The SOS Intelligence CVE Chatter Weekly Top Ten – 16 December 2024

by Amir Hadzipasic

December 16, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

The Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery – Upload, Vote, Sell via PayPal, Social Share Buttons plugin for WordPress is vulnerable to time-based SQL Injection via the $collectedIds parameter in all versions up to, and including, 24.0.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

2. CVE-2018-17144

Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

3. CVE-2024-21060

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Data Dictionary). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

4. CVE-2020-1472

An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network.
To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access.
Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels.
For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020).
When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications.

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

5. CVE-2024-49360

Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:SandboxUserBxxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users’ files in `C:Sandboxxxx`. By default in Windows 7+, the `C:UsersUserA` folder is not readable by **UserB**.
All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:SandoxUserA`. In addition, if **UserB** create a folder `C:SandboxUserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn’t reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie.

https://nvd.nist.gov/vuln/detail/CVE-2024-49360

6. CVE-2022-22965

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.

https://nvd.nist.gov/vuln/detail/CVE-2022-22965

7. CVE-2021-44228

Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.

https://nvd.nist.gov/vuln/detail/CVE-2021-44228

8. CVE-2024-49041

Microsoft Edge (Chromium-based) Spoofing Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2024-49041

9. CVE-2021-42278

Active Directory Domain Services Elevation of Privilege Vulnerability

https://nvd.nist.gov/vuln/detail/CVE-2021-42278

10. CVE-2018-2628

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS Core Components). Supported versions that are affected are 10.3.6.0, 12.1.3.0, 12.2.1.2 and 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

https://nvd.nist.gov/vuln/detail/CVE-2018-2628

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 09 December 2024

by Amir Hadzipasic

December 9, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

2. CVE-2022-41903

Git is distributed revision control system. `git log` can display commits in an arbitrary format using its `–format` specifiers. This functionality is also exposed to `git archive` via the `export-subst` gitattribute. When processing the padding operators, there is a integer overflow in `pretty.c::format_and_pad_commit()` where a `size_t` is stored improperly as an `int`, and then added as an offset to a `memcpy()`. This overflow can be triggered directly by a user running a command which invokes the commit formatting machinery (e.g., `git log –format=…`). It may also be triggered indirectly through git archive via the export-subst mechanism, which expands format specifiers inside of files within the repository during a git archive. This integer overflow can result in arbitrary heap writes, which may result in arbitrary code execution. The problem has been patched in the versions published on 2023-01-17, going back to v2.30.7. Users are advised to upgrade. Users who are unable to upgrade should disable `git archive` in untrusted repositories. If you expose git archive via `git daemon`, disable it by running `git config –global daemon.uploadArch false`.

https://nvd.nist.gov/vuln/detail/CVE-2022-41903

3. CVE-2022-39260

Git is an open source, scalable, distributed revision control system. `git shell` is a restricted login shell that can be used to implement Git’s push/pull functionality via SSH. In versions prior to 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4, the function that splits the command arguments into an array improperly uses an `int` to represent the number of entries in the array, allowing a malicious actor to intentionally overflow the return value, leading to arbitrary heap writes. Because the resulting array is then passed to `execv()`, it is possible to leverage this attack to gain remote code execution on a victim machine. Note that a victim must first allow access to `git shell` as a login shell in order to be vulnerable to this attack. This problem is patched in versions 2.30.6, 2.31.5, 2.32.4, 2.33.5, 2.34.5, 2.35.5, 2.36.3, and 2.37.4 and users are advised to upgrade to the latest version. Disabling `git shell` access via remote logins is a viable short-term workaround.

https://nvd.nist.gov/vuln/detail/CVE-2022-39260

4. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

5. CVE-2024-9935

The PDF Generator Addon for Elementor Page Builder plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5 via the rtw_pgaepb_dwnld_pdf() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

https://nvd.nist.gov/vuln/detail/CVE-2024-9935

6. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

7. CVE-2024-42327

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access.

https://nvd.nist.gov/vuln/detail/CVE-2024-42327

8. CVE-2024-49360

https://nvd.nist.gov/vuln/detail/CVE-2024-49360

9. CVE-2024-10914

A vulnerability was found in D-Link DNS-320, DNS-320LW, DNS-325 and DNS-340L up to 20241028. It has been declared as critical. Affected by this vulnerability is the function cgi_user_add of the file /cgi-bin/account_mgr.cgi?cmd=cgi_user_add. The manipulation of the argument name leads to os command injection. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used.

https://nvd.nist.gov/vuln/detail/CVE-2024-10914

10. CVE-2023-6063

The WP Fastest Cache WordPress plugin before 1.2.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by unauthenticated users.

https://nvd.nist.gov/vuln/detail/CVE-2023-6063

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 02 December 2024

by Amir Hadzipasic

December 2, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

2. CVE-2023-6063

https://nvd.nist.gov/vuln/detail/CVE-2023-6063

3. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

4. CVE-2022-4262

Type confusion in V8 in Google Chrome prior to 108.0.5359.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2022-4262

5. CVE-2023-25157

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. GeoServer includes support for the OGC Filter expression language and the OGC Common Query Language (CQL) as part of the Web Feature Service (WFS) and Web Map Service (WMS) protocols. CQL is also supported through the Web Coverage Service (WCS) protocol for ImageMosaic coverages. Users are advised to upgrade to either version 2.21.4, or version 2.22.2 to resolve this issue. Users unable to upgrade should disable the PostGIS Datastore *encode functions* setting to mitigate “strEndsWith“, “strStartsWith“ and “PropertyIsLike “ misuse and enable the PostGIS DataStore *preparedStatements* setting to mitigate the “FeatureId“ misuse.

https://nvd.nist.gov/vuln/detail/CVE-2023-25157

6. CVE-2024-9935

https://nvd.nist.gov/vuln/detail/CVE-2024-9935

7. CVE-2024-9680

An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation timelines. We have had reports of this vulnerability being exploited in the wild. This vulnerability affects Firefox < 131.0.2, Firefox ESR < 128.3.1, Firefox ESR < 115.16.1, Thunderbird < 131.0.1, Thunderbird < 128.3.1, and Thunderbird < 115.16.0.

https://nvd.nist.gov/vuln/detail/CVE-2024-9680

8. CVE-2024-8069

Limited remote code execution with privilege of a NetworkService Account access in Citrix Session Recording if the attacker is an authenticated user on the same intranet as the session recording server

https://nvd.nist.gov/vuln/detail/CVE-2024-8069

9. CVE-2024-5630

The Insert or Embed Articulate Content into WordPress plugin before 4.3000000024 does not prevent authors from uploading arbitrary files to the site, which may allow them to upload PHP shells on affected sites.

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

10. CVE-2020-1472

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

Opinion, OSINT

Using OSINT and Dark Web Intelligence for Proactive Threat Detection

by Daniel Collyer

November 28, 2024

In today’s rapidly evolving threat landscape, staying one step ahead of cybercriminals requires a proactive approach. By integrating Dark Web intelligence into a broader OSINT (open-source intelligence) strategy, organisations can enhance their ability to detect emerging threats early, mitigate risks, and safeguard their digital assets. This blog post explores how Dark Web monitoring complements OSINT for threat detection, highlights real-world use cases, and provides actionable tips for incorporating it into your organisation’s threat intelligence program.

The Role of Dark Web Intelligence in OSINT

Dark Web intelligence is an indispensable part of a robust OSINT strategy, offering unparalleled insights into emerging cyber threats. Unlike the surface web, the Dark Web operates within encrypted networks like Tor and I2P, providing anonymity for users. This makes it a hub for illicit activities, including the trade of stolen credentials, malware distribution, and discussions of planned attacks. For organisations, monitoring these hidden spaces is critical for staying ahead of cybercriminals.

Why It’s Good to Use

The Dark Web serves as an early warning system. Threat actors often test and trade stolen data or breach exploits here long before they are detected in broader contexts. By identifying leaked information—such as customer records or intellectual property—organisations can mitigate risks before they escalate. Moreover, this intelligence provides insights into adversarial tactics, techniques, and procedures (TTPs), enabling organisations to bolster defences.

How to Integrate Dark Web Intelligence into OSINT

Set Clear Intelligence Goals
Begin by defining your objectives. Are you searching for stolen credentials, insider threats, or potential data leaks? Tailored intelligence requirements help focus monitoring efforts and ensure actionable results.
Deploy Specialised Monitoring Tools
Given the encrypted nature of the Dark Web, navigating it safely and effectively requires purpose-built tools. Platforms designed for secure Dark Web exploration provide automated monitoring while protecting your operational security and ethical standing.
Combine with Broader Data Sources
The Dark Web is just one component of a comprehensive intelligence strategy. Correlating data from surface web sources, social media, and internal threat detection systems ensures a holistic view of potential risks.
Operationalise the Intelligence
Raw data is only as useful as its application. Integrate Dark Web intelligence into your existing workflows, such as SIEMs or threat intelligence platforms, to enhance detection and response capabilities.
Strengthen Cross-Team Collaboration
Share Dark Web findings with key stakeholders across departments—such as legal, compliance, and IT security—to ensure a coordinated response. For example, if stolen credentials are identified, collaborate with IT to enforce password resets and multi-factor authentication.
Monitor Regularly and Proactively
The Dark Web is dynamic, with information appearing and disappearing quickly. Continuous monitoring ensures you stay ahead of potential threats and respond in near real-time.

Real-World Benefits

When integrated effectively, Dark Web intelligence amplifies the value of OSINT. It enables organisations to move from a reactive to a proactive security posture, identifying threats before they materialise. By doing so, businesses can protect their data, mitigate financial losses, and uphold their reputation in an increasingly volatile cyber landscape.

Dark Web intelligence is not just about uncovering hidden risks—it’s about building resilience in an unpredictable digital world.

Case Studies: Proactive Threat Detection in Action

Detecting a Supply Chain Data Breach (Marriott International)

In 2020, threat actors targeted Marriott International’s supply chain, exposing millions of guests’ personal data. Prior to public disclosure, Dark Web monitoring by third-party researchers identified chatter in underground forums about the stolen data, including sensitive details such as reservation information and account credentials. This early detection enabled Marriott to initiate an investigation, disclose the breach to affected customers promptly, and mitigate potential damage. The case underscores how active Dark Web monitoring can flag breaches in progress, allowing organisations to react faster.

Uncovering Credentials Theft (LinkedIn Data Leak)

In 2021, LinkedIn faced a massive leak of user data, with over 700 million records posted on Dark Web forums. Before the dataset became widely available, Dark Web monitoring tools flagged small-scale posts advertising a “sample” of the records. Analysts determined that the data could be used for credential-stuffing attacks and phishing campaigns. Proactive notification from monitoring tools enabled LinkedIn users to secure their accounts and prompted the platform to bolster its defences against credential abuse.

Insider Threat Detection (Tesla)

In 2020, Tesla thwarted an insider threat that could have resulted in a ransomware attack. The company became aware of discussions on a Dark Web forum about a planned infiltration involving bribing an employee to install malware on Tesla’s network. Armed with this intelligence, Tesla’s security team conducted internal investigations, identified the employee involved, and cooperated with the FBI to prevent the attack. This example highlights how Dark Web intelligence can reveal insider risks and prevent potential crises.

These examples, grounded in publicly documented incidents, demonstrate the tangible benefits of integrating Dark Web monitoring into a proactive threat detection programme.

Actionable Tips for Integrating Dark Web Monitoring

Define Your Intelligence Requirements
Establish clear goals for what you aim to achieve with Dark Web monitoring. Are you looking for stolen credentials, potential insider threats, or mentions of your organisation in underground forums? Having well-defined objectives ensures your monitoring efforts are focused and effective.
Use Reliable Tools and Expertise
Dark Web monitoring requires specialised tools and expertise to navigate safely and gather relevant data. Partnering with trusted providers or leveraging purpose-built platforms ensures you collect actionable intelligence while maintaining operational security.
Integrate Insights with Broader Threat Intelligence
Dark Web intelligence should not exist in isolation. Integrate it with your overall threat intelligence programme, correlating data from the surface web, social media, and internal security systems to create a unified picture of potential threats.
Establish a Response Plan
Proactively determine how your organisation will respond to threats identified through Dark Web monitoring. Whether it’s notifying affected stakeholders, engaging law enforcement, or strengthening internal policies, having a clear plan ensures swift and effective action.
Maintain Compliance and Ethics
While monitoring the Dark Web, it is essential to remain compliant with laws and ethical guidelines. Ensure your activities respect privacy laws and do not inadvertently support or encourage illegal activity.

How SOS Intelligence Can Support Your Dark Web Investigations

At SOS Intelligence, we provide a comprehensive platform designed to empower organisations with proactive threat intelligence solutions. Combining advanced Open Source Intelligence (OSINT) capabilities with secure and effective Dark Web monitoring, we help businesses detect and respond to emerging cyber threats before they escalate.

Our platform offers a suite of features tailored to meet the evolving needs of modern organisations:

Dark Web Monitoring: We uncover critical insights by tracking stolen data, compromised credentials, and illicit activities in hidden online forums and marketplaces.
Customisable Threat Dashboards: Our user-friendly dashboards consolidate vital information, enabling organisations to visualise risks and prioritise responses.
Automated Alerts and Notifications: Stay informed with real-time updates about threats targeting your organisation, ensuring swift action and enhanced security.
Secure and Ethical OSINT Tools: We prioritise compliance and ethical standards while equipping businesses with the tools to collect, analyse, and utilise intelligence effectively.
Tailored Integrations: Our solutions integrate seamlessly with existing security frameworks, making it easier to bolster protection without disrupting workflows.

Our services are designed to meet the needs of businesses across industries, from SMEs to large enterprises. With SOS Intelligence, organisations can reduce exposure to risks, enhance resilience, and remain one step ahead of adversaries in a constantly evolving threat landscape.

Conclusion

Integrating Dark Web intelligence into your OSINT strategy can transform your organisation’s approach to threat detection. By identifying risks early and acting decisively, you can protect your business from potentially devastating cyber incidents. With the right tools, expertise, and processes in place, proactive threat detection is not only achievable but also essential in today’s interconnected world.

Why not get in touch now? A conversation can go a long way.

Web Photo by Nick Fewings on Unsplash

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 November 2024

by Amir Hadzipasic

November 25, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

2. CVE-2024-23113

A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets.

https://nvd.nist.gov/vuln/detail/CVE-2024-23113

3. CVE-2021-23337

Lodash versions prior to 4.17.21 are vulnerable to Command Injection via the template function.

https://nvd.nist.gov/vuln/detail/CVE-2021-23337

4. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

5. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

6. CVE-2024-1071

The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the ‘sorting’ parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

https://nvd.nist.gov/vuln/detail/CVE-2024-1071

7. CVE-2024-10914

https://nvd.nist.gov/vuln/detail/CVE-2024-10914

8. CVE-2019-8943

WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An attacker (who has privileges to crop an image) can write the output image to an arbitrary directory via a filename containing two image extensions and ../ sequences, such as a filename ending with the .jpg?/../../file.jpg substring.

https://nvd.nist.gov/vuln/detail/CVE-2019-8943

9. CVE-2024-25600

Improper Control of Generation of Code (‘Code Injection’) vulnerability in Codeer Limited Bricks Builder allows Code Injection.This issue affects Bricks Builder: from n/a through 1.9.6.

https://nvd.nist.gov/vuln/detail/CVE-2024-25600

10. CVE-2023-33568

An issue in Dolibarr 16 before 16.0.5 allows unauthenticated attackers to perform a database dump and access a company’s entire customer file, prospects, suppliers, and employee information if a contact file exists.

https://nvd.nist.gov/vuln/detail/CVE-2023-33568

Opinion, OSINT, Tips

OSINT Essentials: Planning, Recording, and Evaluating Intelligence

by Daniel Collyer

November 21, 2024

Introduction

Open-source intelligence (OSINT) involves the collection and analysis of publicly available information to derive actionable insights. From cybersecurity professionals monitoring emerging threats to investigators uncovering fraud, OSINT has become a cornerstone of modern intelligence gathering. It enables organisations and individuals to stay informed, make data-driven decisions, and mitigate risks in an increasingly interconnected world.

Despite its accessibility, successful OSINT is far from straightforward. Effective planning and preparation are fundamental to achieving meaningful results. Without a clear strategy, researchers can find themselves overwhelmed by the sheer volume of available data or risk compromising their operations due to poor security practices. Thoughtful preparation not only streamlines the intelligence-gathering process but also ensures that findings are accurate, relevant, and ethically obtained.

This blog serves as a practical guide to the essential steps of OSINT planning and preparation. Whether you are a seasoned analyst or new to the field, it will equip you with the tools and techniques needed to set your investigation on the right path. We’ll explore how to define your intelligence requirements, create a robust collection plan, and utilise secure tools for effective research. Additionally, we’ll delve into best practices for recording your findings and evaluating the reliability of your sources.

By the end of this post, you’ll have a solid framework for conducting efficient, ethical, and secure OSINT investigations, ensuring your efforts deliver valuable results while minimising risks. Let’s get started...

Establishing Intelligence Requirements

The foundation of any successful OSINT investigation lies in clearly defining your intelligence requirements. This process ensures your efforts are purposeful, efficient, and focused on delivering actionable insights. By taking the time to outline what you need to achieve, you can avoid unnecessary data collection and concentrate on gathering the most relevant information.

Defining Objectives

The first step is to ask yourself: Why am I conducting OSINT? Understanding the purpose of your investigation is critical. Are you looking to assess a potential security threat, monitor the reputation of your organisation, or gather competitive intelligence? Clearly defining the expected outcomes will help shape the scope of your research. Objectives should be specific, measurable, and aligned with the broader goals of your organisation or project. For example, rather than simply aiming to “monitor social media,” you might define a goal like “identify potential phishing campaigns targeting employees on LinkedIn.”

Gap Analysis

With your objectives established, conduct a gap analysis to determine what you already know, what is missing, and what you need to discover. This step involves reviewing existing information to identify gaps that need filling. For example:

What do I already know? You may already have access to internal reports or historical data.
What information is missing? Perhaps you lack details about the methods or timing of an anticipated cyberattack.
What do I need to know? Define the specific data points or insights required to address these gaps, such as identifying potential attackers or understanding their tactics.

This structured approach helps ensure your efforts remain focused and prevents the collection of irrelevant or redundant data.

Prioritising Questions

Once gaps have been identified, break down your objectives into smaller, actionable questions. These questions should directly address your intelligence needs and provide clarity on what to investigate. For example, if your objective is to assess a threat actor, your questions might include:

What digital footprints are associated with this actor?
Are there any recent mentions of their activity on forums or social media?
Which tools or methods do they commonly use?

By prioritising your questions, you can allocate resources effectively, tackling the most critical issues first while ensuring that secondary queries are not overlooked. This process transforms broad objectives into a structured framework for investigation, forming the backbone of a well-executed OSINT operation.

Creating an Intelligence Collection Plan

A well-crafted intelligence collection plan is essential for translating objectives into actionable steps. This plan provides a structured approach to gathering the required information while ensuring efficiency and adherence to ethical and legal standards.

Mapping the Requirements to Sources

The first step in creating a collection plan is to map your intelligence requirements to relevant sources. Begin by identifying where the needed information is most likely to be found. For instance:

The surface web (e.g., websites, social media, and public databases) is ideal for gathering general information or monitoring public discourse.
The deep web (e.g., subscription services, private forums) can provide more specialised data.
The Dark Web may be necessary for investigating illicit activities, such as cybercrime or data breaches.

It’s also crucial to categorise your information as primary or secondary. Primary sources include first-hand data, such as official statements or original documents, while secondary sources involve analysis or interpretations of primary data, such as news articles or reports. Prioritising primary sources can enhance the reliability of your findings.

Setting a Timeline

A clear timeline is vital for maintaining momentum and ensuring timely results. Break down the collection process into stages, such as identifying sources, gathering data, and reviewing findings, and assign deadlines to each stage. This structure prevents delays and keeps the investigation aligned with overarching objectives.

Allocating Resources

Effective OSINT requires the right tools, personnel, and technical support. Identify and assign the resources needed for the task. For example:

Tools: Use specialised software such as Maltego for data analysis or Shodan for network reconnaissance.
Personnel: Allocate roles based on expertise, such as assigning experienced analysts to sensitive tasks.
Technical requirements: Ensure you have secure systems and access to the necessary platforms.

Legal and Ethical Considerations

Adhering to legal and ethical guidelines is non-negotiable in OSINT. Research should comply with applicable laws, such as data protection regulations and restrictions on accessing certain types of information. Additionally, ethical considerations, such as respecting privacy and avoiding harm, should underpin your approach. A robust plan ensures that collection methods are both effective and responsible.

By aligning your collection activities with these steps, you can build a systematic and ethical framework for gathering intelligence, ultimately supporting informed decision-making.

Ensuring Safe and Secure OSINT Practices

Conducting OSINT comes with inherent risks, ranging from inadvertently revealing your identity to alerting the subject of your investigation. To mitigate these risks, it is vital to adopt safe and secure practices. These measures protect both your personal information and the integrity of your investigation.

Essential Tools

Several tools and technologies are fundamental for maintaining security during OSINT operations:

VPN (Virtual Private Network): A VPN is essential for masking your IP address and encrypting your internet traffic, ensuring anonymity and protecting against data interception. Choose a reputable, no-logs provider to maximise privacy. VPNs can also help to reach different intelligence sources; search engines will typically return results tailored to your location, so utilising a VPNs ability to change you location may deliver different results.
Virtual Machines (VM): Using a virtual machine isolates your OSINT activities from your primary operating system, minimising the risk of malware or other threats affecting your main environment.
Browser Containers and Privacy Extensions: Tools such as browser containers or extensions like uBlock Origin and Privacy Badger prevent tracking, block ads, and compartmentalise browsing activities, keeping your research secure and untraceable.
Sock Puppet Accounts: Create fake, plausible online identities (sock puppets) to access forums, social media, or other platforms without exposing your true identity. Ensure these accounts are credible, with consistent behaviour and relevant profiles.

Operational Security (OPSEC)

Maintaining strong operational security is critical to avoid tipping off targets or compromising your investigation. Key OPSEC practices include:

Separating identities: Never link your personal accounts or systems to your OSINT activities. Use dedicated devices or accounts to maintain clear boundaries.
Minimising digital footprints: Avoid actions that might leave behind traces of your research. This includes disabling auto-fill forms, clearing cookies, and using tools that limit tracking.
Being cautious with communication: If engaging with others, ensure your interactions do not reveal your true intent or identity. Use encrypted communication channels where necessary.
Avoiding direct engagement with targets: Observing from a distance is usually safer and less likely to alert subjects.

By leveraging the right tools and adhering to strict OPSEC principles, you can minimise risks, protect sensitive information, and ensure your OSINT efforts remain secure. These practices enable you to gather intelligence effectively without compromising your safety or the investigation’s success.

Recording Your Research

Proper documentation is a cornerstone of effective OSINT, ensuring that your findings are well-organised, reliable, and easily retrievable. Adopting structured recording practices enhances consistency, maintains accountability, and supports the analysis process.

Documentation Standards

Consistency is key when recording OSINT research. Use structured formats to organise your data in a way that is easy to understand and follow. For instance, spreadsheets or templates can help standardise entries, ensuring that all relevant details are captured.

Include metadata with every piece of information you collect. Metadata provides essential context and should include:

Time: When the information was collected or observed.
Source: The origin of the information, such as a website URL or social media post.
Method of collection: How the information was obtained, e.g., through manual research or automated tools.

This structured approach ensures that your records are clear and verifiable, which is particularly important when sharing findings or conducting further analysis.

Organising Information

Effective organisation is essential for managing the often vast amounts of data generated during OSINT investigations. Tools such as Evernote, Airtable, or specialised OSINT platforms can be invaluable for tagging, categorising, and retrieving information. Use tags to group similar data points or highlight key themes, and create categories based on factors such as relevance, reliability, or type of source.

Visual tools like mind maps or flowcharts can also help illustrate connections between different pieces of information, making patterns easier to identify.

Version Control

Maintaining version control is another critical aspect of documentation. Tracking changes ensures that your records remain accurate and provides an audit trail for accountability. Use tools that support version histories, such as Google Sheets or Git-based platforms, to monitor edits and maintain earlier versions of your work.

By implementing strong version control practices, you can preserve the integrity of your data and address discrepancies if new information arises or errors are discovered.

Recording your research systematically not only keeps your findings organised but also strengthens the reliability and credibility of your OSINT investigations. With clear documentation, you’ll be better prepared to analyse data, collaborate with others, and draw actionable insights from your efforts.

Evaluating Sources of Intelligence

Evaluating the quality and credibility of sources is a critical component of effective OSINT investigations. Without proper scrutiny, intelligence may be flawed, leading to misinformed decisions or wasted effort. This section explores key techniques for assessing source reliability, identifying and addressing bias, and maintaining ongoing validation of information.

Source Reliability and the Admiralty Code

One widely used framework for evaluating intelligence sources is the Admiralty Code, which grades both the reliability of the source and the credibility of the information. This two-part approach provides a structured way to assess the dependability of data:

Source Reliability: Assign ratings based on the track record of the source. For instance, a reputable organisation or individual with a history of providing accurate information might be considered highly reliable, while an unverified or unknown entity could be less so. Labels such as “reliable,” “usually reliable,” or “unreliable” are commonly applied to reflect varying degrees of confidence.
Information Credibility: Evaluate the content itself for accuracy and relevance. Factors such as internal consistency, corroboration with independent sources, and alignment with known facts are critical. Credibility is often categorised as “confirmed,” “likely,” or “doubtful.”

By combining these two elements, the Admiralty Code ensures a systematic evaluation process that highlights both trustworthy sources and credible data. However, this framework works best when supported by cross-referencing information with other independent sources.

Addressing Bias

Bias is an inherent risk in OSINT, as every source is influenced by its perspectives, interests, or agendas. Recognising and mitigating bias is essential to prevent skewed interpretations:

Identify Potential Biases: Consider the source’s motivations, affiliations, and target audience. For example, a corporate press release may emphasise favourable aspects while omitting negative details.
Use Diverse Sources: Balance viewpoints by consulting a range of materials, including those from opposing or neutral perspectives. Diversity helps counteract potential one-sided narratives.
Analyse Presentation: Be alert to emotionally charged language or selective data presentation, which may indicate an attempt to sway opinion rather than present facts.

Continuous Validation

Intelligence is rarely static. As new information becomes available, previously gathered data must be re-evaluated:

Reassess Regularly: Schedule periodic reviews of key findings, especially in dynamic situations where information evolves.
Update Records: Incorporate fresh data into your intelligence framework while documenting how it affects existing conclusions.
Corroborate New Insights: Validate emerging information against known facts to avoid reliance on unverified updates.

Through these practices, you can ensure your intelligence sources remain reliable, balanced, and up to date, supporting robust and informed decision-making.

Review and Adjust

The process of OSINT is not static; it requires continuous evaluation and adaptation to ensure the investigation remains effective and relevant. Regularly reviewing progress, adjusting the strategy, and conducting post-mortem analysis are key steps to refine your approach and maximise the value of your intelligence efforts.

Assessing Progress

Regular assessment is essential to determine whether the intelligence requirements are being met. This involves comparing the initial objectives with the findings gathered so far. Key questions to consider include:

Are the intelligence requirements being addressed? Review whether the collected data aligns with the original goals and whether any critical gaps remain.
Is the information actionable? Intelligence should be practical and contribute to decision-making processes, not just a collection of raw data.
Are resources being used efficiently? Consider whether tools, time, and personnel are being effectively allocated to achieve the desired outcomes.

Periodic reviews ensure that efforts stay on track and help identify areas requiring improvement before significant time or resources are wasted.

Adapting the Plan

Flexibility is vital in OSINT investigations. Findings may reveal unexpected insights, uncover new challenges, or highlight inefficiencies in the collection strategy. In response, the plan must be adjusted dynamically:

Refine Objectives: If new priorities emerge or initial assumptions prove incorrect, redefine your intelligence requirements to better reflect the evolving situation.
Optimise Tools and Methods: Evaluate whether the current tools and techniques are delivering the desired results. If not, consider integrating alternative platforms or approaches.
Address Challenges: Identify and mitigate obstacles, such as limited access to sources, technical difficulties, or unforeseen biases in the collected data.

By regularly adapting the plan, you ensure that the investigation remains relevant and responsive to changing circumstances.

Post-Mortem Analysis

Once the OSINT project is complete, conducting a thorough post-mortem analysis provides valuable insights for future investigations. This reflective step allows teams to identify successes, address shortcomings, and refine their processes:

Evaluate What Worked: Document tools, methods, and strategies that proved effective, so they can be replicated or enhanced in subsequent projects.
Analyse Challenges: Review obstacles encountered during the investigation, such as time delays, unreliable sources, or gaps in information. Develop strategies to mitigate these in future efforts.
Gather Feedback: Solicit input from all team members involved in the investigation to gain diverse perspectives on what could be improved.

A robust review process not only strengthens the current project’s outcomes but also contributes to building a more efficient and effective framework for future OSINT operations. With continuous improvement as a guiding principle, your OSINT efforts will evolve to meet the demands of an ever-changing landscape.

Conclusion

Thorough planning and preparation are the cornerstones of successful OSINT investigations. As this guide has outlined, establishing clear intelligence requirements, creating a structured collection plan, evaluating sources meticulously, and maintaining secure practices are all essential components of a robust approach. These steps not only ensure that your findings are relevant and actionable but also help mitigate the risks associated with open-source intelligence gathering.

Each phase of the OSINT process is interconnected, forming a cohesive framework that enhances the efficiency and reliability of your investigation. From defining objectives and identifying gaps in knowledge to validating sources and adapting strategies, every element builds on the last, reinforcing the integrity of your efforts. Skipping or neglecting any step can lead to inefficiencies, inaccuracies, or even ethical lapses, emphasising the need for a comprehensive and methodical approach.

Moreover, OSINT is a dynamic discipline that requires ongoing evaluation and adaptability. The ability to reassess progress, refine strategies, and learn from past experiences ensures that your efforts remain relevant and effective in an ever-changing landscape. By adopting a continuous improvement mindset, you not only achieve better results but also build a foundation for long-term success in intelligence gathering.

As you embark on your OSINT endeavours, remember to prioritise security, ethical considerations, and the quality of your data. The tools and techniques may vary depending on the specific context, but the principles of careful planning, rigorous evaluation, and disciplined execution are universal. A methodical and secure approach not only enhances your outcomes but also fosters confidence in your findings, enabling you to make informed decisions and drive meaningful action.

By integrating these best practices into your workflow, you can unlock the full potential of OSINT while maintaining the highest standards of professionalism and integrity.

Photos by Jon Tyson Roman Kraft Hayley Murray on Unsplash

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 November 2024

by Amir Hadzipasic

November 18, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

2. CVE-2024-23113

https://nvd.nist.gov/vuln/detail/CVE-2024-23113

3. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

4. CVE-2024-3273

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, was found in D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259284. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced.

https://nvd.nist.gov/vuln/detail/CVE-2024-3273

5. CVE-2024-24919

Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.

https://nvd.nist.gov/vuln/detail/CVE-2024-24919

6. CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file (pagefile.sys), hibernation file (hiberfil.sys), or RAM dump of the entire system. The first character cannot be recovered. In 2.54, there is different API usage and/or random string insertion for mitigation.

https://nvd.nist.gov/vuln/detail/CVE-2023-32784

7. CVE-2024-5630

https://nvd.nist.gov/vuln/detail/CVE-2024-5630

8. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

9. CVE-2024-21762

A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

10. CVE-2020-1472

https://nvd.nist.gov/vuln/detail/CVE-2020-1472

Opinion, OSINT

OSINT and Ethics: Navigating the Challenges of Responsible Intelligence Gathering

by Daniel Collyer

November 14, 2024

Open Source Intelligence (OSINT) has become an invaluable tool across cybersecurity, business intelligence, and law enforcement. By leveraging publicly available information from sources like social media, websites, and public records, OSINT enables organisations to monitor emerging threats, analyse competitor activity, and gain insights without resorting to intrusive or covert methods. With the rapid growth of digital information, OSINT offers unprecedented access to data that can inform decision-making and risk assessments.

However, this access to information comes with significant ethical and legal challenges, particularly concerning privacy and data handling. Unlike traditional intelligence methods, OSINT relies on openly available data, which can blur the lines of ethical responsibility. Practitioners must consider whether the information they gather could infringe upon individuals’ privacy, especially when it involves personal data or data that, while accessible, may not be ethically sound to exploit. Additionally, OSINT activities often cross international borders, complicating compliance with different countries’ data protection regulations, such as the General Data Protection Regulation (GDPR) in the EU.

The goal of this discussion is to provide guidance on how to conduct OSINT responsibly. By adhering to ethical principles and respecting legal frameworks, OSINT professionals can ensure their intelligence-gathering activities remain respectful of privacy while effectively supporting organisational objectives. Responsible OSINT practices not only help to mitigate legal risks but also uphold the trustworthiness and integrity of the profession in an era where data accessibility is at an all-time high.

What is OSINT and Why Are Ethics Important?

OSINT is the process of collecting and analysing information from publicly accessible sources, including social media, news sites, forums, and online databases. OSINT allows organisations to gather actionable insights without the need for invasive methods, drawing on the vast and diverse information available on the internet. It has become an essential tool for sectors like cybersecurity, business intelligence, and governmental operations, enabling organisations to gain valuable information about potential threats, market conditions, and broader geopolitical developments.

For cybersecurity, OSINT aids in monitoring for potential data leaks, phishing threats, or signals of a planned attack, enhancing an organisation’s preparedness and defence capabilities. In the business world, OSINT enables companies to stay informed about competitor moves, market trends, and customer sentiment, giving them an edge in a highly competitive landscape. Meanwhile, governmental bodies leverage OSINT to support law enforcement and intelligence operations, tracking issues like disinformation campaigns or border security threats.

However, as powerful as OSINT is, it raises important ethical questions. Given its reliance on publicly accessible data, OSINT operates in a grey area where information, while legally available, may still be ethically sensitive. For instance, gathering personal information from social media could potentially breach an individual’s privacy, even if the content is technically public. Additionally, different jurisdictions have varying regulations on data use, such as the General Data Protection Regulation (GDPR) in the EU, which aims to protect individuals’ privacy rights. These complexities make it critical for OSINT practitioners to conduct intelligence gathering responsibly, balancing their goals with a commitment to ethical standards.

The importance of ethics in OSINT cannot be overstated. Ethical considerations ensure that intelligence practices respect privacy and remain compliant with legal frameworks. By maintaining responsible OSINT practices, organisations not only mitigate potential legal risks but also build trust and credibility, reinforcing the responsible use of publicly available data in a way that benefits both their objectives and the public at large.

Key Ethical Challenges in OSINT

OSINT operates within an ethical landscape shaped by the ease of access to publicly available information, presenting unique challenges for responsible practice. These challenges include balancing privacy with public access, ensuring accuracy, and navigating issues of consent and transparency.

One of the core ethical tensions in OSINT is the balance between privacy and public access. While the data collected in OSINT activities is publicly accessible, individuals may not be aware that their information could be repurposed for intelligence gathering. Just because data is available online does not automatically justify its unrestricted use. This tension raises important ethical questions about respecting individuals’ privacy while still leveraging OSINT’s benefits. Practitioners must assess each case individually, considering the context of the data and its potential impact on individuals’ privacy before using it.

Another ethical challenge is the responsibility to ensure accuracy and verification. OSINT can often include information from varied sources, some of which may be incomplete, biased, or outdated. The ethical obligation to verify information is crucial to avoid the risk of spreading misinformation, which can lead to serious consequences for individuals or organisations implicated by unverified intelligence. OSINT practitioners are ethically bound to rigorously check and corroborate sources before sharing information or using it in decision-making.

Lastly, the issues of consent and transparency are complex in the digital age. Although information may be publicly available, that does not imply individuals have consented to its use for intelligence purposes. The assumption that public access equates to ethical use oversimplifies the reality of digital consent. People may share information without intending for it to be monitored or analysed by third parties. Transparency in OSINT practices—clearly communicating how and why data is gathered and handled—helps address these complexities, fostering ethical integrity.

Legal Implications of OSINT

OSINT can offer invaluable insights, yet it must operate within complex legal frameworks to ensure compliance and protect individual rights. Key considerations include adherence to data protection laws, managing cross-border legal challenges, and balancing security needs with privacy rights.

managed service provider (MSP) CTS has suffered a significant cyberattack as a result of CitrixBleed

One of the primary legal obligations for OSINT practitioners is adhering to data protection laws like the General Data Protection Regulation (GDPR) in the EU and the California Consumer Privacy Act (CCPA) in the US. These regulations set strict guidelines on the collection, processing, and retention of personal data, designed to protect individual privacy rights. OSINT activities that involve personal information must follow these laws closely to avoid legal repercussions and potential fines. GDPR, for instance, mandates data minimisation and purpose limitation, meaning that personal data collected should be directly relevant and necessary for the purpose it was obtained.

Cross-border legal issues further complicate OSINT practices, as data gathered may span multiple jurisdictions, each with its own data protection laws. Some countries have strict rules about how personal data can be used, even if it is publicly accessible. This can create legal ambiguity for OSINT practitioners, who must navigate a patchwork of global regulations. Ensuring compliance requires a comprehensive understanding of both local and international data protection requirements.

Finally, OSINT practitioners must balance the need for security with respect for privacy, especially in sensitive areas like crime prevention or investigative journalism. While gathering intelligence is critical for identifying and mitigating risks, it is essential to respect individual privacy rights and limit data collection to what is ethically and legally appropriate. This balance is vital in preserving public trust and ensuring that OSINT activities contribute positively to security without infringing on personal freedoms.

Best Practices for Ethical and Responsible OSINT

Effective and ethical OSINT requires a well-defined approach that prioritises respect for privacy and accountability. Adopting best practices, including establishing a clear ethical framework, maintaining operational security (OPSEC), and ensuring transparency, helps to safeguard both the integrity of intelligence activities and the privacy rights of individuals.

A clear ethical framework is essential for guiding OSINT activities. Organisations should establish detailed guidelines that define when, how, and why information is collected. This framework should outline permissible sources, data retention policies, and limitations on personal data usage. By setting clear boundaries and ethical principles, practitioners can avoid unnecessary data collection and mitigate risks related to privacy infringements or misuse. Having a structured ethical policy also provides a standardised approach, ensuring consistency and compliance across all OSINT activities.

Operational Security (OPSEC) is another critical aspect, as it helps protect both the organisation conducting OSINT and the individuals involved. Practitioners should use secure methods for gathering, storing, and sharing information to prevent sensitive data from being exposed or misused. This includes anonymising searches where appropriate, securely storing information, and protecting the identities of individuals involved in sensitive intelligence work. Effective OPSEC safeguards ensure that OSINT activities do not unintentionally compromise the security of individuals or the organisation itself.

Transparency and accountability are essential in maintaining ethical OSINT practices. Keeping a thorough record of OSINT activities, including sources, decision-making processes, and any limitations placed on data usage, supports accountability and aids in addressing any ethical concerns that may arise. Documenting activities and decisions also provides a reference for evaluating practices against legal or regulatory requirements, fostering a culture of transparency.

Managing Privacy Concerns in OSINT Work

Privacy is a primary concern in OSINT, as intelligence activities often involve handling sensitive and personal information. Best practices, including data minimisation, anonymisation, and responsible data retention, help mitigate privacy risks while maintaining effective intelligence gathering.

Data minimisation and anonymisation are essential principles in responsible OSINT. Practitioners should collect only the information necessary to meet the intelligence objectives, avoiding extraneous data that could infringe upon privacy rights. By focusing on essential data and anonymising any personal information wherever possible, OSINT professionals reduce the risk of unnecessary privacy breaches and align their activities with data protection regulations.

Handling sensitive information securely is also crucial throughout the OSINT lifecycle. This includes implementing secure storage solutions, restricting access to authorised personnel, and using encryption when storing or sharing sensitive data. Practitioners should establish protocols to handle particularly sensitive information carefully, ensuring it is protected against unauthorised access or leaks that could harm individuals or compromise organisational integrity.

Data retention and disposal are equally important for privacy management. Setting clear guidelines on how long data will be retained, with periodic reviews, ensures that information is only kept as long as it is useful and relevant. When data is no longer needed, secure deletion and disposal processes should be followed to prevent the potential misuse of archived information. These practices help maintain the privacy of individuals and uphold ethical standards in OSINT.

Adapting to Emerging OSINT Technologies and Ethical Considerations

As new technologies emerge, the OSINT community must continuously evolve its ethical practices to address potential privacy and security concerns. Staying informed about advances in OSINT tools and techniques, particularly in AI, is essential for maintaining responsible intelligence practices.

Ongoing education is crucial for understanding how new tools may impact ethical practices in OSINT. Technologies such as AI for data analysis can increase efficiency and reveal deeper insights, but they also pose unique ethical questions, including potential biases in data interpretation and the risk of excessive data collection. Practitioners should stay informed of new developments and continuously assess the ethical implications of their tools.

Regularly reviewing and updating ethical guidelines ensures they remain relevant as technology and privacy norms change. Guidelines must be adaptable, reflecting current technologies and emerging privacy concerns, such as the increased collection and processing of personal data. Regular updates also help organisations align with evolving data protection laws, maintaining compliance and ethical standards.

The role of AI in OSINT, in particular, demands a high level of transparency, fairness, and accountability. As AI tools become more common in OSINT, practitioners must address ethical challenges related to potential biases, data accuracy, and automated decision-making. Using AI responsibly in OSINT involves transparent methods and a commitment to fairness, ensuring that AI-based insights are accurate and do not unintentionally harm individuals or communities. By proactively addressing these ethical considerations, OSINT professionals can adapt effectively to the changing technological landscape.

Conclusion

The practice of ethical and responsible OSINT is essential to maintaining credibility and trust in the field. By prioritising privacy, accuracy, and transparency, organisations can ensure that OSINT serves its purpose effectively while respecting individual rights and adhering to legal standards. These principles are especially critical as OSINT continues to expand in scope and as technological advancements push the boundaries of data collection and analysis.

A commitment to ongoing ethical review is vital, as societal standards and privacy laws evolve in response to new challenges. Organisations that regularly assess and adapt their ethical frameworks can stay ahead of emerging issues, ensuring that their intelligence practices remain responsible and compliant. This proactive approach not only protects individuals’ privacy but also reinforces the organisation’s reputation as a trusted, responsible entity in the intelligence community.

Industry collaboration is key to promoting best practices in OSINT. By working together, organisations, professionals, and regulators can develop and share guidelines that uphold ethical standards across the field. Collaborative efforts to create clear, adaptable practices and to address emerging ethical questions will support a sustainable and responsible future for OSINT. As the landscape of open-source intelligence grows more complex, this shared commitment to ethics will be essential for building a secure and trustworthy intelligence ecosystem that benefits all stakeholders.

CCTV Photo by Tobias Tullius on Unsplash

Case Study, Opinion, OSINT

Case Study: OSINT and Ethics – Balancing Information and Responsibility

by Daniel Collyer

November 12, 2024

Introduction

In an era where information is accessible at unprecedented levels, Open-Source Intelligence (OSINT) has emerged as a critical tool for both private and public sectors. OSINT encompasses the collection and analysis of publicly available information to support decision-making, threat assessment, and strategic planning. Yet, with great accessibility comes great responsibility. The ethical dimensions of OSINT, particularly in relation to privacy and data security, have raised challenging questions about where to draw boundaries. This case study explores how ethical frameworks guide OSINT practices and examines a real-life scenario that highlights the critical need for ethical boundaries in OSINT activities.

Ethical Considerations in OSINT

OSINT allows practitioners to investigate and gather detailed information from publicly accessible sources, but ethical considerations must always be at the forefront. Just because information is accessible does not mean it is ethical—or even legal—to use it indiscriminately.

Key ethical considerations in OSINT include:

Privacy – OSINT practitioners must be mindful of personal privacy, balancing legitimate investigation needs with individuals’ right to privacy.
Proportionality – Information gathered should align with the goals of the investigation, avoiding excessive or unnecessary data collection.
Legality – Laws governing data protection, like the UK’s Data Protection Act, set boundaries that practitioners must observe. Failing to follow these laws can lead to penalties and reputational damage.
Purpose Limitation – OSINT should be applied within clear parameters, ensuring that data is only used for its stated purpose and minimising the risk of misuse.

Case Example: Cambridge Analytica and Data Ethics in OSINT

The Cambridge Analytica scandal, one of the most well-known examples of data misuse, highlights the ethical risks inherent in OSINT when privacy and transparency are overlooked. In 2014, the political consulting firm gained access to data from up to 87 million Facebook users worldwide. The data was acquired through an app developed by a researcher who paid users to take a personality quiz. While participants willingly shared their information, they were unaware that their friends’ data would also be collected without explicit consent.

The Mechanism of Data Collection

The researcher’s app, called “thisisyourdigitallife,” collected data on users who took the quiz, but due to Facebook’s then-lax privacy policies, it also gained access to extensive information about the friends of these users. This included demographic details, Facebook likes, and social networks, allowing Cambridge Analytica to build detailed psychological profiles on millions of individuals. Although Facebook’s terms of service permitted this type of data gathering at the time, most users were unaware of the extent of data being shared or how it would be used.

This example reveals a loophole where technically “public” or “shared” data was collected in ways that stretched ethical norms. Cambridge Analytica justified its actions by citing the “public” nature of social media interactions, yet the approach lacked transparency and infringed upon users’ reasonable expectations of privacy.

Ethical Violations in Data Exploitation

Cambridge Analytica’s use of OSINT, while technically permissible under Facebook’s policy, sparked intense criticism due to several ethical failings:

Lack of Informed Consent – Although individuals had agreed to the terms of the app, they had not been clearly informed of how their data—and, crucially, the data of their friends—would be utilised. This lack of informed consent created a situation where users unknowingly became part of a sophisticated data-mining operation.
Manipulative Intent – Cambridge Analytica used the data to tailor political messaging to influence voters’ behaviour in the 2016 U.S. presidential election and the UK’s Brexit referendum. This manipulation raised ethical concerns about OSINT’s role in influencing democratic processes, as voters received highly targeted messages based on detailed psychological insights.
Privacy Invasion Beyond Initial Scope – The extensive profiling exceeded the expectations users would typically have when engaging with social media. Cambridge Analytica essentially crossed a line from open-source intelligence gathering into invasive surveillance, blurring boundaries between voluntary data sharing and unwarranted data exploitation.

Legal and Reputational Fallout

The fallout from the Cambridge Analytica scandal was swift and severe. Facebook faced a $5 billion fine from the Federal Trade Commission (FTC) for failing to protect user data and was compelled to implement new data protection measures. Cambridge Analytica itself faced international scrutiny, ultimately filing for bankruptcy amidst ongoing investigations. Beyond legal repercussions, the incident led to a wave of distrust in social media platforms and increased public demand for transparency in data practices.

Legal firms need cyber threat intelligence

This case serves as a crucial reminder that ethical OSINT is not just about adhering to legal guidelines; it also requires transparency and accountability. For OSINT practitioners, the scandal emphasises the need to handle personal data with respect for privacy and clear communication about how information will be used.

Lessons Learned for OSINT Practitioners

The Cambridge Analytica case underscores several key takeaways for responsible OSINT:

Prioritise User Awareness: Users should be aware of data collection practices. In cases where OSINT gathers data from social platforms, practitioners must ensure they respect users’ privacy boundaries.
Minimise Data Collection: Only gather information that is necessary and relevant. Over-collection, even if permissible, may cross ethical lines, especially when dealing with sensitive data.
Safeguard Democratic Integrity: OSINT practitioners should be cautious in using personal insights to influence decision-making, particularly in contexts where it may affect democratic processes or individual autonomy.

By examining Cambridge Analytica’s missteps, OSINT practitioners can better understand the consequences of unrestrained data collection and the need for ethical frameworks. A commitment to ethical OSINT practices not only protects individual privacy but also strengthens public trust in the field.

Implementing Ethical OSINT Practices

Organisations using OSINT should consider developing and enforcing a clear ethical framework, including:

Transparent Data Use: Always inform individuals if their data is being collected and explain its intended purpose.
Clear Consent Mechanisms: Consent should be obtained whenever feasible, even if data is publicly available.
OPSEC (Operational Security): Safeguard the methods and tools used in OSINT to prevent exploitation or misuse of information.
Regular Ethical Audits: Conduct periodic audits of OSINT practices to ensure they meet both legal and ethical standards.

Conclusion

The Cambridge Analytica case offers a cautionary tale for the OSINT community, reminding practitioners that while the accessibility of information can be a powerful tool, it must be wielded responsibly. Ethical OSINT practices not only protect individuals but also uphold the reputation of organisations that rely on this intelligence. As OSINT continues to evolve, so too must our ethical frameworks, ensuring that we balance innovation with integrity.

Photos by Dayne Topkin Mario Mesaglio on Unsplash

CVE Top 10

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 November 2024

by Amir Hadzipasic

November 11, 2024

This weekly blog post is from via our unique intelligence collection pipelines. We are your eyes and ears online, including the Dark Web.

There are thousands of vulnerability discussions each week. SOS Intelligence gathers a list of the most discussed Common Vulnerabilities and Exposures (CVE) online for the previous week.

We make every effort to ensure the accuracy of the data presented. As this is an automated process some errors may creep in.

If you are feeling generous please do make us aware of anything you spot, feel free to follow us on Twitter @sosintel and DM us. Thank you!

1. CVE-2024-21762

https://nvd.nist.gov/vuln/detail/CVE-2024-21762

2. CVE-2024-24919

https://nvd.nist.gov/vuln/detail/CVE-2024-24919

3. CVE-2018-17144

https://nvd.nist.gov/vuln/detail/CVE-2018-17144

4. CVE-2024-10687

https://nvd.nist.gov/vuln/detail/CVE-2024-10687

5. CVE-2024-37383

Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.

https://nvd.nist.gov/vuln/detail/CVE-2024-37383

6. CVE-2024-3273

https://nvd.nist.gov/vuln/detail/CVE-2024-3273

7. CVE-2024-21060

https://nvd.nist.gov/vuln/detail/CVE-2024-21060

8. CVE-2024-23113

https://nvd.nist.gov/vuln/detail/CVE-2024-23113

9. CVE-2024-4947

Type Confusion in V8 in Google Chrome prior to 125.0.6422.60 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High)

https://nvd.nist.gov/vuln/detail/CVE-2024-4947

10. CVE-2023-1314

A vulnerability has been discovered in cloudflared’s installer (<= 2023.3.0) for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affected device. This vulnerability exists because the MSI installer used by cloudflared relied on a world-writable directory. An attacker with local access to the device (without Administrator rights) can use symbolic links to trick the MSI installer into deleting files in locations that the attacker would otherwise have no access to. By creating a symlink from the world-writable directory to the target file, the attacker can manipulate the MSI installer's repair functionality to delete the target file during the repair process. Exploitation of this vulnerability could allow an attacker to delete important system files or replace them with malicious files, potentially leading to the affected device being compromised. The cloudflared client itself is not affected by this vulnerability, only the installer for 32-bit Windows devices.

https://nvd.nist.gov/vuln/detail/CVE-2023-1314

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

The SOS Intelligence CVE Chatter Weekly Top Ten – 16 December 2024

The SOS Intelligence CVE Chatter Weekly Top Ten – 09 December 2024

The SOS Intelligence CVE Chatter Weekly Top Ten – 02 December 2024

Using OSINT and Dark Web Intelligence for Proactive Threat Detection

The SOS Intelligence CVE Chatter Weekly Top Ten – 25 November 2024

OSINT Essentials: Planning, Recording, and Evaluating Intelligence

The SOS Intelligence CVE Chatter Weekly Top Ten – 18 November 2024

OSINT and Ethics: Navigating the Challenges of Responsible Intelligence Gathering

Case Study: OSINT and Ethics – Balancing Information and Responsibility

The SOS Intelligence CVE Chatter Weekly Top Ten – 11 November 2024

Recent Posts

Recent Comments