Are you up-to-date after Patch Tuesday?

A deep-dive into an exploit you should know about and a few other helpful tips from Microsoft. [View this email in your browser]( SecPro #96: Are you up-to-date after Patch Tuesday? Hello! Welcome back to the _secpro! This week, we've turned our attention mainly to the most recent Patch Tuesday from Microsoft. With [a new zero-day vulnerability]( we've dug down into the details for you. Associated with a new version of the Nokoyawa ransomware, this CLFS vulnerability should be a big concern for anyone who still hasn't updated their systems. But, of course, that's not all. We've also been looking at the news and it's been a busy week! We've included our favourite findings and developments from various organizations, as well as a [new bug bounty opportunity for people who are interested in breaking ChatGPT](. Does that sound like it would interest you? Scroll down and check it out for a chance to win $20,000 from OpenAI. Cheers! [Austin Miller]( Editor in Chief [TELL US WHAT YOU THINK!]( This week's highlights: - [Microsoft Patch Tuesday - April 2023 Edition]( - [ChatGPT Bug Bounty program]( - [Learn Ethical Hacking from Scratch]( - [Learn Cybersecurity with Ian Neil]( - [This Week's Survey]( And with that - on with the show! [_secpro]( [Packt _secpro Newsletter]( [The _secpro Website]( Studying for your Sec+? Taking the first steps into the world of cybersecurity isn't easy. There are many exams available, but many more courses that promise to help you pass those exams. How do you know which ones are right for you and your career trajectory? Thankfully, the CompTIA Sec+ is pretty much the gold standard for getting a foot in the door. We have been working with Ian Neil, an author and cybersecurity trainer, to get you up to scratch for the Sec+ exam. With a free study guide, live training, and online resources, this is a great place to start you journey or supplement any other courses you are using. [Check out Ian's website!]( Ian Neil is one of the world’s top trainers of Security+. He has many years of teaching experience, and a proven ability to break information down into manageable chunks so that complex ideas are clear and easy to understand. This means that people with no background knowledge can gain the skills required to become certified. [Check out Ian's book with Packt!]( Think you're ready to get started? Click the link below! [GET STARTED WITH SEC+]( [ChatGPT offering $20,000 bug bounty]( Did someone mention ChatGPT? Unless you've been living in a cave (and also ignoring your weekly updates from _secpro...), you probably know a fair bit about ChatGPT by now. In the wake of growing questions about the platforms security, OpenAI - the company behind the revolutionary software - has offered a [$20,000 bug bounty]( for anyone who can find an "exceptional discovery". What that entails, we're not 100% sure. But if you are the kind of person who is into trying to break things, this is a golden opportunity. [FIND OUT MORE HERE!]( This Week's News... Microsoft - The [Patch Tuesday blog]( has kept up to date with the latest updates from April's Patch Tuesday. Checking your updates against this list is an excellent way to make sure your systems won't crash when you roll them out and you haven't missed anything either. General updates - [The United States Securities and Exchange Commission]( has released updated demands for organizations that have experienced a breach. If you are currently working in America, now is a good time to get familiar with [the new requirements](. - [WhatsApp]( has introduced a new security feature called Device Lock to enhance the security of users' accounts. The feature aims to prevent unauthorized access to users' accounts and protect against SIM swap attacks, where attackers gain access to a user's phone number and use it to access their WhatsApp account. Google - Google has announced new initiatives to reduce the risk of vulnerabilities and protect researchers, in addition to launching the [Google Zero Trust]( cybersecurity program. The company is implementing a new program called "Vulnerability Reward Research Grants" that will provide funding to support security researchers in their work to identify and report vulnerabilities in Google products. - Google is also expanding its existing [bug bounty program]( to include more products and services, and is increasing the rewards for eligible vulnerabilities. The company has also created a new team, called the "Security Research Grants Team", to oversee these initiatives and work with the broader security research community. Threat Actors - The Lazarus hacker group has evolved its tactics and techniques to target cryptocurrency exchanges and financial institutions, [SecureList reports](. The group is now using social engineering and spear-phishing to gain access to sensitive information and steal funds. Experts have dubbed this campaign DeathNote. - A new cybercrime group called [RTM Locker]( has emerged and is actively targeting businesses and organizations with ransomware attacks, according to Trellix. The group is believed to be based in Russia and is using sophisticated techniques to evade detection and encryption to lock victims' files. The ransom demand ranges from $50,000 to $250,000 in cryptocurrency. - A new hacking tool called Legion has been developed by a cybercriminal group and is being offered for sale on hacking forums, [according to Cado](. The tool is written in Python and is designed to automate the process of attacking web applications, making it easier for hackers to carry out attacks. The tool is also equipped with features such as multi-threading, proxy support, and CAPTCHA solving to help bypass security measures. This Week's Editorial Articles [Microsoft Patch Tuesday – April 2023 Edition]( Patch Tuesdays can be a nightmare for cybersecurity professionals and system administrators alike. But the _secpro team is on hand to lend some advice, showing you exactly what has been fixed this past week. A total of 79 issues were patched, but only a solitary zero-day has been found this time! That’s some progress over the last few months. For our rundown this month, we’ll do a deep dive into CVE-2023-28252 as well as some shorter remarks on other vulnerabilities. Plenty to keep you busy while the systems update! CVE-2023-28252 Here’s the big one – this month’s single zero-day vulnerability. In predictable style, there are already conflicting reports about whether this vulnerability has been exploited or not. But we’ll get to that in a minute. Ranking at 7.8 on the CVSS, this vulnerability doesn’t seem to have been quite as dangerous as some that we’ve seen in the past. But the name should give us some clues about how the adversary could exploit this: Windows Common Log File System Driver Elevation of Privilege Vulnerability. [READ THE REST HERE!]( Cybersecurity Fundamentals [Learn Ethical Hacking from Scratch]( We've changed course! This time, we're taking a quick look at [Learn Ethical Hacking from Scratch](. Make sure to check out the book to set up your systems for the lessons, then dive in with the _secpro! [LIKE WHAT YOU SEE? CLICK HERE]( Targeted packet sniffing Once we have a network (or a group of networks) to target, it's useful to run airodump-ng on that network only, instead of running it on all of the networks around us. In this section, we'll see how to do that. - We are currently running airodump-ng on all of the networks around us; we are going to target the network with the BSSID, EC:1A:59:5A:E1:46. That's our test network, the Test. We are going to sniff on that network only. To do this, we're going to use the same program. The command will be as follows: airodump-ng --channel 10 --bssid EC:1A:59:5A:E1:46 --write test-upc wlan0 - We need to specify the channel. The --channel here is number 10, as you can see in the preceding code snippet; the --bssid should be the MAC address of the target network. We are going to add a --write option; this tells airodump-ng to log all of the packets that it captures into a file. We also need a filename, so let's call it test-upc. We then put the name of our Wi-Fi card (in monitor mode), and it's wlan0. - Then, we press Enter, and, as you can see, the only network that shows up is Test; we don't have any other networks listed. In the previous screenshot (in the Targeted packet sniffing section), we had too many networks, so not all of the information was visible. - When we see EC:1A:59:5A:E1:46, that's the MAC address of the network that the client is connected to. The MAC address in the first section is the same as the MAC address in the second section. That means that this client is connected to network EC:1A:59:5A:E1:46. The STATION is the MAC address of the client—the MAC address of the device that is connected to the network. The PWR is the distance between us and the device, and the Rate is the maximum speed that the device is running on. Lost is the number of packets that we have lost (that we couldn't capture from the target device), and Frames is the number of useful packets that we collected from that device. We will talk more about frames and data when we study WEP cracking in [Chapter 6]( Network Penetration Testing – Gaining Access. - The first main part of airodump-ng is the APs that are within our Wi-Fi range, and the second part is the clients that are associated with those APs. We also have the MAC address of the AP and the MAC address of the actual client. Now, we are going to use Ctrl + C to stop sniffing. All of the data has been logged into a file called test-upc, and we will use ls, which is a command to list files in Linux; if we add * after it, we will see that airodump-ng automatically created four file formats. - In our command, we only specified the filename as test-upc; airodump-ng automatically added a 01 to the filename, just in case there was another file that had the same name. We can see four different file formats—CAP, CSV, KISMET, and KIDMET XML. - If we execute pwd, we will see that we're in the root directory. After we sniff the packets, we can use a program, such as Wireshark, to analyze the packets and see what information was gathered. The problem with this specific network is that it uses WPA2 encryption, so all of the packets are encrypted, and we can't decrypt them unless we have a key. We're going to discuss how to crack the key in later chapters of this book. - We're going to discuss how to use Wireshark in [Chapter 7]( Post Connection Attacks, of this book, so for now, we are just going to run Wireshark to give you a quick look at how the packets show up. They're not going to be useful, because they're encrypted. We'll open the Wireshark tool by implementing the wireshark command, then go to the option File | Open. - Look for the test-upc.cap file in the /root directory. After opening the capture file, we can see some information—for example, what kind of device the source device is. We can also see (in the preceding screenshot) that there is a device communicating with Belkin; the MAC addresses; the devices; and the manufacturers. This is very simple information, because the network is encrypted. If it were an open network, we could connect straight away, and jump to further sections about penetration testing. For now, we just wanted you to see how the packets look when the network is encrypted. In the future, you will learn more about it. Want to get a step-by-step guide of how to connect to a wireless adapter? [Click the link and check out the book]( It's free! Have You Tried...? Ethical hacking - it's the name of the game. If you're an aspiring white hat, these are some great tools to get you started. - [husnainfareed/Awesome-Ethical-Hacking-Resources]( - If you're not sure where to start, here's a good place to get going. - [Samsar4/Ethical-Hacking-Labs]( - Labs are great, especially when they're free. - [SHathi28/Ethical-Hacking-Python-Scripts]( - Comfortable with Python? Here are some Python scripts to start hacking away. - [PacktPublishing/Python-Ethical-Hacking]( - Same again, but this time from the gang at Packt. - [Purp1eW0lf/HackTheBoxWriteups]( - Some tips and tricks for using Hack the Box. [FORWARDED THIS EMAIL? SIGN UP HERE]( [NOT FOR YOU? UNSUBSCRIBE HERE]( Copyright © 2023 Packt Publishing, All rights reserved. As a GDPR-compliant company, we want you to know why you’re getting this email. The _secpro team, as a part of Packt Publishing, believes that you have a legitimate interest in our newsletter and the products associated with it. Our research shows that you opted-in for communication with Packt Publishing in the past and we think that your previous interest warrants our appropriate communication. If you do not feel that you should have received this or are no longer interested in _secpro, you can opt out of our emails using the unsubscribe link below. Our mailing address is: Packt Publishing Livery Place, 35 Livery StreetBirmingham, West Midlands, B3 2PB United Kingdom [Add us to your address book]( Want to change how you receive these emails? You can [update your preferences]( or [unsubscribe from this list](.