes.
I decided to download and install it myself to check it out and tbh, and for music in general, i kinda prefer it over other options, although there’s certain things it don’t have which players such as foobar does such as analyser, uv-meters, etc. but as a decent music player, it’s not bad….just don’t try it’s online services as it unrepairable broke the player.\
Tags: Technology, Winamp, News
Pestudio to support .NET namespace
Kazu: New pestudio update will now include extended .NET Namespace support which will make initial malware assessment easier which i am all for.
Tags: DFIR, Malware, pestudio, Infosec, Tool