VM#009

Author

Alicja Pawlowska
December 29, 2024

Hi Everyone,

This is the last newsletter in this year!

This year was turbulent but very rewarding journey.

Last winter, I considered quitting OSINT due to burnout, unable to change job either locally or internationally. After leaving my full-time job without a backup plan, I joined the Switchfire test group, thanks Gary 👋, which helped me set new goals. Then I started publishing daily on LinkedIn, a challenging yet educational experience.

I began freelancing, enjoying OSINT again, and started this newsletter in September. New collaborations including working with investigative journalists came my way, working on cases that are both important and exciting to me. Now, I feel I'm where I should be.

I wish for you to trust your intuition and pursue your goals, even in the face of fear.

Let's check up the latest cybersecurity roundup.

Cybersecurity News

  • ESA Store Hack: Cyber attackers compromised the European Space Agency's online store, stealing payment card information. Find out more.

  • Volkswagen faces a significant data breach, compromising the location data of 800,000 electric vehicles - VW, Audi, Seat, and Skoda EV. Find out more.

Vulnerabilities & Exploits & Hacks

  • G-Door allows malicious actors to circumvent Microsoft 365 security measures by exploiting unmanaged Google Docs accounts. Find out more.

  • Bluesky Typosquatting: A recent incident on Bluesky demonstrated how typosquatting, the practice of registering misleading domain names similar to those of well-known entities, can be used in an extortion scheme. This exploitation highlighted serious deficiencies in the platform's moderation, enabling impersonation and identity theft of notable users.

  • McDelivery India Hack: A security researcher discovered vulnerabilities in McDonald's India McDelivery API, allowing for cheap orders and access to user data, posing risks of financial loss, privacy breaches, and potential identity theft. Find out more.

Threat Hunting & Malware

  • NotLockBit, a new ransomware strain mimicking LockBit, targets both macOS and Windows, using Go for cross-platform capabilities, and features advanced tactics like data exfiltration to AWS S3 buckets and self-deletion to evade detection. Find out more.

  • AD-ThreatHunting Unveiled: a powerful new tool designed to elevate Active Directory threat detection with features like real-time monitoring, pattern recognition, and comprehensive attack simulations, tailored for defenders to hunt smarter and harder.

Learning

  • Mastering Bug Bounty and Pentest Reporting: Learn essential techniques for crafting detailed and effective reports. Find out more.

📰 Reports

  • I stumbled upon an interesting report while searching for something else: the Global Initiative Against Transnational Organized Crime's November 2024 study on innovative drug trafficking methods in Russia. Report.

2025 Ransomware Survival Guide: Flashpoint’s comprehensive guide to protecting against infostealers, exploits, and ransomware threats. Report.

Espionage & Counterintelligence

  • Kremlin Leaks reveal Putin's regime funding massive AI Surveillance, using facial recognition to target dissenters.
    This article was published some time ago but remains relevant. It's from our English outlet - VSquare. 🇵🇱 version.

  • Angry Birds at the center of global tracking database - Insightful talk by Bert Hubert, 23:30 starting

  • Chinese Ownership of 900+ Dutch Companies Sparks Espionage Concerns: Experts warn that China's control over Dutch firms in key sectors like telecom and energy could lead to espionage, with the AIVD highlighting China as a major threat to economic security.

  • Strasbourg Espionage: Classified Turkish government documents disclose that Turkey’s primary intelligence agency MIT has discreetly set up a surveillance and monitoring operation in a well-protected French city.

Fact checking

  • CNN showcased a video of Clarissa Ward freeing "Adel Gharbal" from a secret Syrian jail. However, the Syrian fact-checking organization Verify-Sy revealed that "Gharbal" was actually known as "Abu Hamza," a notorious officer in Syrian Air Force Intelligence. A.Hamza managed security checkpoints in Homs, involved in theft, extortion, and coercing informants.

SOCMINT

  • Facebook anonymous commenting: This is what I discovered in recent days, analyzing groups with illicit content. The latest update slowly rolling out to users in CEE regions introduces the ability to comment anonymously in groups. In groups where this feature is activated, members can leave comments without their name or profile picture being visible to other members. However, these comments still require admin approval before appearing, and group admins and moderators can see who made the comment, even if it's anonymous to the rest of the group.

OSINT

The GeoSpy offers a $10k prize for solving an GEOINT challange based on a single image, with the investigation still ongoing in the 🧵- who will take up the challenge?

Tools

  • Whatsapp numer check: tool1 & tool2

  • Osintracker is a tool designed to help manage OSINT investigations by tracking research progress and visualizing data, and it serves as a simpler, streamlined alternative to Maltego. I've been using it since it hit the market; currently, it's in freemium mode, but it will soon become a paid service. Tutorial how to use it.

  • xeuledoc - python tool to gather information from any public Google document across services like Drive, Docs, Sheets, Slides, etc.

Reverse Image

  • Bing Visual Search is now integrated in Windows Photos.

  • Apple's Google Lens alternative.

Google Updates

  • [Old tip] Google Voice, a service providing a free, geographically limited - mostly it works in the U.S. phone number that can be used as a burner number to register to Meta accounts (sock puppets). This service allows you to make calls, send texts, and set up voicemail from any device.

  • Google's 2024 AI highlights include 60 major announcements from Gemini to NotebookLM.

  • From January 15, 2025, Google will allow ads for cryptocurrency exchanges, software, and hardware wallets in the UK, provided advertisers are FCA-registered and Google-certified.

Darknet

  • Is monero totally private? A comprehensive analysis of de-anonymization attacks against the privacy coin.

  • Life sentence for Hydra's alleged Founder in landmark Darknet Case: A Russian court sentenced the alleged founder of the darknet marketplace Hydra, Stanislav Moiseyev, to life imprisonment, with 15 accomplices receiving 8 to 23 years, marking a historic legal action against the platform known for facilitating the trade of illegal goods. News is from the Recorded Future.

  • On December 18, 2024, the Russian Prosecutor General's Office declared the activities of the U.S.-based organization Recorded Future undesirable in Russia, citing its involvement in cyber threat analysis and alleged support for propaganda and operations against Russia. Read more. (.ru domain)

Upcoming CyberSec / OSINT Events

Free

Osint Advent tips

  • OSINT Advent Tips: Benjamin Strick  shared a daily OSINT tip throughout December on his LinkedIn as part of his OSINT Advent Series.

  • OSINT Christmas Series: Last week Joshua Richards kicked off his YouTube channel with simple OSINT tips in his OSINT Christmas Series.

CTF

  • Hacktoria CTF Events: Every 1st of the month at 9PM EET, Hacktoria launches a new CTF challenge. Competitions feature separate scoreboards for individuals and teams. The first challenge of 2025, Operation Phoenix (January 1st), is just around the corner. With a green light from Frank (co-founder), I can share that the storyline will center on tracking a new and dangerous drug spreading across the globe, featuring a highly realistic scenario. Participants will work to uncover and disrupt its supply lines. Score submissions are open for three weeks, but challenges remain playable afterward. Check their website.

Webinar

  • OSINT 101: Join a free, live webinar on January 2, 2025, covering OSINT fundamentals in an engaging, interactive format. Perfect for beginners, this 8-hour course includes lessons on OPSEC, advanced search techniques, and social media insights. Registration.

🙃Bonus

  • Holiday Offer from i-intelligence: Get 10% off all courses until 12 January 2025 with code INTXMAS10Register here. Skip Schiphorst is a great instructor to teach how to find anything you want in Chinese&Arabic eco system.

  • arcX Sale Alert: Last Chance for 70% Off CREST-Accredited Cyber Training - Ends January 2nd!