ZoeCyber

ZoeCyber

5/28/2025, 2:53:49 PM

https://www.digissllc.com/careers/

ZoeCyber

5/26/2025, 6:39:24 PM

*Malware in Disguise: Over 70 npm and VS Code Packages Exposed for Stealing Data and Crypto* *The Alarming Discovery* Security researchers have uncovered a massive threat to the cybersecurity world: over 70 malicious packages in the npm and VS Code registries. These packages are designed to steal sensitive data, including hostnames, IP addresses, DNS servers, and user directories. *The Malicious Packages: A Sneaky Approach* The malicious packages were published under different accounts and have been downloaded thousands of times. Some packages masquerade as legitimate plugins and utilities for popular JavaScript frameworks, but deploy destructive payloads once installed. These payloads can corrupt data, delete critical files, and crash systems. *The Threat Actors: Sophisticated and Elusive* The threat actors behind these malicious packages are sophisticated and use various tactics to evade detection. They have published both malicious and legitimate packages to create a facade of legitimacy. Some packages have been found to execute automatically, enabling recursive deletion of files and tampering with browser storage mechanisms. *The VS Code Extensions: A New Front in the Battle Against Malware* Malicious VS Code extensions have also been discovered, designed to siphon cryptocurrency wallet credentials by targeting Solidity developers on Windows. These extensions disguise themselves as legitimate, concealing harmful code within genuine features. *What You Can Do* - Be cautious when installing packages and extensions from open-source repositories. - Verify the authenticity of packages and extensions before installation. - Keep your systems and software up-to-date with the latest security patches. *Stay Vigilant* The discovery of these malicious packages and extensions highlights the growing threat of supply chain attacks. Stay informed and take steps to protect yourself and your organization from these evolving cybersecurity threats. *Key Takeaways:* - Over 70 malicious npm and VS Code packages have been discovered, designed to steal sensitive data and deploy destructive payloads. - The threat actors behind these packages are sophisticated and use various tactics to evade detection. - The malicious packages and extensions highlight the growing threat of supply chain attacks and the need for vigilance in the cybersecurity community.

ZoeCyber

6/6/2025, 11:18:58 PM

*Wireshark Vulnerability Enables DoS Attack* *Critical Vulnerability Discovered in Wireshark* A high-severity vulnerability (CVE-2025-5601) has been discovered in Wireshark, a popular network protocol analyzer. This vulnerability allows attackers to trigger denial-of-service (DoS) attacks through packet injection or malformed capture files. *What You Need to Know:* - *Vulnerability Details:* The flaw is caused by a bug in Wireshark's column utility module, leading to a buffer overflow condition. - *Affected Versions:* Wireshark 4.4.0 through 4.4.6 and 4.2.0 through 4.2.12 are affected. - *CVSS Score:* 7.8 (High Severity) *How to Protect Yourself:* - *Update Wireshark:* Immediately upgrade to Wireshark version 4.4.7 or 4.2.12 to patch the vulnerability. - *Verify Capture Files:* Be cautious when opening capture files from unknown sources. - *Limit Network Capture:* Restrict network packet capture operations to trusted sources. - *Network Segmentation:* Implement network segmentation to reduce exposure. *Why It Matters:* - *Disruption of Network Analysis:* The vulnerability can cause Wireshark to crash, disrupting critical network analysis and monitoring operations. - *Potential Exploitation:* Although no exploits are currently known, the potential for exploitation remains significant due to Wireshark's widespread use. *Stay Safe:* By taking these precautions and staying up-to-date with the latest security patches, you can minimize the risk associated with this vulnerability.

ZoeCyber

5/29/2025, 3:35:06 AM

*Microsoft OneDrive File Picker Security Flaw Discovered* A security flaw has been discovered in Microsoft's OneDrive File Picker that could allow websites to access a user's entire cloud storage content, even if only a single file is selected for upload. This vulnerability stems from overly broad OAuth scopes and misleading consent screens. *The Issue:* - The OneDrive File Picker requests read access to the entire drive, even for single file uploads. - The consent prompt is vague and doesn't clearly explain the level of access being granted. - OAuth tokens are often stored insecurely, and refresh tokens can grant ongoing access to user data. *Impacted Apps:* - ChatGPT - Slack - Trello - ClickUp *Microsoft's Response:* - Microsoft has acknowledged the problem but hasn't released a fix yet. - Users are advised to consider temporarily removing the option to upload files using OneDrive through OAuth until a secure alternative is in place. *Recommendations:* - Avoid using refresh tokens. - Store access tokens securely. - Get rid of tokens when no longer needed. *Conclusion:* This security flaw highlights the importance of continuous vigilance in OAuth scope management and regular security assessments to protect user data.

ZoeCyber

5/23/2025, 9:10:06 PM

*JAMB Hacking Scandal: 20 Suspects Arrested for CBT Server Sabotage* The Department of State Services and Nigerian Police Force have arrested 20 suspects for allegedly hacking the Joint Admissions and Matriculation Board's (JAMB) Computer-Based Test (CBT) servers. The suspects are part of a larger syndicate of over 100 individuals specializing in hacking examination bodies' servers. *How the Hacking Occurred:* - *Specially designed software*: The syndicate used attacking software to remotely infiltrate and manipulate JAMB servers at targeted CBT centers. - *Routers used for hacking*: The software was installed on routers covertly placed near CBT centers to override JAMB's secure platforms. - *Ghost software*: The software distorted exam data, causing discrepancies between questions answered and actual questions displayed. *Consequences:* - *Widespread failure*: The hacking led to widespread failure in the 2025 exams. - *Candidates paid for high scores*: Candidates paid between ₦700,000 and ₦2 million for high scores. *Arrests and Investigation:* - *20 suspects arrested*: The suspects were arrested in coordinated operations across states, including Lagos, Edo, Anambra, Kano, and Delta. - *Identities withheld*: The suspects' identities are being withheld pending their arraignment in court. - *No evidence of JAMB complicity*: No evidence of complicity has been found against seven JAMB officials who supervised service providers at affected CBT centers. *Next Steps:* - *Investigation ongoing*: The investigation is ongoing, and the suspects will face trial. - *Measures to prevent future hacking*: JAMB and relevant authorities may implement additional security measures to prevent future hacking incidents.

ZoeCyber

6/3/2025, 1:31:45 PM

If you need vulnerable labs to hack on, check out: https://github.com/RedHatPentester And make sure to follow

ZoeCyber

6/17/2025, 8:34:16 AM

*🔐 U.S. Seizes $7.74M in Crypto from North Korea’s Global Fake IT Worker Network: AI, Deep Fakes, and Laptop Farms Fuel Espionage Empire* In a dramatic crackdown on a sprawling North Korean cybercrime empire, the U.S. Department of Justice (DoJ) has seized over $7.74 million in cryptocurrency, NFTs, and digital assets tied to an elaborate fake IT worker scheme used to fund Pyongyang’s weapons program and dodge sanctions. For years, North Korean operatives have quietly embedded fake tech workers into U.S. crypto firms, laundering money through a covert digital network stretching across Russia, China, Laos, the UAE, and beyond. Armed with stolen identities, AI tools like ChatGPT, and fake LinkedIn profiles, these rogue freelancers slipped past due diligence checks, landed remote jobs, and funneled millions in earnings back to the regime. > “North Korea has weaponized remote work,” said Sue J. Bai of the DoJ’s National Security Division. “They’re using our own infrastructure to bankroll their missile programs.” *💻 Behind the Screen: Fake Jobs, Real Damage* Known to cybersecurity experts as Wagemole and UNC5267, the operation dates back to 2017 and has evolved into a state-sponsored cybercrime syndicate. The workers fall into two categories: R-ITWs (Revenue IT Workers): Focused on generating income for the regime. M-ITWs (Malicious IT Workers): Plant backdoors, sabotage crypto systems, or steal IP. To operate, North Korean agents recruited laptop farm facilitators around the globe. One of them, Christina Marie Chapman—a TikTok influencer and former massage therapist—was lured into the scheme via a LinkedIn message. She pled guilty earlier this year and will be sentenced in July. *🌐 A Global Cyberweb of Deceit* Investigators traced over $24 million in crypto flowing through wallets controlled by Sim Hyon-Sop, a Foreign Trade Bank official based in Dubai, and Kim Sang Man, head of a front company called Chinyong, operating under forged Russian identities out of Russia and the UAE. Their laundering operation featured: Laptop farms to mimic U.S.-based remote workers BYOD (Bring Your Own Device) abuse to infiltrate company systems Zoom exploits and stealthy C2 channels using ARP packets and WebSockets Fake domains and malware to steal references and credentials One compromised host was found in Lahore, Pakistan, with browser history exposing translations for fake job references and shipping tech gear across borders. *From Freelance Fraud to Corporate Espionage* Security firm DTEX warns that the operation is growing bolder—shifting from contract work to direct attacks. In some cases, malware-laced campaigns like "Contagious Interview" (aka Gwisin Gang) bypass hiring altogether, hacking into accounts of already-employed developers to gain access. > “These actors don’t just write code—they write deception at scale,” said Matt Ryan, cybersecurity researcher. *What’s Next? Target: Traditional Finance* Experts warn that with traditional banks adopting Web3 and blockchain tech, DPRK’s cyber-ops may soon set their sights on the financial sector. The era of silent infiltration isn’t over—it's just getting smarter.

ZoeCyber

6/8/2025, 12:34:21 PM

*Hackers Crack Nintendo Switch 2 Just One Day After Launch: What You Need to Know* In a stunning display of hacking prowess, security enthusiasts have discovered an exploit in the Nintendo Switch 2 just 24 hours after its launch. The exploit, showcased by Bluesky user David Buchanan, takes advantage of a weakness in the console's shared library, allowing hackers to run custom code on top of the operating system. *The Exploit Explained* According to Buchanan, the exploit is considered "minor" but still significant, as it opens the door to potential custom firmware and homebrew applications. While it's not a full-blown jailbreak, the exploit demonstrates the creativity and determination of the hacking community. *What This Means for Gamers* For Nintendo fans and hackers alike, this exploit is a thrilling development. It could potentially allow for: - Custom firmware: Users might be able to install custom operating systems or modifications, expanding the console's capabilities. - Homebrew applications: Developers could create and run their own apps, games, or tools on the Nintendo Switch 2. *Nintendo's Response* As of now, Nintendo has not officially commented on the exploit. Given the company's history of protecting its intellectual property, it's likely that they'll address this vulnerability in a future update. *The Hacking Community's Reaction* The discovery of this exploit has sent shockwaves through the gaming and hacking communities. Many are eagerly awaiting further developments, speculating about the potential possibilities and implications of this vulnerability. *Conclusion* The Nintendo Switch 2 exploit is a testament to the ingenuity of hackers and the ongoing cat-and-mouse game between console manufacturers and security enthusiasts. As the situation unfolds, we'll keep you updated on any further developments and potential fixes. > Zoecyber

ZoeCyber

5/25/2025, 4:50:30 PM

https://x.com/zoecyber001/status/1926626800936882176?t=7oGWK8gVs_juZd5GoXQgVA&s=19

ZoeCyber

5/22/2025, 9:04:53 PM

*Critical Vulnerability in Windows Server 2025: Active Directory Compromise* A newly discovered vulnerability in Windows Server 2025's Delegated Managed Service Account (dMSA) feature allows attackers to compromise any user in Active Directory (AD), potentially breaching the entire domain. *The Vulnerability:* The dMSA feature, introduced in Windows Server 2025, allows migration from legacy service accounts. However, researchers found that during the Kerberos authentication phase, the Privilege Attribute Certificate (PAC) includes SIDs of the superseded service account and its associated groups. This can lead to privilege escalation. *How it Works:* 1. *Simulated migration*: Attackers can simulate the dMSA migration process to compromise any user, including domain administrators. 2. *No permissions required*: The attack doesn't require permissions over the superseded account, only write permissions over the dMSA attributes. 3. *KDC grants permissions*: The Key Distribution Center (KDC) automatically grants the dMSA every permission the original user had. *Impact:* - *High-impact abuse path*: The vulnerability allows attackers to compromise any user in the domain, gaining similar power to the Replicating Directory Changes privilege used in DCSync attacks. - *Most organizations affected*: 91% of environments examined had users outside the domain admins group with required permissions to perform this attack. *Mitigation:* - *Limit dMSA creation*: Restrict the ability to create dMSAs and harden permissions. - *PowerShell script*: Akamai released a script to enumerate non-default principals who can create dMSAs and list OUs with this permission. *Patch in the Works:* Microsoft is working on a patch, but until then, organizations should take precautions to secure their Active Directory environments.