Month: November 2022

The most common attack vectors used by the threat actors to compromise the target system is the phishing attack or spam. The phishing attack consist of sending a malicious email to a target, once the target receives and clicks on the message (open a link or attachment), the threat actors could then compromise the system. They are many websites that require to register before using it, some of these websites could be owned by the threat actors or could be sending annoying advertisement every time to you. To avoid this issue, the appropriate solution is the use of “fake email”.

A fake email or email generator is an email address generator used to create an email address that is used to receive a message. The Fake email will help you to protect your email address from receiving spam, phishing, advertisement from third party, avoiding detection during investigation for example instead of using your company email to test a suspicious website, you can use a fake email.

There are many fake emails freely available over the internet.

Temp Mail - Disposable Temporary Email (temp-mail.org)

Temp mail is an open source used to receive for certain amount of time. You can use the service to register to a website and get the notification code or activation code from the Fake email. The technology will help you to protect your work email, your private email from being disclosure on a suspicious website or receiving advertisement that you do not wish.

In the pictures below, we will describe the features available on the Temp mail.

Once you connect to the website, you will see the interface with the email generated for you.

Click on the copy button to copy the email generated, submit it to the website you wish to register, within a couple of the you will receive the mail confirming your registration.

When you receive the activation code, you can then activate it and connect to the website.

Be aware that the email is used for temporary purpose.

The second option is - Fakemail

FakeMail | Temp Mail Addresses

Once you connect to the website, you will see the email address generated, the time set available to use the email and the random generated password for you to use on the website on which you want to connect.

Fakemail can be used maximum for 2 weeks, so in case you have a website that you wish to reconnect again, this option is the one you can use.

The last option, we will talk about is the - email-fake.com

Fake Email - Disposable Temporary Email (email-fake.com)

If you want to keep connected with the email for long period of time, this option is the best option. you need to choose the email you want to use, and the uptime period will be set.

Click on the arrow in “green” you will the uptime time for each email you choose.

Constrains related to email generator or fake email:

The email generator has some limits. Some websites such as Twitter, Facebook, Instagram do blacklist such email address so using the fake email to register will not be possible. In order to avoid that problem, you can use a private domain and bind it to the fake email.

A private domain is a domain that you already acquired, or you own after buying it.

To bind a domain to a fake email, once you own a domain, you need to add a DNS mail exchange on it and connect to your Temp Mail account.

For more details, visit: Private domains. How to get your own Temporary Email (2021) (temp-mail.org)

As we described, the fake email is a best practice that people should be aware of and use when needed. The protection of the data is becoming much more difficult so the best way to stay safe it to be protected. Be aware that some fake email could be owned by the threat actors so before using it make sure that it's a safe one.

Main News

Google Chrome Zero-day vulnerability exploited in the wild.

Bangaly Koita 2 years ago

On November 22. 2022, Google's Threat Analysis Group reported the new zero-day vulnerability CVE-2022-4135.

The vulnerability is rated as High CVE-2022-4135: Heap buffer overflow in GPU in Google Chrome prior to 107.0.5304.121. The vulnerability could allow a remote attacker to compromise the renderer process to perform a sandbox escape via a crafted HTML page.

The vulnerability is being exploited in the wild.

Google has released the update (the version 107.0.5304.121 for Mac and Linux and the version 107.0.5304.121/.122 for Windows)

How to update your Chrome:

Open the chrome browser
Go to your setting – right side of the browser – click on the setting option

Go to – About Chrome

The browser will start the update automatically

As soon as you read this article, make sure that you update your browser.

Main News

WHATSAPP brand targeted by threat actors

Bangaly Koita 2 years ago

On November 24, 2022, the security researcher from OSINTAFRICA has detected many phishing attacks mimicking WhatsApp brand.

WhatsApp is a freeware platform used to send and receive text, voice messages, make voice and video calls, and share images, documents, user locations, and other content. The application is owned by American company Meta Platforms.

The application is used by more than 2 billion of users around the globe.

The name associated to the threat actors is unknown. The domains identified are created a few days ago.

The threat actors are using different locations such as US, SINGAPORE, Hong Kong to avoid detection and target user from those locations as well.

Apart from using different location, the threat actors used also CDN Cloudflare to hide their location and hide the services they use to target the users.

From the details we collected and analyzed, we can assume that the intention of the threat actors is to steal users’ credentials and trick the users by installing a malicious software which look like WhatsApp.

Let's explain the findings in detail:

On the screen below, we can see the image is quite similar to WhatsApp, and it has been classified as Malicious by Google safe browsing. The IP address 2606:4700:3037::ac43:d2ab is located in US and belongs to CLOUDFLARENET, US.

We can also observe some words writing in Chinese which could indicate that the threat actors might be targeting users from China.

gotas.evoluir.sbs - urlscan.io

Virus total detected as a phishing website

VirusTotal - URL - c424a393c09b3c1007258c95aef074d555395af61bda0e02fa68a4abc8ba773b

Another example is whatssap7[.]com

We can see that the IP address is located in US and belongs to TERAEXCH US.

https://urlscan.io/result/b7490a37-9c92-4020-8cde-abedee990831/

We decided to connect to Securitytrails to find more information related to the domain.

We found the following information.

Two domains detected by Securitytrails. The second domain – download.whatssap7[.]com, the malicious domain contains downloading version of the application for Android, Windows and MacBook.

https://securitytrails.com/list/apex_domain/whatssap7.com

Two domains were found. The second one download.whatssap7[.]com a malicious WhatsApp package to download

https://urlscan.io/result/ae426881-2e77-412f-a27a-8ec5b956dfa2/

Unfortunately, we could not download the file

Our last example will be the domain whatqsapp[.]com

https://urlscan.io/result/4f6be6c4-be69-4e24-9618-08605b541c95/

Another domain located in the US.

From Riskiq, we found many subdomains mimicking WhatsApp using the IP address 172.247.175.66.

Its not the first time WhatsApp is being targeted. Many users complained in the past about loosing their credential and the phishing attack is the most used technic to achieve the goal.

This issue is quite interesting as WhatsApp is used by many users; some measures should be taken to avoid the users connecting to the malicious websites.

In order to reduce this situation, 3 mains advice need to be followed.

Advice:

Use only WhatsApp.com for downloading the application and connecting

Use 2FA to protect your account

Take down all the domains (should be done by the WhatsApp corporation team)

Domains mimicking WhatsApp

whatssapp8[[.]]com

whatsaaapp[.]com

whataswappapp[.]com

whatsakpp[.]com

whatmsapp[.]com

whatszaapp[.]com

whaxsapp[.]com

www[.]whatscaapp[.]com

www[.]whatszaapp[.]com

www[.]whatstaapp[.]com

whatscaapp[.]com

whatstaapp[.]com

whatqsapp[.]com

whatsaypp[.]com

whatmsapp[.]com

www[.]whatmsapp[.]com

www[.]whatqsapp[.]com

www[.]whhatapp[.]com

whatsalpp[.]com

whatsabpp[.]com

whatskapp[.]com

www[.]whatsalpp[.]com

whatuapp[.]com

whlatapp[.]com

www[.]whatskapp[.]com

ww[.]whatsaypp[.]com

whaotapp[.]com

Main News

WORLD CUP OR THE NEW ORDER (TWO VICTORIES THAT CAN CHANGE YOUR MIND)

Bangaly Koita 2 years ago

THE WORLD CUP is the biggest sportive competition in the world where the best countries for the last four years from all around the world meet to compete against each other. But this world cup is different from the past world cup as it’s also a revelation for the worldwide.

Who could imagine some years ago that Asian countries could compete with European countries in football (only if you are in the Asian mindset). If you did not think, guess what, you were wrong. The Asian’s plan was always to learn and to achieve a goal. This is what we see now, if you look at most of those countries like China, Singapore, Vietnam, Qatar or Emirates, Arabia Saudi, Japan, South Korea, India and may others, you can determine how much affords were put into place to come at this point. You can see how fast those countries are growing up economically, culturally, socially, sportively, educationally etc. To understand that you should not go so far. Most of world-wide products (Mobile phones, cars, Clothes, foods etc.) are produced by those countries. If you take only China, half of the things we use and eat on daily basis are coming from there.

I am not economist but as a football fan and OSINT lover I can make own investigation 😊. The football for many years was directed by EU countries and a few other countries like Brazil, Argentina, but nowadays we see different reality, this is due to the fact that those countries, see the world differently from other, they work hard, analyze the world from different aspects and perspective and the result is visible. I am not saying that they are going to win the world, but this is just a lesson learn for the world. The victory of Arabia Saudi vs Argentina and Germany vs Japan might be surprising for many people who do not follow those teams or the development of football in those countries but in really the plans everything for many years and it's started to work. With these victories, many other countries could also learn, especially those countries that think only one side could help them to get rid of the poverty or win the world cup.

We can also explain it differently, we all know that the football is based in EU and most of the big players we see on the TV are playing in EU, so people do not know the players from those countries which make the situation more difficult for EU players against those teams. If you take the African teams, it's difficult for them still to compete against EU countries, the reason is simple, most of them are playing in EU, so the way they play does not change. They players know each other, and EU countries have better teams, so it's difficult to win them.

This can explain a lot in the way the world is going on and will be in the future. We can see how the development of the world is changing in realities. The development of football can reflect the development of the economy, mentality, vision, education, society of a country.

The key here is the work based on self-assessment and self-decision making. Like people say in French (Paris did not become Paris in one day). Let's plan and work hard. Your time will come.

I hope that other countries such as African countries will take it as a lesson learn not only like a football game to develop their economy, culture, sport, society, education etc.

Good luck!

Main News

Trackology over the internet a matter of everyone

Bangaly Koita 2 years ago

Trackology is the science of tracking people information over the internet.

The information tracked can be (gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion)

Once the information is tracked, they will be collected, analyzed, processed, aggregated and sold to a third party or used for other interests.

Most of the websites use the cookies to track data from the websites but we can also use other technologies such as account tracking, fingerprint, web beacons to achieve this goal.

Many companies do track the data over the internet for marketing reason or advertisement, but others such as media and government might tracked for other reasons like political reasons. Many Medias nowadays collect data over different social medias that will be analyzed later. One example that we can give is the actual situation between Ukraine and Russia. The medias by using their pages over different social medias, can post something related to the topic and people will comment, based on the comments from different platforms such as Facebook, Twitter, LinkedIn, we can determine what people think about the Russia invasion.

How to test people to determine their opinion.

Let’s use a technic calls profiling which consists of collection information such as gender, political opinion, sexual orientation, habits, interests, general opinion about an individual, religion about a person or group of persons that will be used later to make a decision about the person or the group of persons.

As an example, we want to know what people think about LGBT in the world. We will create a group on Facebook and posts different messages and analyze it.

Let’s create a group on Facebook and call it “We love LGBT”. Post something on the page and wait for the comments and people reaction.

Once you analyzed the data collected, you can guess people opinion about such topic in general.

This technic is used by many entities such as medias, E-commerce, Sports to sell their products or to make a decision.

Risks related to data tracking

If the data are not tracked following the regulations, many issues may be arised.

With the example we gave above about “LGBT”, imagine that you apply for a job, and you should have an interview with the company. Before the interview the company tracked you from different social media and reveal your negative comment about “LGBT”, if the manager is a gay or Lesbian or one the people who received the feedback after the data collection, then it could impact negatively the interview. In order to avoid such issue, the regulations should protect people privacy over the internet.

As we see, the data tracked could lead to prejudice, as the simple comment made cost the person to lose the job.

Advantages of data tracking

Like we said before, many businesses do track data for marketing or advertisement reasons, which help those businesses to improve the way to sell their products.

Data tracking can also help to find terrorist. As today the world is facing with many terrorists attack so the data tracking could be very important for entities such as police departments, militaries, Threat investigation and so on.

Data tracking could be used also for background checking to determine if the person is suitable for the position.

As you see, everything can have a good side and bad side. The best way to be on the good side will be to follow the regulations and best practices and monitor them as well.

Solution against data tracking without the consent of people

They are many solutions to avoid being tracked by the websites you visit.

Enable cookies (check the cookies preference before accepting it)
Enable DO NOT TRACK
Do not give a permission to share your data to a third party (Social medias like Facebook, Google, Twitter do it, you need to edit the setting option to not allow it)
Implement a data privacy regulation if not in place (this should be done by each country) and if the companies comply with it.
You can use a tool like Trackography - Who tracks you online? To verify where your data are going when you connect to some medias.
Use VPN or a browser like TOR, TRAILS to stay anonymous online.
Use proxy to hide your activities over the internet.
Use incognito mode (it does not provide complete privacy)

They are many other solutions to stay protected online. But the best way to be protected is to not stay online which is not possible. Therefore, follow the best practices always is the key to stay safe online.

Main News

How to find the router password online

Bangaly Koita 2 years ago

The role of the router is to send the packets from one network to another network over the internet.

In order to access the router, the password is required. Most of the routers have a default password that can be used to access and configure it. The problem is that most of the clients do not change the default password. The default password for the router is available online and the password is unique, so it does not change. You need to know the name of the router and search on the browser to get the password. Which makes the password easy to guess. Another problem here is that most people do not change the default password and leave it as a blind password. Imagine that you gave the access to your local network to someone with bad intention, the person will have just to use the cmd command “ipconfig” to find the gateway IP address which is your router IP address and use the default password to connect and change the settings from the router. The person could have the whole control of your network and redirect the traffic to another place.

As we said, the default passwords are available over the internet, let’s show you how you can get the default password and connect to it.

Example:

First you need to know the router on which you want to access (check the router name on the router you have or want to access)
Click on the link and find the router name and click on find password

Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router

Router name listed

3. Open cmd, type ipconfig

Check if you are connected by cable or cableless, in our case, we are connected via cableless

4. Now you have the IP address from the gateway or the route, open any browser from your choice, type the "http:/ /IP address" of the gateway, you get the dashboard with the username and password. Type the username name and password to get the access.

NB: Note that from the link Accelerated Networks Router passwords – List of all default passwords for the Accelerated Networks Router, you might not find the router name or the password. You can type the name from your search browser (google search, Microsoft bring or others) to find the relevant information.

In order to prevent someone without your consent to get access to your router and change the settings, you need to follow some best practices.

Best practices:

Change the default password and username
Use MAC access control
In case you have a doubt that someone accessed to your network, contact your service provider immediately
In case you do not remember your new password or username, you can reset the router (reset factory) to go back to the main configuration and change it again.
Reduce the WIFI signal so it does not go out of your real.

All follow the best practices to protect your network.

Main News

Mastodon users vulnerable to password-stealing attacks

Bangaly Koita 2 years ago

A security researcher has detected a vulnerability in Glitch, a fork of Mastodon. An attackers could steal the credentials from Mastodon.

Mastodon is free and open-source software for running self-hosted social networking services (check Wikipedia for more details).

The security researcher was able to steal the credentials on Infosec Mastodon with a HTML injection vulnerability, without the need to bypass CSP.

Stealing passwords from infosec Mastodon - without bypassing CSP | PortSwigger Research

The vulnerability was reported to Mastodon. The flaw is specific to the Glitch fork used by InfoSec. Exchange. Mastodon has released the version 4.0.1, 3.5.5, and 3.4.10 to mitigate the issue. The 2FA authentication could prevent someone with the password to not access to your environment.

Security Awareness

Facebook reinitialization code is targeted by the bad guys to steal user’s credential

Bangaly Koita 2 years ago

As we explained in the previous article (HOW TO PROTECT YOUR PASSWORD ON SOCIAL NETWORKS – osintafrica), most of the users on the social media such as Facebook and others are not aware of how to protect their account, this is due to the fact that the users are not trained for and did not receive any information related to that topic.

On Facebook, the password can be reset by simply entering the mobile number following by the password reset code. By knowing that, many bad guys use this opportunity to take over the user’s account without his or her consent.

Let’s give an example:

As you see in the screenshot, the message is in French.

Message details:

Sender or bad guy – Good morning, how are you?
Receiver or victim – Good morning, I am fine and you?
Sender or bad guy – Well, give me your mobile phone’s number
Receiver or victim – “Sent his or her number”
Sender or bad guy – Send me the code that you received
Receiver or victim – 92997418 is your Facebook password reset code

As you see on the message description, the bad guy asked the user to send his or her password reset code, once received they can use the code to reset the user password and take over the account. The technique used is very tricky and hard to detect by many users. The bad guy used the user’s emotion to steal his or her credential.

This issue is becoming more frequent actually. One important thing to mention is that most of the users who lose their password do not try to recover their account. They just open another account, which make the situation worse as more fake account more people will fall into the same situation.

This activity should be taken into account by Facebook by finding a proper solution to stop it. Below, we will give some recommendations that could help the users to prevent this activity from happening.

Recommendation:

Do not send the password reset code to anyone requesting it (the password reset code is confidential, it should not be shared)

Enable 2FA.
Use a more complex password (at least 8 digits with uppercase, lowercase and numbers and other characters as possible).
Inform customers about different attack aim to steal their password and how to protect their account (This part could be done by Facebook or other voluntaries as OSINTAFRICA).

Security Awareness

COMMENT PROTEGER VOTRE MOT DE PASSE SUR LES RESEAUX SOCIAUX

Bangaly Koita 2 years ago

La protection des mots de passes est devenue tres difficile pour les utilisateurs sur les reseaux sociaux.

Chaque jour des milliers d’utilisateurs perdent leur mot de passe. La plupart des utlisateurs n’arrivent plus a recouvrir leur compte. Ils recreent juste un autre compte. Mais cela est une mauvaise pratique car dans le compte precedent si vous aviez des informations confidentielles, cela pourrait vous compromettre. La meilleure solution serait de recouvrir votre compte. Pour lutter contre cela, il faudra prendre des precautions. La meilleure solution sera d’y prendre soin. Cest pourquoi osintafrica.net a ete cree pour vous aider a mieux proteger vos informations telle que votre mot de passe.

Juste un exemple , sur les reseaux sociaux comme Facebook, Instagram,Youtube,Twitter, Tiktok la plupart des utilisateurs sont pas informes sur les bonnes pratiques pour mieux proteger leur mot de passe. Cela amene les utilisateurs souvent de commettre des erreurs sans se rendre compte.

A cet effet, citons quelques exemples de mauvaises pratiques des utilisateurs sur les reseaux sociaux.

Mauvaises pratiques:

Utilisation de mot de passe tres facile a retenir
Sauvegarde de mot de passe dans le telephone ou sur papier (en plus de mettre sur le papier, ils le mettent dans l’armoire 😊). Comme on le dit en Anglais security through obscurite.
2FA nest pas active sur le compte
Le meme mot de passe ne change jamais (le mot de passe nest pas un monument il faut le changer 😊)
Le meme mot de passe est utilise sur d’autres comptes ( exemple meme mot de passe utilise sur Facebook, Instagram, Youtube etc…).
Beaucoup d'utilisateurs cliquent sur les liens malvaillants sans se rendre compte du danger (les liens malvaillants vous guident souvent sur un lien similaire au siteweb sur le quel vous vous connecte pour voler votre mot de passe).
Envoyer son code de reinitialisation de mot de passe sans se rendre compte du danger.
Utilisation de mot de passe similaire au mot de passe precedent (one-upped password) - Si le premier mot de passe etait : password , le second sera: password1 ( Ce qui est une mauvaise pratique car les hackers arrivent a facillement trouver se genre de mot de passe.)
Sans faire attention, beaucoup d’utilisateurs tapent leur mot de passe dans les lieux publics sans couvrir lecran .
Pas d’application pour gerer les mots de passes.
Les utilisateurs une foins cree un compte ne garde plus la boite mail creee se qui rend le recouvrement du mot de passe impossible.

Nous pouvons en citer plusieurs encore, mais limitons nous la ( le temps cest de l’argent).

Pour remedier a ces mauvaises pratiques il ya des bonnes pratiques.

S’il vous plait, souffler avant de lire 😊.

Bonnes pratiques :

Utiliser un mot de passe plus complexe (au moins 8 chiffres avec des majuscules, minuscules et des chiffres et d’autre characters ci possible).
Ne jamais mettre le mot de passe dans le telephone ( a plus forte raison dans votre armoire 😊).
Activer le 2FA.
Changer le mot de passe au moins une fois dans l’annee ( cest mieux de le changer apres chaque 6 mois).
Ne pas cliquer sur un lien qui vient souvent des inconnus ou bien des personnes avec les quelles vous communiquees rarement , cest mieuix de verifier toujours le lien sur une platform comme VirusTotal - Home.
Ne jamais envoyer le code de reinitialization de mot de passe a un autre utilisateur (encore jamais du tout)
Contacter le service clientele (par exemple Facebook a un service clientele pour des cas de perte de mot de passe a contacter).
Utiliser la boite mail qui avait ete creee pour creer le compte (Facebook, Instagram, Youtube etc...)
Ne jamais utiliser un mot de passe similaire au precedent (one-upped password)
Toujours cacher le mot de passe avant de le taper (surtout regardez les cameras aussi a cote).
Utiliser une application pour mieux gerer vos mots de passe:
Exemples:
Keepass KeePass Password Safe
Lastpass #1 Password Manager & Vault App with Single-Sign On & MFA Solutions | LastPass

Comme vous le constate, les bonnes pratiques sont l’inverse des mauvaises pratiques. Donc essayer de changer ces mauvaises pratiques pour mieux proteger votre compte.

Main News

How to use Have I Been Pwned?

Bangaly Koita 2 years ago

Haveibeenpwned is an open-source tool used mostly by cyber security people (no worries you also can use it). The tool is very powerful and useful. Most of organizations today working in the field of cyber security used it.

The tool is used to notify different organizations about data breached, assess password before using it.

Description of the tool:

Have I Been Pwned

HOME

Once you type the domain name of the website, you will be redirected to the “Home page” of the website

Type your email address or phone number to verify if your password or sensitive information such as phone number, credit card, email addresses, physical addresses, social security number and others were leaked in a data breached.

We can see the email address entered was not found in the database which means that there was no data breached where the email address entered was found.

Below in the “Home page”, you can find some information related to previous data breached.

Click on one of the links, you will find the information about the data breached in April 2021, the marketplace named OGusers suffered from a data breached and the compromised data details.

NOTIFY ME

If you want to be notified about any data breached where your email address was found, click on the menu “Notify me”, enter your email address, if you are not a robot, please select “I’m not a robot” and click on the button “Notify me of pwnage”

You will receive the message if your email was found in any breached in the past and also will be notified about future breached.

DOMAIN SEARCH

If you want to find all the emails addresses with a specific domain in a data breached, you can use this option.

You will have to verify if you are the domain’s owner to be able to use this setting.

WHO’S BEEN PWNED

This menu contains information about breached websites and companies available in the “Havebeenpwned” database.

PASSWORDS

This menu can be used to assess a password before using it. Put a password that you want to use and click “pwned”.

You see the message “Oh no - pwned” which means that the password entered was breached 264 149 times. Please do not use the password entered 😊.

API

The API can be used to retrieve data breached information for example many organizations used this option to be notified about the data breached in their company email address.

DONATE

As you can see, the owner of the website who is Troy Hunt worked a lot to provide this amazing tool to the worldwide. Any donation will be used for building, running and keeping the website. This option is also very important 😊.