Get Cyber-Smart in Just 5 Minutes a Week
Weekly insights on cybersecurity and privacy. No spam—just essential info to keep you secure, straight to your inbox.
Latest
ALL STORIES >Brief for
🧩 Modernizing Offensive .NET Tradecraft: Enhancing Red Team Techniques. Red teams are evolving their strategies for executing .NET assemblies in memory, focusing on custom command-and-control (C2) frameworks and advanced post-exploitation tools. This article discusses the use of Common Language Runtime (CLR) customizations to improve operational security and bypass the Anti-Malware Scan Interface (AMSI). Key techniques include managing memory allocations and implementing a custom assembly loading manager, which allows operators to load assemblies from memory without triggering AMSI scans. The author provides a proof-of-concept demonstrating these methods, emphasizing the importance of understanding CLR mechanics for effective defense strategies against post-exploitation tooling. The research highlights the ongoing cat-and-mouse game between offensive tactics and defensive measures in cybersecurity.
💻🌐 U.S. Indicts Russian Crypto Mixer Operators Amid Cybersecurity Crackdown. The Department of Justice has indicted three Russian nationals for operating cryptocurrency mixers Blender.io and Sinbad.io, which facilitated the laundering of over $500 million in criminal proceeds, including funds from North Korean hackers. Following the shutdown of Blender.io, Sinbad.io emerged but was seized in November 2023. Concurrently, a successful FBI operation removed PlugX malware from over 4,200 infected U.S. computers, targeting a remote access trojan used by state-sponsored hackers. Additionally, new evidence links North Korea’s fraudulent IT worker schemes to a 2016 crowdfunding scam, highlighting the regime’s evolving tactics to evade sanctions. Meanwhile, Russian-backed cyberespionage efforts continue to target Kazakhstan’s diplomatic sectors, reflecting geopolitical tensions in the region.
🔒💻 New UEFI vulnerability CVE-2024-7344 allows bypassing Secure Boot on many systems. ESET researchers identified a significant vulnerability in UEFI applications signed by Microsoft, enabling the execution of untrusted code during system boot, which could facilitate the deployment of malicious UEFI bootkits. This flaw affects numerous UEFI-based systems, particularly those using recovery software from various vendors, including Howyar and Greenware. The vulnerability arises from a custom PE loader that bypasses standard UEFI security checks. Microsoft has since revoked the affected binaries and issued patches as of January 14, 2025. Users are advised to update their systems to mitigate potential risks associated with this vulnerability.
🐝 New Honeypot Framework BaitRoute Aims to Mislead Attackers. A security engineer has developed BaitRoute, a honeypot framework designed to create realistic-looking fake vulnerabilities in web applications and APIs. This tool, which supports multiple programming languages including Go, Python, and JavaScript, allows users to register endpoints that appear vulnerable, thereby misleading vulnerability scanners. BaitRoute includes nearly 100 pre-configured rules and enables the creation of custom rules, providing alerts when decoy vulnerabilities are probed. While it may not be suitable for high-traffic sites, it can be particularly useful for smaller applications to track dedicated attackers and potentially identify insider threats. The framework aims to waste attackers’ time with false positives, enhancing overall security awareness.
🛡️🖼️ Azure Container Registry’s Reader Role Poses Security Risks. A recent security review revealed that users granted the Azure Reader role at the subscription level can download container images from Azure Container Registry (ACR), potentially exposing sensitive data. This behavior, while documented, highlights a significant oversight in Azure’s permission model, where the default AcrPull permission allows unintended access to confidential information within container images. The article emphasizes the need for organizations to limit role assignments, avoid embedding sensitive data in images, and consider using more granular access controls. It also calls for Microsoft to revise the default permission model to enhance security by separating control and data plane permissions, similar to Azure Key Vault’s approach.
🔍 OWASP releases the Smart Contract Top 10 for 2025, highlighting critical vulnerabilities. The OWASP Smart Contract Top 10 (2025) serves as a vital resource for Web3 developers and security teams, identifying the most significant vulnerabilities in smart contracts, including access control flaws, price oracle manipulation, and reentrancy attacks. This updated list is informed by insights from various authoritative sources, including SolidityScan’s Web3HackHub, which documented over $1.42 billion in financial losses from 149 incidents in 2024. The document aims to enhance security awareness and provide a comprehensive reference for mitigating risks associated with smart contracts. For more information, visit scs.owasp.org.
🕵️♂️ New Sneaky 2FA Phishing Kit Targets Microsoft 365 Accounts. Cybersecurity researchers have identified a new adversary-in-the-middle phishing kit named Sneaky 2FA, designed to steal Microsoft 365 credentials and two-factor authentication codes. Detected by Sekoia in December 2024, the kit is sold as phishing-as-a-service for $200 per month and has been linked to nearly 100 domains. It employs sophisticated tactics, including anti-bot measures and the use of blurred images mimicking legitimate Microsoft interfaces to deceive users. The kit requires a valid subscription for operation and has connections to previous phishing syndicates, indicating a potential evolution in phishing techniques. This development highlights the ongoing threat posed by advanced phishing strategies in the cybersecurity landscape.
🕵️♂️💻 U.S. Treasury sanctions North Korean IT workers for funding illicit activities. The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned two individuals and four entities linked to North Korea’s regime, accusing them of generating illicit revenue through overseas IT work. These workers, who disguise their identities, reportedly funnel up to 90% of their earnings back to the North Korean government, contributing to its weapons programs, including those for weapons of mass destruction. The sanctions target front companies involved in this scheme, which has been ongoing since at least 2018. The U.S. aims to disrupt these networks that finance North Korea’s destabilizing activities, including support for Russia’s war in Ukraine.
📰 Google refuses to comply with EU’s upcoming fact-checking law. In a letter to the European Commission, Google announced it will not integrate fact-checking into its search results or YouTube videos, nor will it use fact-checking data for content moderation. The company, which has historically not engaged in fact-checking as part of its policies, previously invested in a European fact-checking database for elections. Google’s global affairs president, Kent Walker, argued that such integration is “not appropriate or effective” for their services, while highlighting their existing content moderation technologies. This decision comes amid a broader trend of major tech companies, including Meta and X, scaling back their fact-checking efforts. The EU’s fact-checking requirement is set to become mandatory under its new Code of Practice on Disinformation.
💻🔍 Chinese hackers breach U.S. Treasury Department systems, accessing Secretary Yellen’s computer. In December 2024, state-sponsored Chinese hackers exploited vulnerabilities in third-party software from BeyondTrust to infiltrate the U.S. Treasury Department, gaining access to Secretary Janet Yellen’s personal computer and other workstations. The breach, labeled a “major incident,” compromised fewer than 50 files on Yellen’s device and over 3,000 unclassified files across 419 workstations, focusing on sensitive areas like sanctions enforcement and international financial affairs. Although the hackers avoided classified systems, the incident has raised alarms about third-party vendor security. The Treasury is now collaborating with the FBI and CISA to assess the breach’s impact and strengthen cyber defenses, while China has denied involvement, calling the allegations politically motivated.
🚗🔍 Mercedes-Benz MBUX Head Unit Vulnerabilities Exposed in Security Research. A detailed analysis of the Mercedes-Benz User Experience (MBUX) infotainment system has uncovered multiple security vulnerabilities, including buffer overflows and command injection risks. The research, conducted by a team including Radu Motspan and Kirill Nesterov, utilized diagnostic tools and custom scripts to probe the system’s architecture and communication protocols. Key vulnerabilities identified include CVE-2024-37600, which allows for stack buffer overflow, and CVE-2023-34402, enabling arbitrary file writing. The findings highlight significant security flaws that could be exploited through physical access, particularly via USB connections, raising concerns about the safety of connected vehicles. The vulnerabilities have been disclosed to Mercedes-Benz, with several CVE IDs assigned for tracking.
🌐🔌 IoT Botnet Drives Large-Scale DDoS Attacks Globally. Since late 2024, a sophisticated IoT botnet has been linked to extensive DDoS attacks targeting various industries, particularly in Japan, North America, and Europe. The botnet, utilizing malware variants from Mirai and Bashlite, exploits vulnerabilities in IoT devices like wireless routers and IP cameras, allowing it to execute diverse attack commands. Analysis revealed that the majority of infected devices were located in India and South Africa, with TP-Link and Zyxel routers being the most common. The article emphasizes the importance of securing IoT devices to prevent their exploitation in cyberattacks and outlines best practices for enhancing device security and mitigating DDoS threats.
🔐🤖 The intersection of AI and end-to-end encryption raises critical privacy concerns. A recent paper by NYU and Cornell researchers explores the implications of integrating AI into end-to-end encrypted communications, highlighting the tension between enhanced AI capabilities and user privacy. As AI systems increasingly process private data, often requiring off-device computation, the risk of exposing sensitive information grows. The paper discusses the challenges of maintaining privacy in a landscape where governments may demand access to AI agents that manage personal data. While companies like Apple are attempting to address these issues with trusted hardware solutions, the future of end-to-end encryption remains uncertain as the balance between utility and privacy becomes increasingly complex.
🦠 Ivanti warns of critical vulnerabilities in remote access products. On January 8, 2025, Ivanti disclosed two significant vulnerabilities (CVE-2025-0282 and CVE-2025-0283) affecting its Connect Secure, Policy Secure, and ZTA gateway products, with CVE-2025-0282 allowing remote code execution by unauthenticated attackers and rated critical with a CVSS score of 9.0. Mandiant reported active exploitation of CVE-2025-0282, while CVE-2025-0283 enables local privilege escalation. Attackers have been observed using custom scripts and tools to exploit these vulnerabilities, leading to credential harvesting and lateral movement within networks. Ivanti has released patches and recommends immediate updates to mitigate these risks, while Palo Alto Networks offers protective measures through its security products.
🔍 Google launches OSV-SCALIBR, a new library for software composition analysis. The OSV-SCALIBR library enhances vulnerability scanning capabilities for open source dependencies, supporting 11 programming languages and various package managers. It offers features such as scanning for installed packages, standalone binaries, and source code, along with SBOM generation in popular formats. Designed for performance in resource-constrained environments, OSV-SCALIBR is now the primary scanning engine at Google, with plans to integrate its features into the existing OSV-Scanner tool. Future updates will expand support for additional ecosystems and improve vulnerability detection. Developers are encouraged to contribute to the library and utilize its capabilities for securing software.
🛡️💔 Vulnerabilities in TPM2-Based Disk Encryption Exposed. A recent analysis reveals that many setups using TPM2 for automatic disk unlocking are susceptible to filesystem confusion attacks, allowing attackers with brief physical access to decrypt disks. The article explains how the lack of verification for the LUKS identity of decrypted partitions enables this vulnerability, as attackers can manipulate the initrd to execute malicious code. It emphasizes the importance of implementing additional security measures, such as using a TPM PIN or ensuring proper verification of LUKS identities, to safeguard against these exploits. The findings highlight a significant gap in the security of widely used disk encryption methods across various Linux distributions.