Hackercool Magazine April 2024

All rights reserved. No part of this publication may be reproduced, distributed, or transmitted in any form or by any means, including photocopying, recording, or other electronic or mechanical methods, without the prior written permission of the publisher, except in the case of brief quotations embodied in critical reviews and certain other noncommercial uses permitted by copyright law. For permission requests, write to the publisher, addressed “Attention: Permissions Coordinator,” at the address below. Any references to historical events, real people, or real places are used fictitiously. Names, characters, and places are products of the author’s imagination. Hackercool Cybersecurity (OPC) Pvt Ltd. Banjara Hills, Hyderabad 500034 Telangana, India. Website: www.hackercoolmagazine.com Email Address: admin@hackercoolmagazine.com Information provided in this Magazine is strictly for educational purpose only. Please don't misuse this knowledge to hack…

Then you will know the truth and the truth will set you free. John 8:32 Welcome to the April 2024 Issue of Hackercool Magazine. Yeah, I know we are releasing our April 2024 Issue in the month of July 2024, instead of releasing at least our June 2024 Issue. This is far beyond asking for apology. So, we will cut that short and go directly to what this Issue has got for you. We start this Issue with a Red Team hacking tutorial. You should have noticed that lot of Black Hat Hacker groups are increasingly using SVG images to deliver their payloads and gain access nowadays. So, in this issue we bring to our readers an article on different ways to gain access using SVG images. Next, you will…

Threat landscape constantly evolves trying to bypass the security mechanisms protecting systems and resources of the intended target. One such tactic being increasingly used by threat actors nowadays to deliver payloads is through SVG image files. Almost all threat actors are using SVG images as delivery vectors to deliver payloads. Using SVG images to deliver malware or payloads is not a new phenomenon. It has been in use for a long time now. Exactly, one year ago, we have explained to our readers in our Hackercool Magazine how SVG files are used in HTML smuggling. However, recently apart from being used in HTML smuggling SVG images are being used directly in execution chains or infection chains. This article explains in detail, how SVG images can be used to deliver payloads.…

Cybersecurity is crucial in the modern digital world. Among the many cyber threats, typo-squatting is a sneaky and frequently disregarded technique. This technique uses basic typographical errors as an opportunity to commit hostile acts by taking advantage of human error. This piece explores the complex realm of typo-squatting, including its processes, history, modern hacker uses, efficacy, and defense methods. What is Typosquatting? Typosquatting is a type of social engineering attack that targets internet users who incorrectly type a URL into their web browser rather than using a search engine. Typically, it involves tricking users into visiting malicious websites with URLs that are common misspellings of legitimate websites. The ‘typo’ in typosquatting refers to the small mistakes people can make when typing on a keyboard. Typosquatting is also known as URL…

Smart TVs have become an integral part of our homes, offering entertainment, convenience, and connectivity. However, recent findings reveal that certain LG smart TVs are susceptible to security flaws that could compromise user privacy and control. In this article, we’ll explore the vulnerabilities, their impact, and steps users can take to protect their devices. The Vulnerabilities 1.CVE-2023-6317: Authorization Bypass This vulnerability allows an attacker to add an extra user to the TV set, bypassing the authorization mechanism. Even though the vulnerable service is intended for local area network (LAN) access only, over 91 ,000 devices expose this service to the Internet. Affected models include LG43UM7000PLA, OLED55CXPUA, OLED48C1PUB, and OLED55A23LA running specific webOS versions. 2.CVE-2023-6318: Privilege Escalation Once an attacker gains unauthorized access, this vulnerability allows them to elevate their privileges…

Util-linux, as you may know, is a crucial collection of utilities for Linux systems, providing essential functionalities. However, like any software, it is not immune to security flaws. In this article, we’ll explore common vulnerabilities, their impact, and mitigation strategies. Understanding Vulnerabilities in util-linux 1.Buffer Overflows: Buffer overflows occur when a program writes beyond the bounds of an allocated buffer. In util-linux, certain utilities that handle input data (e.g., fdisk, partx) are susceptible. Impact: Attackers can exploit these overflows to execute arbitrary code or crash the utility. Mitigation: Regular code audits, input validation, and secure coding practices. 2.Privilege Escalation: Some util-linux utilities run with elevated privileges (e.g., mount, umount). If a vulnerability exists, an attacker could escalate their privileges. Impact: Full system compromise. Mitigation: Limit permissions, use SELinux/AppArmor profiles, and…