Hello there 👋
Welcome to the first Kraven Security weekly newsletter. We round up the week’s top news stories, highlight our featured article, and detail some personal notes about what’s happening at the company. Enjoy!
It has been an interesting week in the news with big drama happening at OpenAi and corporate executives hacking companies to generate business. However, some things never change as Google asserts its dominance by loading YouTube videos slower on non-Chrome browsers and new malware families rising after the FBI’s crackdown on Qakbot.
At Kraven we have been heavily investing our efforts in automation this week to help streamline our business process, generate better quality content quicker, and scale our operations. It has been a learning curve for all involved, but hopefully, you will see the fruits of our labor in the coming weeks.
Let’s jump into this week’s top news stories.
Top 5 News Stories
Story #1: Sam Altman Returns to the Helm After OpenAI Board Coup
Sam Altman, the CEO of OpenAI, has returned to the company just days after his abrupt removal. Altman’s departure was attributed to communication issues, specifically a lack of consistency in his communications. However, reports suggest that those who voted for his removal had second thoughts after the company president resigned, and staff threatened to follow suit.
The CEO of Microsoft then offered Altman and his team their own division in Microsoft, but
within a week, he returned to his original position at OpenAi, and the board that tried to get rid of him had been dismantled.
On the one hand, this story can be seen as company employees backing their leader and rallying against powerful board members to shape the company they want to work for. That said, it could just all be one big stunt to drum up publicity for OpenAI or a bickering of OpenAI founding members in a corporate power struggle.
Source: Sky News
Story #2: Former COO Pleads Guilty to Hacking Two Hospitals
Former Securolytics COO Vikas Singla has pleaded guilty to hacking two hospitals affiliated with the Gwinnett Medical Center in June 2021 to benefit his company, disrupting services and stealing patient information. Facing charges of intentional computer damage and obtaining protected information, Singla could receive 57 months of probation due to health reasons, with a maximum 10-year prison term possible during the February 15, 2024 sentencing.
This is a truly crazy story, but as the cyber security space becomes more overpopulated, will this become more common in the future and be as common as corporate espionage?
Source: Bleeping Computer
Story #3: Microsoft Launches Bug Bounty Program for Defender
Microsoft has launched a bug bounty program for its Defender security platform, offering rewards ranging from $500 to $20,000 for identifying vulnerabilities. Initially focused on Defender for Endpoint APIs, the program aims to expand to cover other Defender products. The rewards are based on factors like severity and impact, with the highest payouts for critical remote code execution flaws. Microsoft retains discretion in determining the final reward amounts. Last year, the company paid $58.9 million in rewards to 1,147 researchers globally across 22 bug bounty programs.
Definitely, a program to keep an eye on if you are a security researcher or bug bounty fan. It is great to see Microsoft taking a modern approach to combating vulnerabilities. Hopefully, all goes well, and this program will be expanded to cover more Defender products in the future.
Source: Bleeping Computer
Story #4: Google Delays YouTube Video Playback in Non-Chrome Browsers
Google has admitted to intentionally causing delays in video playback for users with ad blockers to discourage their use on YouTube. The delays, reported by non-Chrome browser users, come after YouTube’s earlier pop-up messages for ad-blocker users. Google stated that ads are vital for supporting creators, and users may experience delays even after uninstalling ad blockers. The company is pushing API changes in June, rendering certain ad blockers useless unless overhauled. The move is part of Google’s broader strategy against ad blockers, emphasizing the importance of ads for creators.
This is another story of flexing their muscles in the online arena and asserting their market dominance to boost revenues. Ad blockers are a grey area for governance, so it is unlikely Google will be called out on its actions. It will likely see other ad-blocking technologies be developed. No one likes ads.
Source: The Register
Story #5: DarkGate and Pikabot Malware Emerge as Successors to the Infamous Qakbot
A sophisticated phishing campaign has emerged that combes DarkGate and PikaBot malware. Starting in September 2023, after the FBI’s action against QBot, the campaign poses a significant threat to enterprises. DarkGate and PikaBot share similarities with Qakbot, and this new campaign indicates a shift in threat actors’ choice of malware. The campaign employs tactics to increase trust, such as using stolen discussion threads in phishing emails.
Sophisticated campaigns like this one are becoming more and more common. Threat actors use these malware loaders as initial access points to execute ransomware, and this shift in tactics, techniques, and procedures needs to be combated by organizations for effective defense.
Source: Bleeping Computer
Feature Article
👋 Welcome back to this series on building threat hunting tools. In this series, I will be showcasing a variety of threat hunting tools that you can use to hunt for threats, automate tedious processes, and extend to create your own toolkit!
🛠 Most of these tools will be simple, focusing on being easy to understand and implement. This is so that you, the reader, can learn from these tools and begin to develop your own. There will be no cookie-cutter tutorial on programming fundamentals like data types, control structures, etc. This series will focus on the practical implementation of scripting through small projects. You are encouraged to play with these scripts, figure out ways to break or extend them, and try to improve their basic design to fit your needs. I find this the best way to learn any new programming language/concept and, certainly, the best way to derive value!
➡ In this installment, you will learn how to automatically export Indicators of Compromise (IOCs) for your MISP Project instance and upload them into the Endpoint Detection and Response (EDR) solution CrowdStrike Falcon.
Let’s first discover what MISP and CrowdStrike Falcon are.
Personal Notes
🤔 It has been a busy few weeks at Kraven. The new website is finally starting to take shape and come to fruition. This should allow you to learn all things threat intelligence, threat hunting, and custom tooling in an interactive environment. It is packed with resources that will help you grow your skills and discover like-minded individuals, expanding weekly.
I will release a new blog post detailing why I am moving my content to a new platform when the website officially launches to give you a better understanding of what to expect going forward. Don’t worry, it’s all good news. It is an exciting time to be a part of Kraven in the lead-up to our official website launch. I can’t wait to share more with you!
Have a great weekend, and stay tuned for more updates.