This RAT, which is dubbed “DarkWatchman”, has been observed spreading by email, and represents a new evolution in fileless malware technique.

According to Prevailion’s Adversarial Counterintelligence Team (PACT), DarkWatchman uses a robust Domain Generation Algorithm (DGA) to identify its C2 (Command and Control) infrastructure and utilizes novel methods for on-system activity, fileless persistence, and dynamic run-time capabilities like self-updating and recompilation.

The PACT team reverse engineered the DGA and investigated the Threat Actor’s (TA) web-based infrastructure, with consolidated results of their analysis into the report.

What is the Delivery Mechanism and Methodology of DarkWatchman?



PACT identified full email messages that included intact headers and subsequently a spoofed sender, what's likely the true sender, the intended recipient, the attachment which was identified as the ZIP file containing the malicious logic file that functions as a dropper for the RAT.



The body of the email, contained additional lure material that would likely anticipate after reading the subject, sch as referencing the (malicious) attachment, and claimed to be from Pony Express which further reinforcing the spoofed address.

DarkWatchman utilizes LOLbins and other novel methods of data transfer within modules to avoid detection, with parts of the malware, including configuration strings and the keylogger stored in the registry to avoid writing to disk.

The initial sample analyzed appears to be targeting a Russian-speaking individual or organization, though the script is written with English variable and function names, PACT based on that assesses with moderate confidence that this is an initial access tool for use by ransomware groups or affiliates.

DarkWatchman: Next Evolution in Fileless Malware Techniques

Offensive Security has released the fourth point version of Kali Linux 2021 series, Kali Linux 2021.4, with a number of exciting new penetration testing tools and several improvements.

Kali Linux 2021.4 brings a number of improvements, such as improved Samba compatibility, enhanced Apple M1 support, ability to switch package manager mirrors, Kaboxer theming, coupled with updates to Xfce, GNOME and KDE desktop environments.

It also support the VMware Fusion Public Tech Preview thanks to having kernel 5.14 with the modules needed for the virtual GPU.

What's New In Kali Linux 2021.4 release?



Kali Linux 2021.4 has the Samba client configured for Wide Compatibility so that it can easily connect to any Samba server, regardless of the version of the protocol in use. It should make it easier to discover vulnerable Samba servers, without having to configure Kali.



With the latest update of Kaboxer tools, Kali Linux 2021.4 brings support for window themes and icon themes, allowing the program to properly integrate with the rest of the desktop without the usage of ugly fallback themes. Below is a quick run down of what’s been added to Kali Linux 2021.4:

  • Dufflebag - Search exposed EBS volumes for secrets
  • Maryam - Open-source Intelligence (OSINT) Framework
  • Name-That-Hash - Do not know what type of hash it is? Name That Hash will name that hash type!
  • Proxmark3 - if you are into Proxmark3 and RFID
  • Reverse Proxy Grapher - graphviz graph illustrating your reverse proxy flow
  • S3Scanner - Scan for open S3 buckets and dump the contents
  • Spraykatz - Credentials gathering tool automating remote procdump and parse of lsass process
  • truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history
  • Web of trust grapher (wotmate) - reimplement the defunct PGP pathfinder without needing anything other than your own keyring


Additionally, the NetHunter app now includes The Social-Engineer Toolkit, which can be used to customize Facebook, Messenger, or Twitter direct message for social engineering attacks.

How to Upgrade to Kali Linux 2021.4 Release?



For existing users who are using the previous version of Kali Linux, they can simply run the following command to upgrade their system to the latest Kali Linux 2021.4:

sudo apt update && sudo apt -y full-upgrade


And for a fresh installation from scratch, you can download the ISO image from the official page for the different supported versions and systems.

Kali Linux 2021.4 Release: Improved Samba Compatibility

The Zorin team has announced the release of Zorin OS 16 Lite, which condenses the Zorin OS 16 experience into a streamlined distro, designed to run efficiently on low-spec computers.

While Zorin OS 16 is one of the most advanced and popular release based on Ubuntu 20.04.3 LTS, offering a “Pro” edition which replaces the “Ultimate” edition that comes preloaded with a few apps and a couple of layouts. With the base edition, Zorin OS 16 “Core” still free, including all the essential features.

Now, Zorin OS 16 lite edition is powered by Xfce desktop environment for efficient performance with limited resources.

What’s New in Zorin OS 16 Lite Edition?



Zorin OS 16 Lite offers a refreshed with a revamped and refined appearance out of the box, with touches and animations that delightfully elevates your computing experience.



First, the taskbar is entirely new and re-written from the ground up to integrate well into the older desktop, now, it shows window previews when hovering over an app icon, allowing you a better overview of your workflow. It also includes the new Zorin Appearance from Zorin OS 16, designed to be even easier for use and navigation.

Zorin Appearance allows users to select a different desktop layout, and able to change the app and icon theme, with desktop font, and tweaking of other parts of the desktop to make experience truly personal.

Additionally, the Software store in Zorin OS 16 Lite comes pre-loaded with the app catalog of Flathub with the Snap store, and the Ubuntu APT repositories. And the built-in Software store also got many under-the-hood optimizations as well as UI improvements to make it easier to find and install apps from the different sources.

Furthermore, there is a new Sound Recorder app that provides a simple and beautiful way to record audio and speech and play it back. If perhaps, you’re creating a voice memo or producing a podcast, the Sound Recorder app will adapt to your workflow and makes the recording of the audio simply effortless.

How to Download Zorin OS 16 Lite?



Zorin OS 16 Lite and the Pro Lite are now available for download from the company's official website.

If you’ve already purchased the Zorin OS 16 Pro, you can download your copy of Zorin OS 16 Pro Lite from the download link in your purchase email.

Zorin OS 16 Lite Edition: What’s New?

The Firefox-maker is poised to introduce a novel sandboxing technology called RLBox in Firefox 95, which technology was developed in collaboration with researchers at the University of California San Diego and the University of Texas.

RLBox Sandboxing technology uses WebAssembly to isolate potentially-buggy code, making the isolation of subcomponents easier for more secure browsing and will be extended to all supported Firefox platforms (desktop and mobile), with five different modules: Graphite, Hunspell, Ogg, Expat and Woff2.

Even with these modules as untrusted code, or a zero-day vulnerability in any of them should pose no threat to Firefox with the RLBox technology in place.

How Isolating with RLBox makes the Difference?



The major browsers including Chrome, Safari and Microsoft Edge, all run Web content in its own sandboxed process, which in theory helps to prevent it from exploitations by a browser vulnerability to compromise your computer.



And having isolated things along trust boundaries, the next logical step is to also isolate across functional boundaries. This has meant hoisting a subcomponent into its own process, as Firefox runs audio and video codecs in a dedicated, locked-down process with a limited interface to the rest of the system. But, there are some serious limitations to this approach, it requires decoupling the code and making it asynchronous, which is time-consuming and could impose a performance cost.

As a result, nobody would want to seriously consider hoisting something like the XML parser into its own process, because to isolate at that level of granularity, we need a different approach.

Now, with RLBox, rather than hoisting the code into a separate process, it can instead be compiled into WebAssembly and then the WebAssembly compiled into native code and no need of shipping any .wasm files in Firefox, since the WebAssembly step is only an intermediate representation in the build process.

RLBox makes a big win on several fronts: it protects users from accidental defects as well as supply-chain attacks, and reduces the need to scramble when such issues are disclosed upstream.

How to Upgrade to the latest Firefox 95?



Firefox 95 is available for Windows, macOS and Linux, and can be downloaded from Mozilla's official site or from the respective app stores. But as Firefox updates happen in the background, users will only need to relaunch the browser to receive the latest version.

If perhaps you failed to get automatic update, you can manually update on Windows, by pulling up the menu under the horizontal bars at the upper right, then click on the help icon, which is the question mark within the circle. And select "About Firefox" and the upgrade will begin.

For macOS users, they should select "About Firefox" which can be found under the "Firefox" menu. And the page will show whether the browser is up to date or recommend the refresh process.

Mozilla tightens Sandboxing in Firefox 95 with RLBox technology

The process of discovering a new topic to write about, deciding the shape the material should take, formalizing your plan, and then actually producing it is known as content creation.

Furthermore, most content development processes include multiple rounds of editing with various stakeholders before the content is ready for publication.

Because content can take many different forms — blog posts, videos, eBooks, tweets, infographics, and advertisements, to mention a few – the process of creating it is multifaceted and not always as straightforward as it may appear.

Making Money with Your Content



We'll talk about how the rapid development of content creation is assisting people in making the most money. And how to make money by creating material that attracts attention and how to check for plagiarism using various tools before displaying your content to make a profit.

Produce Content Constantly



Consistency is the key to success. When you constantly write great content, you follow a better method gradually. You can't be inconsistent as a content creator if you are trying to make a living. If your audience enjoys your material, you have to keep making more content so they return.



Make sure that all of your content is unique and free of plagiarism. You can utilize various online plagiarism checkers to ensure that your audience is not turned off by receiving duplicate content.

When you stop meeting your audience's expectations and delivering consistent material, they will likely go on to someone else.

Make use of branded collaborations



If you want to build a long-term income flow, you must focus on your audience's perception of your brand. It's vital to create a one-of-a-kind experience that distinguishes you from the competition. It's tough, however, to create that rich and unforgettable experience on your own.

Form strong branded connections to help your content get traction. A branded partnership is when you collaborate with other businesses to share and cross-promote your content to their audiences.

Make Money with Your Work



Everyone fighting for attention on the internet is in a competitive atmosphere. Making money online will be difficult if you don't know what you're offering or who your target market is. As a result, only sell what you're good at to set yourself apart from the competitors.

You won't be able to make money if your information is plagiarized, so make sure you check plagiarism before putting it on show.

Ask yourself a fundamental question: why would consumers buy my products and use my content when they can get the same information and items from other reliable sources? It's at this point that you appreciate the value of focusing on a specific market segment. If you try to get to everyone, you'll end up speaking to no one. So, do what you're good at and find the right people to share your work with.

Make Exclusive Content Available



Making money online is not a one-time task when you offer something that is unique and amazing. It's not possible that you'll be able to make a few contents and start making money. You must be consistent, relevant, and outcome-oriented. You develop material to attract and build your audience first, and then you create new content regularly.

Let's pretend you still don't have any internet fans. It is where your premium content will come in to help your work. If you have something unique to share, there are many platforms that you can choose.

When creating material, you must ensure that it is 100 percent original and devoid of plagiarism. You can use an online plagiarism checker for this reason, which helps you check for plagiarism hence you can create original material that will appeal to your target audience.

Advertisements on Social Media



While selling exclusive material is a difficult business, you must still make sure that people know it. Social media advertisement may require some financial investment, but it will help you in attracting people who are unfamiliar with your content.

Direct Marketing



Direct advertising is frequently a good opportunity for content creators to make money. You can put clickable advertising on your website. After that, the advertiser will pay you for the revenue earned by tap. You can also include adverts in your YouTube videos, depending on the type of content you make. You will then be paid every time a user watches your videos' adverts.

While it is pretty simple, you must be cautious about the types of advertisements you run. Finally, you don't want to promote a product that may hurt your reputation.

Conclusion



While there are many options for content creators to earn money, start with the basics. Feel free to try several strategies to find which one works best for you. Experiment with something else if one of them isn't working for you. Make sure, however, that you establish yourself as an expert on social media.

Every day, work on increasing your network and developing a solid personal brand. Take advantage of every chance to promote the material that comes your way.

Build a following and monetize your work correctly. Most importantly, pursue your passions. You will be followed by money.

Learn what Content Creation is and How is it Profitable?

The Mint team has unveiled some updates about the new features in the upcoming release, Linux Mint 20.3, which release is just around the corner.

While the major upgrades in Linux Mint 20.3 includes the addition of MATE 1.26, against the previous Mint 20.2 release, which had MATE 1.24. Besides the updated version of MATE, it also brings a dark mode for XApps, and a brand-new mysterious app.

In fact, there are several key improvements and additions, many of which will be looked at here.

What New Features are Expected in Linux Mint 20.3 Release?



The most notable change is perhaps the addition of a dark mode for XApps, which change will affect all flavors of Linux Mint.



In the XApps also, the PDF reader gets proper manga support, by just hitting the left arrow key in manga mode, you are taken forward in the document, and the image viewer has received the ability to quickly fit into the width or the height of the displayed picture. And Cinnamon 5.2 brings multi-calendar events and events created in your calendars appears in your calendar applet. The applet also syncs with evolution-data-server, which enables it to support many other online calendars and apps.

Additionally, there is a mysterious app hinted at the Linux Mint blog, called ‘Thingy‘, which is currently on the Mint team’s GitHub account, and may serves as a document organizer app for Linux Mint. Albeit, there are still sketchy facts about the details and not much is known as at yet.

What's the Release Date of Linux Mint 20.3?



The first public beta of Linux Mint 20.3 will be released on December 18. It will perhaps unravel more of the features and changes to expect in the final release.

And the final release of Linux Mint 20.3 is still uncertain to come through this year, as the holiday season is fast approaching, however, ardent users will certainly welcome the gift of Mint 20.3 this Christmas.

Linux Mint 20.3: What's Expected Features and the Release Date?

RTF template injection is a novel technique in which an RTF (Rich Text Format) containing malicious file can be altered to allow for easy retrieval of content hosted on external URL upon opening the RTF file.

According to researchers at Proofpoint, there is an increase in the adoption of the novel and easily implemented phishing attachment technique by APT groups, with different state-sponsored threat actors including those aligned with China and Russia haven been observed using the new template injection as part of their campaigns to deliver malware to targeted victims.

RTF template injection leverages the legitimate RTF template functionality to subvert the plain text document formatting properties of an RTF file and allows the retrieval of a URL resource instead of a file resource via RTF’s template control word capability, which enables a threat actor to replace a legitimate file destination with a URL from which a remote payload can be retrieved.

And by simply altering RTF file’s document formatting properties, specifically the document formatting control word for “\*\template” structure, threat actors can weaponize an RTF file to retrieve remote content by specific URL resource instead of an accessible file resource destination.

How APT Threat Actors are Adopting RTF Template Injection?



APT groups believed to be affiliated to the state interests of India, Russia and China have all adopted RTF template injection, with the template injection RTF files attributable to the DoNot Team, historically been suspected of being aligned with Indian-state interests.



RTF files attributable to a Chinese-related APT group were identified as at September 29, 2021, which targets entities with ties to Malaysian energy exploration. While within this initial adoption period, Gamaredon, an APT group believed to be linked to the Russian Federal Security Service (FSB), was observed utilizing RTF template injection files in phishing campaigns that targeted Ukrainian governmental with file lures on October 5, 2021.

While historically the use of malicious RTF contents has been well documented as a method for delivering malware using RTFs, this new technique is more unique, simplistic and serves as a more effective method for remote payload delivery than previously documented techniques.

How to Safeguard your Systems against RTF Template Injection



RTF template injection is poised for wider adoption in the threat landscape based on its ease of use and its relative effectiveness compared with other phishing attachment template injection-based techniques.

Therefore, organizations should take a defensive, reactive approach to their security and most importantly, remain constantly vigilant, iterating on security procedures to ensure they are not caught off-guard when new RTF Template Injection are deployed to breach their defenses.

Cybercriminals Increasingly Adopting RTF Template Injection Technique