Despite growing awareness, organizations remain plagued with unpatched vulnerabilities and weaknesses in credential policies.

Weak credential policies and a lax approach to patching were among the most common points of IT security failure for organizations in 2022, while a failure to configure tools properly could leave organizations open to attack.

That's according to a recent study by cybersecurity firm Horizon3.ai, based on findings from approximately 7,000 penetration tests that evaluated approximately 1 million assets.

Of the Top 10 vulnerabilities Horizon3.ai detected in 2022, the use of weak or reused credentials topped the list, followed by weak or default credential checks in protocols (SSH and FTP) and threat actors using Dark Web credential dumps from Windows or Linux hosts.

Exploitation of critical vulnerabilities on CISA's list of Top 15 Routinely Exploited Vulnerabilities list, as well as the exploitation of critical VMware vulnerabilities, rounded out the top five.

Corey Sinclair, cyber-threat intelligence analyst for Horizon3.ai, explains that professionals are challenged by balancing the three factors of security, functionality, and usability. The requirements of the end user, usability and functionality, are often at odds with or contradictory to the best security practices.

"To ease our own burden, we as individuals tend to shy away from the difficult, and move to what's easy and convenient," he says. "This means having fewer or easier credential requirements."

Individuals thus tend to reuse credentials when they know they should have unique passwords for everything, and organizations fail to enforce stronger credential requirements or invest in a companywide password solution.

Sinclair adds that sometimes, companies simply don't know to go back and check to see if default credentials were changed when a new technology is brought online.

Security teams should be on notice: The successful combo of using stolen credentials and social engineering to breach networks is increasing the demand for infostealers on the Dark Web, according to Accenture's Cyber Threat Intelligence team (ACTI), which recently surveyed the infostealer malware landscape over 2022.

That report also warned that malicious actors are combining stolen credentials and social engineering to carry out high-profile breaches and leveraging multifactor authentication (MFA) fatigue attacks.

**Patching & Misconfigurations Are a Pain Point**

The survey also found that known critical vulnerabilities were regularly exploited, while popular DevOps tools and resources, including Docker and Kubernetes, were riddled with misconfigurations and vulnerabilities.

"Patching and misconfigurations essentially come down to scale and prioritization," Sinclair says. "Depending on the size and infrastructure of a company's IT department, it will determine how quickly and effectively a company can find what needs to be patched or configured."

Additionally, not all organizations know what to patch, and how to prioritize what needs to be patched first.

"With the plethora of CVEs and vulnerabilities being released daily, most companies find it hard to keep up with, let alone fix what matters, before threat actors exploit them," he adds.

From his perspective, companies must take a different approach to security, in which they view their environments through the eyes of the attacker.

"They need to view their environment and prioritize \[fixes\] based on what is actually reachable, vulnerable, and exploitable," he says. "This mindset shift allows the company to stay one step ahead of the adversary, while ensuring they have a constant pulse on their environment's security posture."

Organizations without the time or talent to patch or review for misconfigurations may find patching-as-a-service (PaaS) a way to improve security, but a successful program will require accurate and robust asset management tools so the vendor knows what's live in the client's environment, he adds.

**Adoption of Multifactor Technologies in 2023**

Sinclair points out that while it is "way too early" to tell what 2023 will bring on the cybersecurity defense front, he believes there are going to be more and more companies adopting new multifactor technologies to aid in the fight against credential reuse and weak credentials.

"By adopting these technologies, it will push cyber-threat actors to find other vulnerabilities and weaknesses to exploit," he says. "As the cybersecurity world is always shifting and evolving, staying one step ahead of malicious cyber-threat actors is paramount."

Patching & Passwords Lead the Problem Pack for Cyber-Teams

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).
Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.
"This is not believed to be exploitable, and it occurs in the unprivileged pre-auth

Authentication / Vulnerability

The maintainers of OpenSSH have released OpenSSH 9.2 to address a number of security bugs, including a memory safety vulnerability in the OpenSSH server (sshd).

Tracked as CVE-2023-25136, the shortcoming has been classified as a pre-authentication double free vulnerability that was introduced in version 9.1.

"This is not believed to be exploitable, and it occurs in the unprivileged pre-auth process that is subject to chroot(2) and is further sandboxed on most major platforms," OpenSSH disclosed in its release notes on February 2, 2023.

Credited with reporting the flaw to OpenSSH in July 2022 is security researcher Mantas Mikulenas.

OpenSSH is the open source implementation of the secure shell (SSH) protocol that offers a suite of services for encrypted communications over an unsecured network in a client-server architecture.

"The exposure occurs in the chunk of memory freed twice, the 'options.kex\_algorithms,'" Qualys researcher Saeed Abbasi said, adding the issue results in a "double free in the unprivileged sshd process."

Double free flaws arise when a vulnerable piece of code calls the free() function – which is used to deallocate memory blocks – twice, leading to memory corruption, which, in turn, could lead to a crash or execution of arbitrary code.

"Doubly freeing memory may result in a write-what-where condition, allowing an attacker to execute arbitrary code," MITRE notes in its description of the flaw.

"While the double-free vulnerability in OpenSSH version 9.1 may raise concerns, it is essential to note that exploiting this issue is no simple task," Abbasi explained.

"This is due to the protective measures put in place by modern memory allocators and the robust privilege separation and sandboxing implemented in the impacted sshd process."

Users are recommended to update to OpenSSH 9.2 to mitigate potential security threats.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

OpenSSH Releases Patch for New Pre-Auth Double Free Vulnerability

Julius "Zeekill" Kivimäki, a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest.

**Julius “Zeekill” Kivimäki,** a 25-year-old Finnish man charged with extorting a local online psychotherapy practice and leaking therapy notes for more than 22,000 patients online, was arrested this week in France. A notorious hacker convicted of perpetrating tens of thousands of cybercrimes, Kivimäki had been in hiding since October 2022, when he failed to show up in court and Finland issued an international warrant for his arrest.

In late October 2022, Kivimäki was charged (and “arrested in absentia,” according to the Finns) with attempting to extort money from the **Vastaamo Psychotherapy Center**. In that breach, which occurred in October 2020, a hacker using the handle “Ransom Man” threatened to publish patient psychotherapy notes if Vastaamo did not pay a six-figure ransom demand.

Vastaamo refused, so Ransom Man shifted to extorting individual patients — sending them targeted emails threatening to publish their therapy notes unless paid a 500-euro ransom.

When Ransom Man found little success extorting patients directly, they uploaded to the dark web a large compressed file containing all of the stolen Vastaamo patient records.

But as documented by KrebsOnSecurity in November 2022, security experts soon discovered Ransom Man had mistakenly included an entire copy of their home folder, where investigators found many clues pointing to Kivimäki’s involvement. From that story:

“Among those who grabbed a copy of the database was **Antti Kurittu**, a team lead at **Nixu Corporation** and a former criminal investigator. In 2013, Kurittu worked on an investigation involving Kivimäki’s use of the Zbot botnet, among other activities Kivimäki engaged in as a member of the hacker group Hack the Planet (HTP).”

“It was a huge opsec \[operational security\] fail, because they had a lot of stuff in there — including the user’s private SSH folder, and a lot of known hosts that we could take a very good look at,” Kurittu told KrebsOnSecurity, declining to discuss specifics of the evidence investigators seized. “There were also other projects and databases.”

According to the French news site actu.fr, Kivimäki was arrested around 7 a.m. on Feb. 3, after authorities in Courbevoie responded to a domestic violence report. Kivimäki had been out earlier with a woman at a local nightclub, and later the two returned to her home but reportedly got into a heated argument.

Police responding to the scene were admitted by another woman — possibly a roommate — and found the man inside still sleeping off a long night. When they roused him and asked for identification, the 6′ 3″ blonde, green-eyed man presented an ID that stated he was of Romanian nationality.

The French police were doubtful. After consulting records on most-wanted criminals, they quickly identified the man as Kivimäki and took him into custody.

Kivimäki initially gained notoriety as a self-professed member of the Lizard Squad, a mainly low-skilled hacker group that specialized in DDoS attacks. But American and Finnish investigators say Kivimäki’s involvement in cybercrime dates back to at least 2008, when he was introduced to a founding member of what would soon become HTP.

Finnish police said Kivimäki also used the nicknames “Ryan”, “RyanC” and “Ryan Cleary” (Ryan Cleary was actually a member of a rival hacker group — LulzSec — who was sentenced to prison for hacking).

Kivimaki and other HTP members were involved in mass-compromising web servers using known vulnerabilities, and by 2012 Kivimäki’s alias Ryan Cleary was selling access to those servers in the form of a DDoS-for-hire service. Kivimäki was 15 years old at the time.

The DDoS-for-hire service allegedly operated by Kivimäki in 2012.

In 2013, investigators going through devices seized from Kivimäki found computer code that had been used to crack more than 60,000 web servers using a previously unknown vulnerability in **Adobe’s ColdFusion** software.

KrebsOnSecurity detailed the work of HTP in September 2013, after the group compromised servers inside data brokers LexisNexis, Kroll, and Dun & Bradstreet.

The group used the same ColdFusion flaws to break into the National White Collar Crime Center (NWC3), a non-profit that provides research and investigative support to the **U.S. Federal Bureau of Investigation** (FBI).

As KrebsOnSecurity reported at the time, this small ColdFusion botnet of data broker servers was being controlled by the same cybercriminals who’d assumed control over **ssndob\[.\]ms**, which operated one of the underground’s most reliable services for obtaining Social Security Number, dates of birth and credit file information on U.S. residents.

Multiple law enforcement sources told KrebsOnSecurity that Kivimäki was responsible for making an August 2014 bomb threat against former **Sony Online Entertainment President John Smedley** that grounded an American Airlines plane. That incident was widely reported to have started with a tweet from the Lizard Squad, but Smedley and others said it started with a call from Kivimäki.

Kivimäki also was involved in calling in multiple fake bomb threats and “swatting” incidents — reporting fake hostage situations at an address to prompt a heavily armed police response to that location.

Kivimäki’s apparent indifference to hiding his tracks drew the interest of Finnish and American cybercrime investigators, and soon Finnish prosecutors charged him with an array of cybercrime violations. At trial, prosecutors presented evidence showing he’d used stolen credit cards to buy luxury goods and shop vouchers, and participated in a money laundering scheme that he used to fund a trip to Mexico.

Kivimäki was ultimately convicted of orchestrating more than 50,000 cybercrimes. But largely because he was still a minor at the time (17) , he was given a 2-year suspended sentence and ordered to forfeit EUR 6,558.

As I wrote in 2015 following Kivimäki’s trial:

> “The danger in such a decision is that it emboldens young malicious hackers by reinforcing the already popular notion that there are no consequences for cybercrimes committed by individuals under the age of 18.
> 
> Kivimäki is now crowing about the sentence; He’s changed the description on his Twitter profile to “Untouchable hacker god.” The Twitter account for the Lizard Squad tweeted the news of Kivimäki’s non-sentencing triumphantly: “All the people that said we would rot in prison don’t want to comprehend what we’ve been saying since the beginning, we have free passes.”

Something tells me Kivimäki won’t get off so easily this time, assuming he is successfully extradited back to Finland. A statement by the Finnish police says they are seeking Kivimäki’s extradition and that they expect the process to go smoothly.

Kivimäki could not be reached for comment. But he has been discussing his case on Reddit using his legal first name — **Aleksanteri** (he stopped using his middle name Julius when he moved abroad several years ago). In a post dated Jan. 31, 2022, Kivimäki responded to another Finnish-speaking Reddit user who said they were a fugitive from justice.

“Same thing,” Kivimäki replied. “Shall we start some kind of club? A support organization for wanted persons?”

Finland’s Most-Wanted Hacker Nabbed in France

In Progress WS_FTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows.

**Proven, Reliable, Secure FTP Software**

The Progress WS\_FTP product line provides both an effective, highly manageable FTP server and the ability to provide each user a secure FTP client, assuring both reliability and security for data sharing processes.

The solution

**Business-Grade FTP Software**

WS\_FTP secure file transfer products use industry-leading security at every level of data management, protecting data before, during, after transit, and verifying that files reach intended destinations uncompromised. With our solutions, you have the power to automate important tasks and integrate transfer activities with existing workflows and applications.

**Secure FTP Server**

WS\_FTP Server is the easiest way to securely store,  
share and transfer information between systems,  
applications, groups and individuals.

**Secure FTP Client**

Over 40 million people use WS\_FTP Professional Client to simplify file transfer tasks, save time, and improve communications. tasks, save time, and improve

THE BUSINESS BENEFIT

**Securely Send and Receive Business-Critical Information**

WS\_FTP delivers the strongest levels of encryption on the market. Industry-leading 256-bit AES  
encryption and FIPS 140-2 validated cryptography secures files during transfers over SSL/FTPS  
and SSH/SFTP protocols.

*   **Ensure the security and integrity of your files **
    
    With the strongest end-to-end encryption available and built-in integrity checking, WS\_FTP client-server solution does more than any other to protect your most sensitive data, before, during and after transfer.
    

*   **Assure Regulatory Compliance  **
    
    Track all track data movement and use auditable records of client-server connections and administrator activities to meet compliance regulations, industry standards, and corporate governance policies.
    

*   **Automate tasks and save time **
    
    Schedule one-time or recurring transfers, integrate transfers into your existing workflows, configure event-driven email notifications, and much more.
    

*   **Implement a cost-effective solution  **
    
    Virtualization and silent install features make standardizing across the business fast and cost-effective. Flexible licensing means it’s easy to implement the ideal mix of products and services for your company.
    

**Success Stories**

**Rocksteady Protects Creative Assets with WS\_FTP**

Gaming company, Rocksteady Studios, uses WS\_FTP Client and Server to securely transfer assets between their studio and outside agencies.

Read the Story

**Frequently Asked Questions**

**What is FTP software?**

FTP (File Transfer Protocol) is a standard internet protocol used, as the name suggests, to transfer files between computers. 

**How do I use FTP?**

Historically, FTP has been a popular means of moving large files between systems or between desktops and  
systems.

**Where Can I Find FTP software?**

Progress offers the world's most popular commercial FTP client, WS\_FTP Professional and the highly  
popular WS\_FTP Server, both of which support SFTP.

**Progress WS\_FTP**

Making the networked world a safer place to share data.

CVE-2023-24029: WS_FTP - Secure FTP Server and Client Software

At least 1,200 Redis servers worldwide have been infected with "HeadCrab" cryptominers since 2021.

An unknown threat actor has been quietly mining Monero cryptocurrency on open source Redis servers around the world for years, using a custom-made malware variant that is virtually undetectable by agentless and conventional antivirus tools.

Since September 2021, the threat actor has compromised at least 1,200 Redis servers — that thousands of mostly smaller organizations use as a database or a cache — and taken complete control over them. Researchers from Aqua Nautilus, who spotted the campaign when an attack hit one of its honeypots, are tracking the malware as "HeadCrab."

**Sophisticated, Memory-Resident Malware**

In a blog post this week, the security vendor described HeadCrab as memory-resident malware that presents an ongoing threat to Internet-connected Redis servers. Many of these servers don't have authentication enabled by default because they are meant to run on secure, closed networks.

Aqua's analysis of HeadCrab showed that the malware is designed to take advantage of how Redis works when replicating and synchronizing data stored across multiple nodes within a Redis Cluster. The process involves a command that basically allows administrators to designate a server within a Redis Cluster as a "slave" to another "master" server within the cluster. Slave servers synchronize with the master server and perform a variety of actions, including downloading any modules that might be present on the master server. Redis modules are executable files that administrators can use to enhance the functionality of a Redis server.

Aqua's researchers found HeadCrab exploiting this process to load a cryptocurrency miner on Internet-exposed Redis systems. With the attack on its honeypot, the threat actor, for instance, used the legitimate SLAVEOF Redis command to designate the Aqua honeypot as the slave of an attacker-controlled master Redis server. The master server then initiated a synchronization process in which the threat actor downloaded a malicious Redis module containing the HeadCrab malware.

Asaf Eitani, security researcher at Aqua, says several features of HeadCrab suggest a high degree of sophistication and familiarity with Redis environments.

One big sign of that is the usage of the Redis module framework as a tool to perform malicious actions — in this case, downloading the malware. Also significant is the malware's use of the Redis API to communicate with an attacker-controlled command-and-control server (C2) hosted on what appeared to be a legitimate but compromised server, Eitani says. 

"The malware is specifically built for Redis servers, as it heavily relies on Redis Modules API usage to communicate with its operator," he notes.

HeadCrab implements sophisticated obfuscation features to remain hidden on compromised systems, executes more than 50 actions in a completely fileless fashion, and uses a dynamic loader to execute binaries and evade detection. "The threat actor is also modifying the normal behavior of the Redis service to obscure its presence and to prevent other threat actors from infecting the server by the same misconfiguration he used to gain execution," Eitani notes. "Overall, the malware is very complex and uses multiple methods to achieve an edge on defenders."

The malware is optimized for cryptomining and appears custom-designed for Redis servers. But it has built-in options to do a lot more, Eitani says. As examples, he points to HeadCrab's ability to steal SSH keys to infiltrate other servers and potentially steal data and also its ability to load a fileless kernel module to completely compromise a server's kernel.

Assaf Morag, threat lead analyst at Aqua, says the company has not been able to attribute the attacks to any known threat actor or group of actors. But he suggests that organizations using Redis servers should assume a full breach if they detect HeadCrab on their systems.

"Harden your environments by scanning your Redis configuration files, ensure the server requires authentication and doesn't allow "slaveof" commands if not necessary, and do not expose the server to the Internet if not necessary," Morag advises.

Morag says a Shodan search showed more than 42,000 Redis servers connected to the Internet. Of this, some 20,000 servers allowed some sort of access and can potentially be infected by a brute-force attack or vulnerability exploit, he says.

HeadCrab is the second Redis-targeted malware that Aqua has reported in recent months. In December, the security vendor discovered Redigo, a Redis backdoor written in the Go language. As with HeadCrab, Aqua discovered the malware when threat actors installed on a vulnerable Redis honeypot.

"In recent years, Redis servers have been targeted by attackers, often through misconfiguration and vulnerabilities," according to Aqua's blog post. "As Redis servers have become more popular, the frequency of attacks has increased."

Scores of Redis Servers Infested by Sophisticated Custom-Built Malware

OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be triggered by an unauthenticated attacker in the default configuration; however, the vulnerability discoverer reports that "exploiting this vulnerability will not be easy."

untrusted comment: verify with openbsd-72-base.pub RWQTKNnK3CZZ8JQ0BBt1FH1BwcLmKysVlCL+YqQzyPJ2Qdxm4k/khLREjXoXNdeQgkCG9ByzGCaM9IKaS6/9pt5vKh/+eb9swgI= OpenBSD 7.2 errata 017, February 2, 2023: A double-free in the sshd pre-auth unprivileged process (not believed to be exploitable). Apply by doing: signify -Vep /etc/signify/openbsd-72-base.pub -x 017\_sshd.patch.sig \\ -m - | (cd /usr/src && patch -p0) And then rebuild and install sshd: cd /usr/src/usr.bin/ssh make obj make make install Index: usr.bin/ssh/compat.c =================================================================== RCS file: /cvs/src/usr.bin/ssh/compat.c,v diff -u -p -u -r1.120 compat.c --- usr.bin/ssh/compat.c 1 Jul 2022 03:35:45 -0000 1.120 +++ usr.bin/ssh/compat.c 31 Jan 2023 15:43:48 -0000 @@ -188,26 +188,26 @@ compat\_pkalg\_proposal(struct ssh \*ssh, c char \* compat\_kex\_proposal(struct ssh \*ssh, char \*p) { - char \*cp = NULL; + char \*cp = NULL, \*cp2 = NULL; if ((ssh->compat & (SSH\_BUG\_CURVE25519PAD|SSH\_OLD\_DHGEX)) == 0) return xstrdup(p); debug2\_f("original KEX proposal: %s", p); if ((ssh->compat & SSH\_BUG\_CURVE25519PAD) != 0) - if ((p = match\_filter\_denylist(p, + if ((cp = match\_filter\_denylist(p, "curve25519-sha256@libssh.org")) == NULL) fatal("match\_filter\_denylist failed"); if ((ssh->compat & SSH\_OLD\_DHGEX) != 0) { - cp = p; - if ((p = match\_filter\_denylist(p, + if ((cp2 = match\_filter\_denylist(cp ? cp : p, "diffie-hellman-group-exchange-sha256," "diffie-hellman-group-exchange-sha1")) == NULL) fatal("match\_filter\_denylist failed"); free(cp); + cp = cp2; } - debug2\_f("compat KEX proposal: %s", p); - if (\*p == '\\0') + debug2\_f("compat KEX proposal: %s", cp); + if (\*cp == '\\0') fatal("No supported key exchange algorithms found"); - return p; + return cp; }

CVE-2023-25136

By Waqas
An OSINT tool is a must for every researcher - In this article, we will explore the 15 best OSINT tools that you can use for your investigations.
This is a post from HackRead.com Read the original post: What is an OSINT Tool – Best OSINT Tools 2023

Open Source Intelligence (OSINT) tools are an invaluable resource for companies, organizations cybersecurity researchers and students. In this article, we will explore the 15 best OSINT tools that you can use for your investigations and education purposes.

**OSINT**, or Open Source Intelligence, refers to the practice of gathering information from publicly available sources. In the information and digital age, there are countless tools and resources available for OSINT practitioners to use, making it easier than ever to collect and analyze information. Here are the 15 best OSINT tools that you can use for your investigations:

**Maltego**

Maltego is a powerful and sophisticated OSINT tool for gathering data from public sources. Developed by Paterva, Maltego OSINT allows users to quickly uncover relationships between large amounts of disparate data which can then be used to build intelligence profiles.

With Maltego OSINT, users are able to extract information from multiple online sources using simple graphic representations. This includes the ability to map out social networks, capture contact details and business data, track domain names and IP addresses, uncover digital evidence such as documents or images stored on websites, find related news articles and more.

Furthermore, by automating the process of gathering publicly available data in this way, Maltego OSINT enables users to quickly discover hidden connections that would otherwise remain undetected. Visit the official website of Maltego **here**.

**Shodan**

**Shodan** is a search engine for the Internet of Things **(IoT) devices** and an OSINT tool that is used to uncover vulnerable and exposed devices connected to the Internet, otherwise known as smart devices.

Shodan was created by John Matherly in 2009 and is considered to be the world’s first computer search engine. Shodan can be used to detect security vulnerabilities on public websites, as well as provide detailed information about each web server it finds.

Shodan has become increasingly popular among cybersecurity and IT security professionals who use it for vulnerability assessment, penetration testing, and network mapping. Shodan also helps them identify insecure services such as **misconfigured cloud databases**, FTP servers, telnet servers, and SSH servers that are exposed on the internet without authentication or encryption.

Additionally, Shodan provides detailed technical information about each device it finds including IP address, operating system type, open ports, running software programs and associated vulnerabilities. That is why Shoden is a perfect OSINT tool out there. Visit the official website of Shodan **here**.

**TheHarvester**

TheHarvester is a powerful OSINT tool used to find information related to domains and email addresses. It can be used by security professionals, IT administrators, and hackers alike to collect information from different sources on the internet.

TheHarvester was created as an alternative for doing research on public resources such as search engines, PGP key servers, and social networks. It allows users to quickly gather large amounts of data from sites like Google, Bing, Yahoo!, Dogpile, LinkedIn, Twitter and many more.

All of the gathered data can be exported into several formats such as HTML/XML or even saved as a text file. Additionally, it includes an API that allows users to customize their searches according to their specific needs. Visit the official TheHarvester page on Kali **here**.

**Recon-ng**

Recon-ng is an OSINT tool used for reconnaissance and data gathering. It is a full-featured web application that can be used to gather subsets of public information related to a target, such as usernames, names, email addresses, domain names and other relevant details.

Recon-ng has been designed to automate the process of gathering intelligence about a given target as quickly and efficiently as possible. The Recon-ng OSINT tool provides users with access to multiple resources such as Google, Bing, Twitter, Shodan and more.

The platform also allows users to interact with each resource using the same interface which simplifies the data-gathering process significantly compared to traditional methods. It enables users to quickly collect comprehensive information on a target without having to manually search multiple online sources or databases. Visit the official Recon-ng page on Kali **here**.

**Spiderfoot**

Spiderfoot is an excellent OSINT tool designed to automate the process of gathering information about a specific target. Spiderfoot enables users to have quick and easy access to a wide range of data sources.

It is capable of collecting information from over 200 sources, such as DNS records, WHOIS information and public resources like Shodan, **VirusTotal**, Google and others. Spiderfoot can be used for reconnaissance, investigative research and even threat hunting by allowing users to quickly identify potential threats or vulnerabilities in their environment.

The tool works by scanning the internet for publicly available data from various sources based on the user’s input query parameters. The collected data can then be mapped out into an interactive graph with various visual indicators which make it easier to interpret the gathered information.

This feature makes it much easier for security professionals to recognize trends or anomalies within their networks which can help them detect malicious activities or threats early on. Visit the official website of Spiderfoot **here**.

**OSINT Framework**

OSINT Framework is a website and information-gathering tool used by security professionals for investigative purposes. It is a collection of free and publicly available tools that can be used to conduct online investigations.

OSINT Framework provides users with an easy-to-use platform to quickly search, collect and analyze data from various sources such as social media platforms, websites, forums, blogs and more. By using this framework, security professionals are able to gather a wealth of information in order to identify potential threats or anomalies on the web.

The OSINT Framework enables users to access public records and other sources of information quickly and efficiently. It utilizes specialized search engines and databases such as Google Hacking Database (**GHDB**) as well as several other open-source intelligence tools such as Recon-ng, Maltego and Shodan. Visit the official website of OSINT Framework **here**.

**Foca**

Foca (Fingerprinting Organizations with Collected Archives) is an OSINT tool used by cybersecurity professionals to collect data from the internet. It can be used to find information on any subject, including people, companies, and other organizations. The tool gathers data from a variety of sources such as social media platforms, websites, and search engines.

The tool helps users to collect information quickly and efficiently by providing them with a set of tools for searching, collecting and analyzing the collected data. It provides users with advanced filtering options that allow them to narrow down their searches and find relevant information easily.

Foca also has features such as keyword analysis which enables users to analyze text-based content or images in order to identify patterns or trends in the collected data. Additionally, it offers other features like automated report generation which allows users to generate reports quickly without having to manually gather all the necessary data themselves. Visit the official GitHub repository of FOCA **here**.

**Metagoofil**

Metagoofil is a powerful OSINT tool used for gathering publicly available information about a particular target. It is especially useful for penetration testers, security professionals, and researchers who need to collect data from websites in order to perform reconnaissance on their targets.

Metagoofil was developed by Edge Security in 2006 as part of the framework for its security consulting services. This tool can be used to scan websites, search engines, and public document archives such as **PDFs and Microsoft Office documents**. It then searches for specific keywords related to the target and collects the relevant information from these sources.

With its easy-to-use interface, Metagoofil allows users to quickly find files containing sensitive information such as usernames, passwords, email addresses, IP addresses, etc., which can then be used in further attacks or research projects. Visit the official Metagoofil page on Kali **here**.

**GHunt**

GHunt is a new OSINT tool that lets users extract information from any Google Account using an email. The information that GHunt extracts include:

*   Google ID
*   Owner’s name
*   Public photos (P)
*   Phones models (P)
*   Phones firmware
*   Installed Softwares
*   Google Maps reviews
*   Possible physical location
*   Possible YouTube channel
*   Possible other usernames
*   Events from Google Calendar
*   If the account is a Hangouts Bot
*   Last time the profile was edited
*   Activated Google services (YouTube, Photos, Maps, News360, Hangouts, etc.)

Visit GHunt’s GitHub repository **here**.

**Yandex Images**

The Russian counterweight to America’s Google, Yandex has been extremely popular in Russia and offers users the option to search across the internet for thousands of images. This is in addition to its reverse-image functionality which is remarkably similar to Google.

A good option included within is that you could sort images category wise which can make your searches more specific and accurate.

**Tip:** In my personal experience; Yandex image search results are far more accurate and in-depth than Google Images. Visit Yandex **here**.

**N2YO.com**

Allowing you to track satellites from afar, N2YO is a great tool for space enthusiasts. It does so by featuring a regularly searched menu of satellites in addition to a database where you could make custom queries along the lines of parameters such as the Space Command ID, launch date, satellite name, and an international designator.

You could also set up custom alerts to know about space station events along with a live stream of the International Space Station(ISS)! Visit the official website of N2YO **here**.

**TinEye**

TinEye is the original reversed image search engine, and all you have to do is submit a proper picture to TinEye to get all the required information, like where it has come from and how it has been used.

Instead of using keyword matching, it uses a variety of approaches to complete its tasks, including picture matching, signature matching, watermark identification, and numerous other databases to match the image. 

In conclusion, these 15 OSINT tools are among the best available for conducting investigations using publicly available information. Whether you are a professional investigator or a curious individual, these tools can help you gather and analyze information more efficiently and effectively. Visit the official website of TinEye **here**.

**Have I Been Pwned**

**Have I Been Pwned** is an online service that helps people determine if their personal data has been compromised. It works by using email addresses to track data breaches, allowing users to know whether their information has been leaked or stolen due to a hack or other incident.

Have I Been Pwned was created in 2013 by Troy Hunt, a Microsoft Regional Director and security expert. The site provides users with detailed information about the source of any breach affecting their personal data, as well as the types of data that may have been leaked. This allows them to take appropriate steps to protect themselves from future attacks.

Have I Been Pwned or HIBP currently tracks more than 12 billion accounts across over 600 major data breaches, providing one of the most comprehensive databases for checking if your account details have been exposed online. Visit Have I Been Pwned **here**.

**Conclusion**

In conclusion, OSINT tools are an invaluable resource for anyone looking to stay ahead of the curve in the world of digital intelligence. The 15 Best OSINT tools outlined in this article provide an excellent overview for any user, from the novice to the professional, to get started. By using these tools and understanding their functions, users can empower themselves to become better researchers and find valuable data more quickly.

1.  **Top 10 Reliable VPN Services**
2.  **5 Free Best Internet Speed Test Websites**
3.  **8 Online Best Dark Web Search Engines for Tor Browser**
4.  **What Are Dark Web Search Engines and How to Find Them?**
5.  **Best legal & free online streaming sites for movies & TV shows**

What is an OSINT Tool – Best OSINT Tools 2023

This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.

OpenSSH 9.2p1

Popular hacking aid resurrected following end-of-life announcement

Popular hacking aid resurrected following end-of-life announcement

XSS Hunter now has a home at Truffle Security, which has launched a new version of the tool after its original creator declared that he will be deprecating it in February.

XSS Hunter is a popular open source tool for identifying cross-site scripting (XSS) bugs in websites. An online version was previously maintained by its creator Mandatory (Matthew Bryant).

The new version, hosted on Truffle Security’s domain, is an open source fork of the original code with new features and enhanced security.

**Privacy concerns**

XSS is a very common vulnerability, accounting for 23% of bug reports submitted to bug bounty platform HackerOne, for example.

“The most popular tool for looking for XSS aside from manual testing is XSSHunter,” Dylan Ayrey, co-founder of Truffle Security, told The Daily Swig. “It’s an extremely valuable tool to the community, but it also had risks.”

Many users of XSS Hunter would accidentally send sensitive data to the platform and possibly cause data leakage. Ayrey had previously stumbled on 50,000 Google user records while working with the old XSS Hunter, which became the topic of a talk he gave at Black Hat 2022.

“As long as Mandatory was in charge of the service, I wasn’t concerned with what the platform might do with that data collected,” Ayrey said.

“But we were concerned after the EOL \[end of life\] was announced, another tool might have come along to replace it with operators that may have had different intentions with the data collected.”

Read more of the latest news about web hacking tools

The new XSS Hunter tool blurs screenshots captured by the platform to protect sensitive information rendered by the XSS payload. It has also removed support for full DOM capture and enforces Google SSO login to improve account security.

Regarding the deprecation of the old service, Mandatory told The Daily Swig that he had become “increasingly uncomfortable with the amount of vulnerability information stored in the service.

“Ideally I’d like to be storing zero vulnerability information for XSS hunter users, which this deprecation will achieve,” he said.

Mandatory described Truffle Security’s fork as “a step in the right direction” and said: “I think the fact that Truffle Security is starting out with an eye on balancing privacy and bug bounty research interests is a good sign.”

**New features**

Truffle Security has added support for detecting other kinds of vulnerabilities, including cross-origin resource sharing (CORS) misconfigurations that would allow external sites to view and extract data from internal domains. CORS vulnerabilities can be especially damaging, as Truffle Security recently discovered while investigating different internal corporate networks.

Truffle Security has integrated the lite version of its TruffleHog tool into the new XSSHunter, enabling it to scan HTML pages for secrets such as AWS, GCP, and Slack keys. It will also scan tested websites for source code leaks via .git directories.

“We saw an opportunity to both address privacy concerns as well as give the cybersecurity community new capabilities within the XSS Hunter tool,” Ayrey said.

Ayrey said Mandatory was supportive of the effort and helped out in the process. Truffle Security plans to add more features to XSS Hunter in the future, including adding a more complete version of TruffleHog.

Mandatory, who described XSS Hunter as his long time passion project, will continue to maintain the open source xsshunter-express repository “more dutifully in the future to support those who wish to self-host their own instance”.

“When I first built the service many people didn’t really believe that blind XSS was a ‘real’ concern,” he said. “Today I don’t think anyone doubts the pervasiveness and severity of these vulnerabilities, so it has pretty much achieved what it was meant to do.”

YOU MAY ALSO LIKE Meet TruffleHog – a browser extension for finding secret keys in JavaScript code

Truffle Security relaunches XSS Hunter tool with new features

Dell EMC prior to version DDOS 7.9 contain(s) an OS command injection Vulnerability. An authenticated non admin attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application.

**Vaikutus**

Critical

**Tiedot**

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

**Proprietary Code CVEs**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2023-23692

Dell before DDOS 7.9 has a vulnerability that may potentially allow escalation of privileges by authenticated user of lower privilege. This can lead to unauthorized privileged access into the system.

8.8

CVSS v3.1: AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

 

**Third-party Component**

**CVEs**

**More information**

iDRAC9

CVE-2022-24422

See Dell KB article 199267: DSA-2022-068: Dell iDRAC9 Security Update for an Improper Authentication Vulnerability

Intel BIOS

CVE-2021-0060

See Dell article 196007: DSA-2022-036: PowerEdge Server Security Update for Intel February 2022 Security Advisory Release

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

See Dell article 198065: DSA-2022-088: Dell PowerEdge Server BIOS Security Update for Multiple Tianocore EDK2 Vulnerabilities

CVE-2021-28210

CVE-2021-28211

OpenSSL

CVE-2022-0778

https://nvd.nist.gov/vuln/detail/CVE-2022-0778

OpenSSH

CVE-2021-41617

https://nvd.nist.gov/vuln/detail/CVE-2021-41617  
https://nvd.nist.gov/vuln/detail/CVE-2020-14145  
https://nvd.nist.gov/vuln/detail/CVE-2016-20012

CVE-2020-14145

CVE-2016-20012

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen**

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

CVEs Addressed

Product

Affected Versions

Updated Versions

Link to Update

CVE-2022-24422

PowerProtect DD Appliance model: DD3300, DD6400, and DD6900, DD9400, and DD9900

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.2 and later to stay on LTS 7.7

For more details about DDOS versions available for download, see the links to Dell articles below (requires log in to Dell Support to view articles):

*   81247: Data Domain: DD OS Software Versions
*   14125: Data Domain Operating System Software Portal Availability Policy

CVE-2021-0060

CVE-2021-0147

CVE-2021-0127

CVE-2021-0103

CVE-2021-0114

CVE-2021-0115

CVE-2021-0116

CVE-2021-0117

CVE-2021-0118

CVE-2021-0099

CVE-2021-0111

CVE-2021-0107

CVE-2021-0125

CVE-2021-0124

CVE-2021-0119

CVE-2021-0092

CVE-2021-0091

CVE-2021-0093

CVE-2019-14584

CVE-2021-28210

CVE-2021-28211

CVE-2022-0778

PowerProtect DD  
DDOS and DDMC

7.0 to 7.8

7.9.0.0 and later  
Or  
7.7.3 and later to stay on LTS

CVE-2021-41617

CVE-2020-14145

LTS 7.7.1 to 7.7.2

7.7.3 and later

CVE-2016-20012

6.2.1.80 and earlier

6.2.1.90 and later

CVE-2023-23692

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-07-07

Initial Release

1.1

2022-07-12

Edited versions in Affected Products and Remediation Table Affected Version Column

1.2

2022-08-31

Added "7.7.3 and above" to Affected Products and Remediation Table

1.3

2022-01-12

Added CVE-2023-23692 to Proprietary Code Table. 

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

Data Domain, Data Domain, Data Domain Boost, Data Domain Boost – File System, Data Domain Boost - Open Storage, Data Domain Deduplication Storage Systems, Data Domain Encryption, Data Domain Extended Retention, Data Domain GDA , Data Domain NDMP Tape Server, Data Domain Replicator, Data Domain Retention Lock, Data Domain Storage Migration, Data Domain Virtual Tape Library, Data Domain Virtual Tape Library for IBM I/OS, Data Domain Virtual Edition, PowerProtect Data Domain Management Center, Product Security Information, Storage Direct for Data Domain ...

27 tammik. 2023

Tag

#ssh