On November 22. 2022, Google's Threat Analysis Group reported the new zero-day vulnerability CVE-2022-4135.

The vulnerability is rated as High CVE-2022-4135: Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121. The vulnerability could allow a remote attacker to compromise the renderer process to perform a sandbox escape via a crafted HTML page.

The vulnerability is being exploited in the wild.

Google has released the update (the version 107.0.5304.121 for Mac and Linux and the version 107.0.5304.121/.122 for Windows)

How to update your Chrome:

• Open the chrome browser
• Go to your setting – right side of the browser – click on the setting option

Go to – About Chrome

• The browser will start the update automatically

As soon as you read this article, make sure that you update your browser.

On November 24, 2022, the security researcher from OSINTAFRICA has detected many phishing attacks mimicking WhatsApp brand.

WhatsApp is a freeware platform used to send and receive text, voice messages, make voice and video calls, and share images, documents, user locations, and other content. The application is owned by American company Meta Platforms.

The application is used by more than 2 billion of users around the globe.

The name associated to the threat actors is unknown. The domains identified are created a few days ago.

The threat actors are using different locations such as US, SINGAPORE, Hong Kong to avoid detection and target user from those locations as well.

Apart from using different location, the threat actors used also CDN Cloudflare to hide their location and hide the services they use to target the users.

From the details we collected and analyzed, we can assume that the intention of the threat actors is to steal users’ credentials and trick the users by installing a malicious software which look like WhatsApp.

Let's explain the findings in detail:

On the screen below, we can see the image is quite similar to WhatsApp, and it has been classified as Malicious by Google safe browsing. The IP address 2606:4700:3037::ac43:d2ab is located in US and belongs to CLOUDFLARENET, US.

We can also observe some words writing in Chinese which could indicate that the threat actors might be targeting users from China.

gotas.evoluir.sbs - urlscan.io

Virus total detected as a phishing website

VirusTotal - URL - c424a393c09b3c1007258c95aef074d555395af61bda0e02fa68a4abc8ba773b

Another example is whatssap7[.]com

We can see that the IP address is located in US and belongs to TERAEXCH US.

 

https://urlscan.io/result/b7490a37-9c92-4020-8cde-abedee990831/

We decided to connect to Securitytrails to find more information related to the domain. 

We found the following information.

Two domains detected by Securitytrails. The second domain – download.whatssap7[.]com, the malicious domain contains downloading version of the application for Android, Windows and MacBook.

https://securitytrails.com/list/apex_domain/whatssap7.com

Two domains were found. The second one download.whatssap7[.]com a malicious WhatsApp package to download

https://urlscan.io/result/ae426881-2e77-412f-a27a-8ec5b956dfa2/

 

Unfortunately, we could not download the file 

Our last example will be the domain whatqsapp[.]com

https://urlscan.io/result/4f6be6c4-be69-4e24-9618-08605b541c95/

Another domain located in the US.

From Riskiq, we found many subdomains mimicking WhatsApp using the IP address 172.247.175.66.

 

Its not the first time WhatsApp is being targeted. Many users complained in the past about loosing their credential and the phishing attack is the most used technic to achieve the goal.

This issue is quite interesting as WhatsApp is used by many users; some measures should be taken to avoid the users connecting to the malicious websites.

In order to reduce this situation, 3 mains advice need to be followed.

Advice:

Use only WhatsApp.com for downloading the application and connecting

Use 2FA to protect your account

Take down all the domains (should be done by the WhatsApp corporation team)

Domains mimicking WhatsApp

whatssapp8[[.]]com

whatsaaapp[.]com

whataswappapp[.]com

whatsakpp[.]com

whatmsapp[.]com

whatszaapp[.]com                                    

whaxsapp[.]com

www[.]whatscaapp[.]com

www[.]whatszaapp[.]com

www[.]whatstaapp[.]com

whatscaapp[.]com

whatstaapp[.]com

whatqsapp[.]com             

whatsaypp[.]com  

whatmsapp[.]com

www[.]whatmsapp[.]com          

www[.]whatqsapp[.]com

www[.]whhatapp[.]com 

whatsalpp[.]com                           

whatsabpp[.]com 

whatskapp[.]com  

www[.]whatsalpp[.]com

whatuapp[.]com

whlatapp[.]com

www[.]whatskapp[.]com

ww[.]whatsaypp[.]com

whaotapp[.]com   

THE WORLD CUP is the biggest sportive competition in the world where the best countries for the last four years from all around the world meet to compete against each other. But this world cup is different from the past world cup as it’s also a revelation for the worldwide.

Who could imagine some years ago that Asian countries could compete with European countries in football (only if you are in the Asian mindset). If you did not think, guess what, you were wrong.  The Asian’s plan was always to learn and to achieve a goal. This is what we see now, if you look at most of those countries like China, Singapore, Vietnam, Qatar or Emirates, Arabia Saudi, Japan, South Korea, India and may others, you can determine how much affords were put into place to come at this point. You can see how fast those countries are growing up economically, culturally, socially, sportively, educationally etc. To understand that you should not go so far. Most of world-wide products (Mobile phones, cars, Clothes, foods etc.) are produced by those countries. If you take only China, half of the things we use and eat on daily basis are coming from there.

I am not economist but as a football fan and OSINT lover I can make own investigation 😊. The football for many years was directed by EU countries and a few other countries like Brazil, Argentina, but nowadays we see different reality, this is due to the fact that those countries, see the world differently from other, they work hard, analyze the world from different aspects and perspective and the result is visible. I am not saying that they are going to win the world, but this is just a lesson learn for the world. The victory of Arabia Saudi vs Argentina and Germany vs Japan might be surprising for many people who do not follow those teams or the development of football in those countries but in really the plans everything for many years and it's started to work.  With these victories, many other countries could also learn, especially those countries that think only one side could help them to get rid of the poverty or win the world cup.

We can also explain it differently, we all know that the football is based in EU and most of the big players we see on the TV are playing in EU, so people do not know the players from those countries which make the situation more difficult for EU players against those teams. If you take the African teams, it's difficult for them still to compete against EU countries, the reason is simple, most of them are playing in EU, so the way they play does not change. They players know each other, and EU countries have better teams, so it's difficult to win them.

This can explain a lot in the way the world is going on and will be in the future. We can see how the development of the world is changing in realities. The development of football can reflect the development of the economy, mentality, vision, education, society of a country. 

The key here is the work based on self-assessment and self-decision making. Like people say in French (Paris did not become Paris in one day). Let's plan and work hard. Your time will come.

I hope that other countries such as African countries will take it as a lesson learn not only like a football game to develop their economy, culture, sport, society, education etc.

Good luck!

Trackology is the science of tracking people information over the internet.

The information tracked can be (gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion)

Once the information is tracked, they will be collected, analyzed, processed, aggregated and sold to a third party or used for other interests.

Most of the websites use the cookies to track data from the websites but we can also use other technologies such as account tracking, fingerprint, web beacons to achieve this goal.

Many companies do track the data over the internet for marketing reason or advertisement, but others such as media and government might tracked for other reasons like political reasons. Many Medias nowadays collect data over different social medias that will be analyzed later. One example that we can give is the actual situation between Ukraine and Russia. The medias by using their pages over different social medias, can post something related to the topic and people will comment, based on the comments from different platforms such as Facebook, Twitter, LinkedIn, we can determine what people think about the Russia invasion.

 

How to test people to determine their opinion.

Let’s use a technic calls profiling which consists of collection information such as gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion about a person or group of persons that will be used later to make a decision about the person or the group of persons.

As an example, we want to know what people think about LGBT in the world. We will create a group on Facebook and posts different messages and analyze it.

Let’s create a group on Facebook and call it “We love LGBT”. Post something on the page and wait for the comments and people reaction.

Once you analyzed the data collected, you can guess people opinion about such topic in general.

This technic is used by many entities such as medias, E-commerce, Sports to sell their products or to make a decision.

Risks related to data tracking

If the data are not tracked following the regulations, many issues may be arised.

With the example we gave above about “LGBT”, imagine that you apply for a job, and you should have an interview with the company. Before the interview the company tracked you from different social media and reveal your negative comment about “LGBT”, if the manager is a gay or Lesbian or one the people who received the feedback after the data collection, then it could impact negatively the interview. In order to avoid such issue, the regulations should protect people privacy over the internet.

 

As we see, the data tracked could lead to prejudice, as the simple comment made cost the person to lose the job.

 Advantages of data tracking

Like we said before, many businesses do track data for marketing or advertisement reasons, which help those businesses to improve the way to sell their products. 

Data tracking can also help to find terrorist. As today the world is facing with many terrorists attack so the data tracking could be very important for entities such as police departments, militaries, Threat investigation and so on.

Data tracking could be used also for background checking to determine if the person is suitable for the position. 

As you see, everything can have a good side and bad side. The best way to be on the good side will be to follow the regulations and best practices and monitor them as well.

Solution against data tracking without the consent of people

They are many solutions to avoid being tracked by the websites you visit.                 

• Enable cookies (check the cookies preference before accepting it)
• Enable DO NOT TRACK
• Do not give a permission to share your data to a third party (Social medias like Facebook, Google, Twitter do it, you need to edit the setting option to not allow it)
• Implement a data privacy regulation if not in place (this should be done by each country) and if the companies comply with it.
• You can use a tool like Trackography - Who tracks you online?   To verify where your data are going when you connect to some medias.
• Use VPN or a browser like TOR, TRAILS to stay anonymous online.
• Use proxy to hide your activities over the internet.
• Use incognito mode (it does not provide complete privacy)

They are many other solutions to stay protected online. But the best way to be protected is to not stay online which is not possible. Therefore, follow the best practices always is the key to stay safe online.

 

The role of the router is to send the packets from one network to another network over the internet.

In order to access   the router, the password is required. Most of the routers have a default password that can be used to access and configure it. The problem is that most of the clients do not change the default password. The default password for the router is available online and the password is unique, so it does not change. You need to know the name of the router and search on the browser to get the password. Which makes the password easy to guess. Another problem here is that most people do not change the default password and leave it as a blind password. Imagine that you gave the access to your local network to someone with bad intention, the person will have just to use the cmd command “ipconfig” to find the gateway IP address which is your router IP address and use the default password to connect and change the settings from the router. The person could have the whole control of your network and redirect the traffic to another place.

As we said, the default passwords are available over the internet, let’s show you how you can get the default password and connect to it.

Example:

1. First you need to know the router on which you want to access (check the router name on the router you have or want to access)
2. Click on the link and find the router name and click on find password

Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router

Router name listed

      3. Open cmd, type ipconfig

Check if you are connected by cable or cableless, in our case, we are connected via cableless

4. Now you have the IP address from the gateway or the route, open any browser from your choice, type the "http:/ /IP address" of the gateway, you get the dashboard with the username and password. Type the username name and password to get the access.

NB: Note that from the link Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router, you might not find the router name or the password. You can type the name from your search browser (google search, Microsoft bring or others) to find the relevant information.

In order to prevent someone without your consent to get access to your router and change the settings, you need to follow some best practices.

Best practices:

• Change the default password and username
• Use MAC access control
• In case you have a doubt that someone accessed to your network, contact your service provider immediately
• In case you do not remember your new password or username, you can reset the router (reset factory) to go back to the main configuration and change it again.
• Reduce the WIFI signal so it does not go out of your real.

All follow the best practices to protect your network.

A security researcher has detected a vulnerability in Glitch, a fork of Mastodon. An attackers could steal the credentials from Mastodon.

Mastodon is free and open-source software for running self-hosted social networking services (check Wikipedia for more details).

The security researcher was able to steal the credentials on Infosec Mastodon with a HTML injection vulnerability, without the need to bypass CSP.

Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research

The vulnerability was reported to Mastodon. The flaw is specific to the Glitch fork used by InfoSec. Exchange. Mastodon has released the version 4.0.1, 3.5.5, and 3.4.10 to mitigate the issue. The 2FA authentication could prevent someone with the password to not access to your environment.

 

 Three Vulnerabilities have been discovered in Citrix Gateway and Citrix ADC.

The vulnerabilities are the following:

• CVE-2022-27510 Unauthorized access to Gateway user capabilities
• CVE-2022-27513 Remote desktop takeover via phishing
• CVE-2022-27516 User login brute force protection functionality bypass

Be aware that only appliances that are operating as a Gateway (appliances using the SSL VPN functionality or deployed as an ICA proxy with authentication enabled) are affected by the first issue.

The affected versions are the following:

• Citrix ADC and Citrix Gateway 13.1 before 13.1-33.47
• Citrix ADC and Citrix Gateway 13.0 before 13.0-88.12
• Citrix ADC and Citrix Gateway 12.1 before 12.1.65.21
• Citrix ADC 12.1-FIPS before 12.1-55.289
• Citrix ADC 12.1-NDcPP before 12.1-55.289

The released applies to customer-managed Citrix ADC and Citrix Gateway appliances. Customers using Citrix-managed cloud services do not need to take any action.

Recommendation:

Install the relevant updated versions of Citrix ADC or Citrix Gateway.

NB: Only Citrix ADC and Citrix Gateway versions prior to 12.1 are EOL and customers on those versions are recommended to upgrade to one of the supported versions.