🔐 #YouTube Creators Beware: Phishing Campaign Steals Accounts to Spread Scams

https://undercodenews.com/youtube-creators-beware-phishing-campaign-steals-accounts-to-spread-scams/

@Undercode_News

🕵️ Serbian Authorities Spy on Journalists and Activists

https://undercodenews.com/serbian-authorities-spy-on-journalists-and-activists/

@Undercode_News

📱 MTN Gears Up for Full-Blown Banking in South Africa: Doubling Down on Mobile Money

https://undercodenews.com/mtn-gears-up-for-full-blown-banking-in-south-africa-doubling-down-on-mobile-money/

@Undercode_News

🚨 Serbia's #Digital Surveillance: A Threat to Civil Liberties

https://undercodenews.com/serbias-digital-surveillance-a-threat-to-civil-liberties/

@Undercode_News

🌐 Nigeria's Booming Internet: Top Providers Offering Unlimited Data

https://undercodenews.com/nigerias-booming-internet-top-providers-offering-unlimited-data/

@Undercode_News

🚨 A Stealthy Threat: The BADBOX #Malware Operation

https://undercodenews.com/a-stealthy-threat-the-badbox-malware-operation/

@Undercode_News

🛒 #Cybercrime Marketplace Rydox Seized, Administrators Arrested

https://undercodenews.com/cybercrime-marketplace-rydox-seized-administrators-arrested/

@Undercode_News

📱 Borrowing with Confidence: A Guide to FCCPC and CBN-Approved Loan Apps in Nigeria

https://undercodenews.com/borrowing-with-confidence-a-guide-to-fccpc-and-cbn-approved-loan-apps-in-nigeria/

@Undercode_News

🚨 A Dark Web Threat Looms Over the Jewelry Industry

https://undercodenews.com/a-dark-web-threat-looms-over-the-jewelry-industry/

@Undercode_News

Nigerian Comedy Reigns Supreme on #YouTube in 2022!

https://undercodenews.com/nigerian-comedy-reigns-supreme-on-youtube-in-2022/

@Undercode_News

#Vodafone Idea Brings 5G to India: A Closer Look

https://undercodenews.com/vodafone-idea-brings-5g-to-india-a-closer-look/

@Undercode_News

🦑𝐏𝐞𝐧𝐭𝐞𝐬𝐭𝐢𝐧𝐠 𝐆𝐖𝐓-𝐑𝐏𝐂 𝐀𝐩𝐩𝐬 👇

Recently I had the "honor" to pentest an app using GWT-RPC requests

GWT-RPC stands for Google Web Toolkit Remote Procedure Calls

You can think about it as an alternative to JSON, XML and forms data

So if you see something like the image below, you are dealing with GWT-RPC

----
H𝐨𝐰 𝐝𝐨 𝐰𝐞 𝐩𝐞𝐧𝐭𝐞𝐬𝐭 𝐢𝐭?

1. 𝐇𝐢𝐝𝐝𝐞𝐧 𝐅𝐮𝐧𝐜𝐭𝐢𝐨𝐧𝐬 -> using the GWTMap tool, enumerate all functions available in the obfuscated {hex} . cache . js file. If you have new functions, use the --rpc flag and send direct commands to them as there's a high chance that they are not protected

2. 𝐁𝐫𝐨𝐤𝐞𝐧 𝐀𝐜𝐜𝐞𝐬𝐬 𝐂𝐨𝐧𝐭𝐫𝐨𝐥 -> chances are developers would assume the protocol is too complicated and hard to read (i.e: it uses some obfuscation). Using two different accounts, replay the requests generated by the app using both session cookies. If it works -> Broken Access Control

3. 𝐈𝐧𝐣𝐞𝐜𝐭𝐢𝐨𝐧 -> all values that look like user controlled data in the String Table and Payload sections can (and should) be fuzzed for common injections attacks, including SQLi, command injection, SSRF, SSTI, etc. but avoid changing the indexes as this might generate an invalid GWT-RCP format

4. 𝐒𝐞𝐫𝐢𝐚𝐥𝐢𝐳𝐚𝐭𝐢𝐨𝐧 - the String Table + Payloads are used together to define and serialize the data provided through the request. Insecure deserialization attacks are an attack vector worth considering

Ref: Andrei Agape
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

⚡️ Silo Renewed for Seasons 3 and 4, Wrapping Up the Series Adaptation

https://undercodenews.com/silo-renewed-for-seasons-3-and-4-wrapping-up-the-series-adaptation/

@Undercode_News

🦑How do you secure remote access in ICS/OT?

Here are 5 tips on how to allow remote access AND secure it.

As much as possible.

1. Multifactor Authentication

This one goes without saying. While MFA isn't a silver bullet...

It vastly decreases the chance an unauthorized party can establish a VPN connection without a valid second factor.

2. On-demand Access

Besides MFA, this is my favorite.

Always assume that any VPN user's system could be compromised.

-> Your vendors.
-> Your employees.
-> Your other third parties.

Once compromised, do you want an attacker having 24x7x365 access into your ICS/OT network?

Of course not.

Limit VPN access to only the time windows in which access is required.

Have the outside parties schedule or call when access is required.

Many say that this is burdensome and too much overhead.

Which I can understand.

You'll have to weigh the advantages and disadvantages for your environment.

For me, I always push for on-demand access to greatly reduce the risk.

3. Implement Harden Jump Hosts

Require remote parties to login to a jump host before accessing ICS/OT resources.

There could even be multiple jump hosts for them to authenticate to.

For these jump hosts, ensure that each system is hardened.

Also ensure that the host's network connectivity is limited to only the IP addresses and ports that are necessary.

4. Monitor for Suspicious Activity

No security solution is perfect.

A VPN can become compromised.

Attackers can gain access to your network.

For when they do, it's important to be watching.

95% of ICS/OT networks don't perform network security monitoring.

This doesn't mean you shouldn't.

Watching your network activity. Your host activity.

All for signs of compromise.

Which brings us to...

5. Record and Monitor Jump Host Activity

This one isn't high on many lists.

But if you have the resources, watch in real-time what remote parties are doing on jump hosts.

Ensure all activity looks legitimate.

And if something looks suspicious, take action!

Thanks for checking out the list!

P.S. Do you know someone with unsecured remote access?


Ref: Mike HolcombMike Holcomb
@UndercodeCommunity
▁ ▂ ▄ U𝕟𝔻Ⓔ𝐫Ć𝔬𝓓ⓔ ▄ ▂ ▁

Underground #Ransomware Group Targets Simmtech Co, Ltd

https://undercodenews.com/underground-ransomware-group-targets-simmtech-co-ltd/

@Undercode_News

🛡️ Upgrading Your SIEM: A Guide to Modern Cybersecurity

https://undercodenews.com/upgrading-your-siem-a-guide-to-modern-cybersecurity/

@Undercode_News

#Windows 11's Evolving Start Menu: A Step Forward, But Still a Nudge Too Far

https://undercodenews.com/windows-11s-evolving-start-menu-a-step-forward-but-still-a-nudge-too-far/

@Undercode_News