Hackercool Magazine September 2024

In the first Vulnerability for beginner’s article of this month’s Issue, you will learn everything about a vulnerability in SolarWinds Web Help Desk (WHD) Software. Solar Winds Web Help Desk is a free help desk ticketing system software made by SolarWinds. This is used to manage service tickets by tracking their lifecycle from ticket creation to resolution. It is a web-based interface available for Windows, Linux and Mac. It is estimated that SolarWinds IT management products are used by over 3,00,000 customers worldwide. DID YOU KNOW? Very soon you can checkout with all type ofcards to subscribe to Hackercool Magazine What is the vulnerability? The vulnerability, being tracked as CVE-2024-28987 is a hardcoded credential vulnerability that can allow unauthenticated attackers to read and modify all ticket details on the server…

During penetration testing, after gaining initial access, pen testers use a payload to interact with the target system. There are two types of payloads pen testers often use. The first one is a through a command line shell like Meterpreter and another one is a graphical option like Remote Administration Tools (RATs). In this month’s Issue, you will learn about a RAT that is still used by Black Hat hackers and Red Teamers around the world. It’s called Quasar RAT. Quasar RAT is an open-source RAT for Windows that is very fast and light weight. The tool coded in C# has features like, 1) Viewing system information of the target system 2) Keylogger 3) Remote shell 4) Remote file execution 5) TCP network streaming 6) Fast network serialization 7) Encrypted…

The makers of Kali Linux have released another version of Kali Linux. Kali Linux is one of the most widely used penetration testing distros. Let’s see what’s new in the latest release of this widely popular hacking operating system. Latest Features to be excited about New tools This latest release of Kali Linux is more about package updates than adding any new things. Even then the makers added 11 new tools to the latest release. Let’s see what they are what they are used for in hacking. The first tool you should be excited about is “gsocket”. This is a tool that allows two machines located in two different networks to communicate with each other. With Python 3.12, you will no longer be able to use pip to download and…

John Bryson Professor of Enterprise and Competitiveness, University of Birmingham The world is saturated by services and products provided by companies that have a “secret grip” on the way we live. In 1951, the French born American industrial designer Raymond Loewy described a typical day “of the average guy” from the moment he wakes up until he goes to bed. The point being that the average guy’s life was saturated with designed products. In 2024, the average person may be woken by an alarm on a smartphone, and benefit from hot water that is controlled by smart heating controls – also linked to a smartphone and the internet. There might be a delivery tracked via the internet and a ring on a doorbell also linked to the internet. Online banking…

SonicWall Firewalls are both hardware and virtual firewalls which are products of a American cyber security company named SonicWall. Many reputed companies and organizations use these firewalls. SonicWall vulnerability CVE-2024-40766 is being actively exploited by the Akira ransomware group. Like any typical firewall, they are placed between external and internal networks in large scale enterprises. What is the vulnerability? The vulnerability, being tracked as CVE-2024-0766 affects SonicOS, the operating system running on SonicWall’s physical and virtual firewalls. SonicWall Gen 5, Gen 6, and Gen 7 devices running SonicOS upto 7.0.1-5035 are affected by this vulnerability. The vulnerability is a critical improper access control vulnerability that allows attackers to gain a-dmin access and control over SonicWall firewalls. After gaining administrator access on the Sonic-Wall devices, the attacker can compromise security policies,…

Nick Hajli AI Strategist and Professor of Digital Strategy, Loughborough University The recent attacks on walkie-talkies and pagers in Lebanon have highlighted the hidden vulnerabilities in everyday technology. These incidents underscore the need for individuals to understand the potential risks associated with their devices and to take proactive steps to protect themselves in an increasingly digital world where safety can be compromised. Research shows that many people have significant concerns about security and privacy as technology advances. Statistics reveal an alarming rise in cyber threats and privacy breaches, underscoring the urgency of addressing these issues. According to IBM, the average cost of a data breach worldwide reached US$4.88 million (£3.65 million) in 2024, demonstrating the severe consequences oftechnological vulnerabilities. So, are our smartphones and devices truly safe? With numerous reports…