Infosec Press

Reader

Read the latest posts from Infosec Press.

from ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Over 20 Malicious Crypto Wallet Apps Found on Google Play, CRIL Warns security research โ€“ More than 20 malicious apps on Google Play impersonate popular crypto wallets, tricking users into revealing their mnemonic phrases and risking their digital assets. https://thecyberexpress.com/new-crypto-phishing-campaign/

๐Ÿ’พ US air traffic control still runs on Windows 95 and floppy disks security news โ€“ The FAA plans to replace outdated air traffic control systems still using Windows 95 and floppy disks, citing critical infrastructure needs despite skepticism about timely modernization. https://arstechnica.com/information-technology/2025/06/faa-to-retire-floppy-disks-and-windows-95-amid-air-traffic-control-overhaul/

โ˜Ž๏ธ A Researcher Figured Out How to Reveal Any Phone Number Linked to a Google Account vulnerability โ€“ A researcher exploited a vulnerability to uncover any Google account's linked phone number, raising privacy concerns for users at risk of SIM swapping. Google has since fixed the issue. https://www.wired.com/story/a-researcher-figured-out-how-to-reveal-any-phone-number-linked-to-a-google-account/

โœˆ๏ธ Airlines Don't Want You to Know They Sold Your Flight Data to DHS privacy โ€“ Major airlines sold U.S. travelers' flight data, including personal and financial details, to Customs and Border Protection, raising privacy concerns over surveillance and data transparency. https://www.404media.co/airlines-dont-want-you-to-know-they-sold-your-flight-data-to-dhs/

๐Ÿ“น 40,000 cameras expose feeds to datacenters, health clinics privacy โ€“ Security researchers accessed 40,000 exposed cameras globally, including those in sensitive locations, raising privacy and espionage concerns as vulnerabilities could be exploited by both criminals and state actors. https://www.theregister.com/2025/06/10/40000_iot_cameras_exposed/

๐Ÿ›’ Ongoing cyberattack at US grocery distributor giant UNFI affecting customer orders cybercrime โ€“ UNFI is grappling with a cyberattack that disrupts operations and customer orders, leading to limited shipping and potential shortages in grocery stores. The company is working to restore systems. https://techcrunch.com/2025/06/10/ongoing-cyberattack-at-us-grocery-distributor-giant-unfi-affecting-customer-orders/

๐Ÿ› ๏ธ Microsoft Patch Tuesday addresses 66 vulnerabilities, including an actively exploited zero-day vulnerability โ€“ Microsoft's latest security update fixed 66 vulnerabilities, including a zero-day exploited by the Stealth Falcon group for targeted attacks. Users are urged to patch systems due to widespread risks. https://cyberscoop.com/microsoft-patch-tuesday-june-2025/

๐ŸŒ DNS4EU: Die EU startet eigenen DNS-Resolver-Dienst mit optionalen Filtern privacy โ€“ Die EU hat DNS4EU eingefรผhrt, einen eigenen DNS-Resolver-Dienst, der digitale Unabhรคngigkeit fรถrdern soll. Nutzer kรถnnen zwischen verschiedenen Filteroptionen wรคhlen, wรคhrend Datenschutz versprochen wird. https://www.kuketz-blog.de/dns4eu-die-eu-startet-eigenen-dns-resolver-dienst-mit-optionalen-filtern/

๐Ÿ’ผ Crooks posing as job hunters to malware-infect recruiters cybercrime โ€“ Cybercriminals from FIN6 are targeting recruiters by posing as job seekers and directing them to fake portfolio sites that deliver malware, enabling remote access and credential theft. https://www.theregister.com/2025/06/11/crooks_posing_job_hunters_target_recruiters/

๐Ÿค– AI Therapy Bots Are Conducting 'Illegal Behavior,' Digital Rights Organizations Say security news โ€“ Digital rights groups are urging the FTC to investigate Character.AI and Meta for unlicensed therapy bots misleading users about credentials and confidentiality, raising serious ethical concerns. https://www.404media.co/ai-therapy-bots-meta-character-ai-ftc-complaint/

โš ๏ธ Angriffe mit manipulierten SVG warning โ€“ CERT.at warnt vor Phishing-Angriffen, die manipulierte SVG-Dateien als Anhรคnge nutzen, um JavaScript auszufรผhren und sensible Informationen zu stehlen. SicherheitsmaรŸnahmen sind dringend erforderlich. https://www.cert.at/de/warnungen/2025/6/phishing-angriffe-mit-manipulierten-svg-dateien-vorsicht-geboten

๐Ÿ”’ Apple fixes new iPhone zero-day bug used in Paragon spyware hacks vulnerability โ€“ Apple has patched a zero-day vulnerability exploited by Paragon spyware to hack iPhones of two journalists, revealing the flaw was fixed in the February iOS update but not disclosed until now. https://techcrunch.com/2025/06/12/apple-fixes-new-iphone-zero-day-bug-used-in-paragon-spyware-hacks/

๐Ÿ“ข How to Protest Safely in the Age of Surveillance privacy โ€“ With rising surveillance during protests, individuals should consider both physical and digital security. Key strategies include limiting phone use, using encrypted communication, and being cautious about online activity. https://www.wired.com/story/how-to-protest-safely-surveillance-digital-privacy/

๐ŸŽฃ โ€œAnmeldung mit nicht erkanntem Gerรคtโ€: Phishing warning โ€“ Phishing attacks are using fake websites that mimic official ones, often with subtle changes in the URL, such as replacing a letter, to deceive victims into revealing sensitive information. https://www.watchlist-internet.at/news/phishing-attacke-paypal/

๐Ÿ’ป Bert Ransomware: What You Need To Know cybercrime โ€“ Bert ransomware encrypts files and demands payment for decryption, also exfiltrating data. Victims are advised to contact hackers for recovery, emphasizing the need for strong cybersecurity measures. https://www.fortra.com/blog/bert-ransomware-what-you-need-know

๐Ÿ‘ฎ Dutch police identify users as young as 11-year-old on Cracked.io hacking forum security news โ€“ Dutch police identified 126 users from the dismantled Cracked.io hacking forum, including an 11-year-old, highlighting the involvement of young individuals in cybercrime. Authorities aim to educate and warn them about potential consequences. https://www.bitdefender.com/en-us/blog/hotforsecurity/dutch-police-cracked-io-hacking-forum

๐ŸŽฎ Exploiting Heroes of Might and Magic V vulnerability โ€“ The article discusses a vulnerability in Heroes of Might and Magic V related to how the game handles map files, allowing attackers to exploit the game's zip file processing to execute arbitrary code. https://www.synacktiv.com/publications/exploiting-heroes-of-might-and-magic-v.html


Some More, For the Curious

๐Ÿ‘พ Internet infamy drives The Comโ€™s crime sprees cybercrime โ€“ The Com, a youth-driven cybercrime group, thrives on notoriety, engaging in serious crimes like sextortion and violence, fueled by economic pressures and a need for belonging. https://cyberscoop.com/the-com-subculture-infamy-crimes/

๐Ÿ”Ž LinkedIn for OSINT: tips and tricks โ€“ Compass Security Blog hacking write-up โ€“ LinkedIn is a rich source for open-source intelligence, offering insights into individuals and companies. Caution is advised to maintain privacy while gathering useful data for assessments. https://blog.compass-security.com/2025/06/linkedin-for-osint-tips-and-tricks/

๐Ÿข Breaking down โ€˜EchoLeakโ€™, the First Zero-Click AI Vulnerability Enabling Data Exfiltration from Microsoft 365 Copilott vulnerability โ€“ Aim Labs discovered a zero-click AI vulnerability called EchoLeak in Microsoft 365 Copilot, enabling attackers to exfiltrate sensitive data without user interaction, highlighting critical security risks in AI applications. https://www.aim.security/lp/aim-labs-echoleak-blogpost

โš ๏ธ High Severity Vulnerabilities in Gitlab Products vulnerability โ€“ GitLab released security updates addressing multiple high-severity vulnerabilities, including account takeover and XSS issues. Users are urged to update affected installations promptly. https://cert.europa.eu/publications/security-advisories/2025-020/

๐Ÿ›ก๏ธ Cyber resilience begins before the crisis security news โ€“ Microsoft's Deputy CISO emphasizes the importance of proactive planning and communication for cyber resilience, highlighting misconceptions, actionable steps, and the role of AI in improving response to cyber incidents. https://www.microsoft.com/en-us/security/blog/2025/06/12/cyber-resilience-begins-before-the-crisis/

๐Ÿ” Mitigating prompt injection attacks with a layered defense strategy cyber defense โ€“ Google addresses the rising threat of indirect prompt injection attacks on AI systems by implementing a layered defense strategy, including content classifiers, user confirmation, and URL redaction to enhance security. https://security.googleblog.com/2025/06/mitigating-prompt-injection-attacks.html

๐Ÿช‚ Paraguay is Being Targeted by Cybercriminals โ€“ 7.4 Million Citizen Records for Sale data breach โ€“ A significant data breach in Paraguay has exposed 7.4 million citizen records for sale on the dark web, linked to cybercriminals who demand a ransom. The incident highlights increasing cybersecurity threats in the region. https://www.resecurity.com/blog/article/paraguay-is-being-targeted-by-cybercriminals-74-million-citizen-records-for-sale

๐Ÿชฉ NTLM reflection is dead, long live NTLM reflection! โ€“ An in-depth analysis of CVE-2025-33073 security research โ€“ The article analyzes CVE-2025-33073, a vulnerability allowing NTLM reflection attacks, detailing its exploitation, patching process, and emphasizing the importance of SMB signing for enhanced security. https://www.synacktiv.com/en/publications/ntlm-reflection-is-dead-long-live-ntlm-reflection-an-in-depth-analysis-of-cve-2025.html

๐Ÿ”ง the Microsoft way (part 89): user group policies don't deserve tamper protection vulnerability โ€“ The article discusses vulnerabilities in user group policies on Windows, highlighting how unprivileged users can bypass restrictions by manipulating registry files. Recommendations for countermeasures are provided. https://seclists.org/fulldisclosure/2025/Jun/13

๐ŸŽฎ Hijacked Trust: How Malicious Actors Exploited Discordโ€™s Invite System to Launch Global Multi-Stage Attacks cybercrime โ€“ Attackers hijacked expired Discord invite links to redirect users to malicious servers, using fake bots and phishing sites to steal credentials and deploy malware, primarily targeting cryptocurrency users. https://blog.checkpoint.com/research/hijacked-trust-how-malicious-actors-exploited-discords-invite-system-to-launch-global-multi-stage-attacks/

๐Ÿ–๏ธ Check Point Research Warns of Holiday-Themed Phishing Surge as Summer Travel Season Begins cybercrime โ€“ Phishing scams spike with over 39,000 new vacation-related domains; cybercriminals mimic trusted platforms to steal personal and payment information from travelers. https://blog.checkpoint.com/research/check-point-research-warns-of-holiday-themed-phishing-surge-as-summer-travel-season-begins/

๐Ÿ”Œ The Growing Risk of Malicious Browser Extensions security research โ€“ Malicious browser extensions are increasingly hijacking user sessions and manipulating content, posing serious risks to privacy and security, with recent campaigns targeting sensitive data and financial information. https://socket.dev/blog/the-growing-risk-of-malicious-browser-extensions

๐Ÿชž Reflective Kerberos Relay Attack Against Domain vulnerability โ€“ The Reflective Kerberos Relay Attack allows low-privileged users to gain NT AUTHORITY\SYSTEM privileges on domain-joined Windows systems without SMB signing, posing a high security risk. A patch is available. https://www.redteam-pentesting.de/en/advisories/rt-sa-2025-002/


CISA Corner

๐Ÿ’ Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider security news- CISA warns that ransomware actors are exploiting unpatched vulnerabilities in SimpleHelp RMM to compromise utility billing software providers, urging immediate action for software updates and mitigations. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a

โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities in Erlang/OTP SSH Server and Roundcube Webmail to their catalog. https://www.cisa.gov/news-events/alerts/2025/06/09/cisa-adds-two-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added two vulnerabilities in Wazuh and WebDAV to its KEV Catalog. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-adds-two-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Four Industrial Control Systems Advisories vulnerability โ€“ CISA issued four advisories addressing vulnerabilities in industrial control systems by SinoTrack, Hitachi, MicroDicom and Assured Telematics. https://www.cisa.gov/news-events/alerts/2025/06/10/cisa-releases-four-industrial-control-systems-advisories โš™๏ธ CISA Releases Ten Industrial Control Systems Advisories vulnerability โ€“ CISA has published ten advisories addressing vulnerabilities in various industrial control systems by Siemens, AVEVA and PTZOptics. https://www.cisa.gov/news-events/alerts/2025/06/12/cisa-releases-ten-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from rvyhvn

When I started university, I expected challenges, but not from my teammates. In my university, we had basic physics, chemistry, and calculus before continuing to more focused degree courses. I took a gap year after high school, so I worried Iโ€™d forgotten some of it. But I managed fine.

The surprise? My younger groupmates from industrial and environmental engineering โ€” fresh out of high school โ€” had forgotten even the basics. During physics and chemistry practicums, lab assistants would ask simple questions before we began (like formulas for free-fall motion). Out of six people in our group, only two of us could answer: me and one other. Worse, some didnโ€™t even know how to zip files for task submission. But the problem wasnโ€™t just my groupmates โ€“ some of the lab assistants were also clueless. I even debated with them because they were teaching students the wrong way to calculate error percentages during practicum. I reported them to the lecturer the next day. The lecturer accepted my complaint, but in class the following week he just told us to โ€œunderstand the assistantsโ€ because theyโ€™re students too and can make mistakes. That wasnโ€™t the point. I had already shown the assistants the correct method, but they were too arrogant โ€“ they insisted I was the one who couldnโ€™t do math. I was furious. Imagine how many students had been taught the wrong thing by these people.

On social media, I see the same pattern: teens unable to answer basic questions like โ€œWhatโ€™s the capital of Central Java?โ€ or โ€œWhatโ€™s 12 ร— 12?โ€. Sure, I was lazy in school too โ€” people called me wasted potential โ€” but I wasnโ€™t this bad.

Bloom's taxonomy Young Indonesians are stuck at the lowest level of Bloomโ€™s taxonomy:

  • โœ… Remembering facts
  • โŒ Understanding concepts
  • โŒ Applying knowledge
  • โŒ Analyzing ideas
  • โŒ Evaluating situations
  • โŒ Creating something new

Our schools drill memorization. Thatโ€™s it. No focus on thinking, questioning, or solving problems.

From my perspective, the main causes are:

  • Social media + online game addiction โ€“> meaningless consumption โ€“> weaker memory, impulsivity, anxiety, less empathy [source]. The deeper problem? Parents, teachers and even the government aren't prepared to guide healthy digital habits. They're trapped in the same cycle.
  • No reading culture โ€“> no curiosity, no new ideas [source]. But this also has a deeper problem. In my country, books are relatively expensive and are harder to reach for grass-roots. Making it hard to contain new information from analog writings.
  • Black-and-white thinking โ€“> no room for nuance or creativity. Our education system and media oversimplify complex issues. Critical thought is never encouraged.
  • Cultural pressure to stay quiet โ€“> Eastern values teach politeness and respect for authority, so students avoid asking questions or debating because they fear being seen as rude or attention-seeking. This value is so deeply rooted that breaking it risks social rejection, even when the intention is to learn.

See: Indonesian kids donโ€™t know how stupid they are

#thoughts #society #education

 
Read more...

from rvyhvn

To me, a web framework should make web development easy. What I call โ€œeasyโ€ is being able to work alone and/or with other people โ€” especially if I have front-end teammates. Since AdonisJS uses TypeScript, both the back-end and front-end can easily understand each otherโ€™s code without learning a new language theyโ€™ve never seen before.

Iโ€™m also looking for a fast framework at runtime. AdonisJS uses Node.js as its runtime, making it fast and offering better performance than frameworks based on popular scripting languages like Python, Ruby, or PHP. The libraries provided by the AdonisJS team on Adonis packages can also fulfill my basic needs for building a web app โ€” though theyโ€™re not as rich as what other frameworks like Laravel offer.

AdonisJS also has out-of-the-box support for InertiaJS, which I always use to make full-stack development easy and fun, without needing separate configs to get the front-end and back-end working together. Want a minimal version, like API-only? AdonisJS has templates for that too.

Community is also a key part of what I want in a framework. The community on Discord is quite helpful, even though itโ€™s not huge. A small community is a plus for me, since I can contribute packages and learn more about web engineering โ€” not just be a web developer. Deployment is easy too; it just needs Docker to ship, and thereโ€™s a minimal Docker setup in the docs.

Iโ€™ve tried several frameworks like Express.js, Django, and Laravel. What I donโ€™t like about Express.js is that itโ€™s so minimal โ€” I have to do everything by hand, which makes development slow (bad DX). It also uses plain JavaScript without types, which can raise runtime errors. I love Django, especially its โ€œbatteries includedโ€ philosophy, but I donโ€™t enjoy writing Python. If there were an official Python that used braces instead of indentation, I might go back to Django. But since it uses Python, it doesnโ€™t fit my definition of โ€œeasyโ€ from the first paragraph โ€” especially when working with front-end teammates who use JavaScript/TypeScript.

Laravel is good โ€” AdonisJS is inspired by Laravel โ€” but the team behind AdonisJS wanted a TypeScript version of Laravel. Personally, I donโ€™t enjoy coding in PHP; using dollar signs for variables is bad DX for me.

Iโ€™d like to see the community grow so more people can contribute, improve packages, and enhance the documentation.

#learned #webdev

 
Read more...

from ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿ˜ฉ Teachers Are Not OK security news โ€“ Teachers express frustration over AI's impact on education, revealing challenges like grading AI-generated work, maintaining academic integrity, and witnessing students' declining critical thinking skills. https://www.404media.co/teachers-are-not-ok-ai-chatgpt/

๐Ÿ”’ Google fixed the second actively exploited Chrome zero vulnerability โ€“ Google patched three vulnerabilities in Chrome, including one actively exploited zero-day that allows attackers to trigger heap corruption via crafted HTML. Users should update to the latest version. https://securityaffairs.com/178560/hacking/google-fixed-the-second-actively-exploited-chrome-zero-day-since-the-start-of-the-year.html

๐ŸŠ Crocodilus malware adds fake entries to victims' contact lists in new scam campaign malware โ€“ Crocodilus, an evolving Android banking trojan, now inserts fake contacts to impersonate trusted sources, facilitating scams. It's spreading through malicious ads targeting financially stable users across multiple regions. https://therecord.media/crocodilus-android-malware-banking-fraud

โŽ Twitter launches 'XChat' encrypted DMs with big caveats security news โ€“ Elon Musk's X platform introduces 'XChat' with encryption and file-sharing features, but experts doubt its security claims, citing potential lack of true end-to-end encryption and centralized data control. https://www.theregister.com/2025/06/03/xs_new_encrypted_xchat_feature/

๐Ÿคฌ Meta and Yandex are de-anonymizing Android usersโ€™ web browsing identifiers privacy โ€“ Meta and Yandex are using tracking code to de-anonymize Android users by exploiting browser protocols, allowing them to link web activity to app identities. Google is investigating these practices. https://arstechnica.com/security/2025/06/meta-and-yandex-are-de-anonymizing-android-users-web-browsing-identifiers/

๐Ÿง‘โ€๐ŸŒพ How the Farm Industry Spied on Animal Rights Activists and Pushed the FBI to Treat Them as Bioterrorists security news โ€“ Internal documents reveal a collaboration between the agricultural industry and the FBI to surveil animal rights activists, branding them as bioterrorists while using corporate spies to infiltrate their groups. https://www.wired.com/story/fbi-wmdd-dxe-animal-agriculture-alliance/

๐Ÿ’ Cartier disclosed a data breach following a cyber attack data breach โ€“ Cartier reported a data breach that exposed limited customer information, including names and email addresses, following a cyberattack. The company is enhancing security and cooperating with authorities. https://securityaffairs.com/178601/data-breach/cartier-disclosed-a-data-breach-following-a-cyber-attack.html

๐Ÿ’ผ Google warns of cybercriminals targeting Salesforce app to steal data, extort companies cybercrime โ€“ Cybercriminals, known as UNC6040, are exploiting Salesforce's Data Loader tool to steal sensitive data and extort companies. The group uses vishing tactics to trick employees into granting access. https://therecord.media/google-warns-cybercriminals-targeting-salesforce-apps

๐Ÿ” Apple Gave Governments Data on Thousands of Push Notifications privacy โ€“ Apple disclosed that it provided governments with data on thousands of push notifications, revealing device identities and sometimes unencrypted content, highlighting the extent of governmental data requests. https://www.404media.co/apple-gave-governments-data-on-thousands-of-push-notifications/

๐Ÿ’ป Feds seize 145 domains associated with BidenCash cybercrime platform cybercrime โ€“ U.S. authorities seized 145 domains and cryptocurrency funds linked to BidenCash, a cybercrime marketplace that trafficked over 15 million stolen credit card numbers, generating $17 million in illicit revenue. https://cyberscoop.com/bidencash-marketplace-domains-seized/

๐ŸŽธ Musikhaus Thomann: Kriminelle locken in Fake warning โ€“ The official Thomann online store is only accessible at thomann.de, with country-specific versions available at respective domains. Any other addresses are fake sites attempting to deceive users. https://www.watchlist-internet.at/news/musikhaus-thomann-fake-shops/

๐Ÿ’ฐ DOJ seizes $7.7M from crypto funds linked to North Koreaโ€™s IT worker scheme security news โ€“ Federal authorities seized $7.74 million linked to North Korean IT workers illegally employed abroad, funneling wages to the regime. The operation exploits remote contracting and cryptocurrency to evade U.S. sanctions. https://cyberscoop.com/doj-seizure-crypto-north-korea-it-workers/

๐Ÿšซ OpenAI takes down ChatGPT accounts linked to state-backed hacking, disinformation cybercrime โ€“ OpenAI banned accounts using ChatGPT for illicit activities, including malware refinement, social media disinformation, and employment scams tied to North Korea. The operations exploited ChatGPT for various cybercriminal purposes. https://therecord.media/openai-takes-down-chatgpt-accounts-hacking

๐Ÿ’” Marks & Spencer's ransomware nightmare โ€“ more details emerge cybercrime โ€“ Marks & Spencer suffered a severe ransomware attack, disrupting operations and leading to ยฃ40 million in lost sales weekly. The DragonForce group claimed responsibility, stealing customer data and highlighting M&S's cybersecurity vulnerabilities. https://www.bitdefender.com/en-us/blog/hotforsecurity/marks-spencers-ransomware-nightmare-more-details-emerge

๐Ÿฆ  Millions of low-cost Android devices turn home networks into crime platforms cybercrime โ€“ The FBI warns that millions of low-cost Android devices are infected with BadBox malware, turning home networks into crime platforms. Users are urged to evaluate and potentially replace suspicious devices. https://arstechnica.com/security/2025/06/millions-of-low-cost-android-devices-turn-home-networks-into-crime-platforms/

๐Ÿง‘โ€โš–๏ธ Italian lawmakers say Italy used spyware to target phones of immigration activists, but not against journalist privacy โ€“ An Italian parliamentary committee confirmed the government used Paragon spyware to target immigration activists but found no evidence against journalist Francesco Cancellato. The investigation raises questions about who targeted him and the use of spyware in Italy. https://techcrunch.com/2025/06/06/italian-lawmakers-say-italy-used-spyware-to-target-phones-of-immigration-activists-but-not-against-journalist/

๐Ÿ˜จ Ransomware scum leak patient data after disrupting services cybercrime โ€“ Kettering Health faces potential patient data leaks following a ransomware attack by Interlock, which disrupted services and canceled appointments. The leaked data reportedly includes sensitive information, though verification is pending. https://www.theregister.com/2025/06/04/ransomware_scum_leak_kettering_patient_data/


Some More, For the Curious

๐Ÿ› ๏ธ Experts published a detailed analysis of Cisco IOS XE WLC flaw CVE vulnerability โ€“ A critical vulnerability in Cisco IOS XE WLC could allow remote attackers to upload files and execute commands. Users should disable the affected feature until a fix is applied. https://securityaffairs.com/178497/security/cisco-ios-xe-wlc-flaw-cve-2025-20188.html

๐Ÿ’ฐ Illicit crypto-miners pouncing on insecure DevOps tools cybercrime โ€“ A campaign by attackers named JINXโ€“0132 exploits misconfigured DevOps tools like HashiCorp Nomad, Consul, Docker API, and Gitea, risking theft of cloud resources for cryptocurrency mining. https://www.theregister.com/2025/06/03/illicit_miners_hashicorp_tools/

๐Ÿณ How to find container-based threats in host-based logs security research โ€“ Containers pose security risks despite their isolation, as they share the host kernel. This article outlines methods for threat hunters to analyze host logs to identify container-based threats. https://securelist.com/host-based-logs-container-based-threats/116643/

โค๏ธโ€๐Ÿ”ฅ The strange tale of ischhfd83: When cybercriminals eat their own security research โ€“ Sophos X-Ops uncovered a scheme where the Sakura RAT, designed to target cybercriminals, was itself backdoored, revealing a network of malicious repositories aimed at unsuspecting users, particularly gamers and novice hackers. https://news.sophos.com/en-us/2025/06/04/the-strange-tale-of-ischhfd83-when-cybercriminals-eat-their-own/

โš ๏ธ HPE StoreOnce Faces Critical CVE-2025-37093 Vulnerability โ€” Urges Immediate Patch Upgrade vulnerability โ€“ HPE disclosed eight vulnerabilities in StoreOnce, with CVE-2025-37093 being critical due to authentication bypass. Users are urged to upgrade to version 4.3.11 immediately to mitigate risks. https://thecyberexpress.com/cve-2025-37093-hits-hpe-storeonce-systems/

๐Ÿ—จ๏ธ The Texting Network for the End of the World security news โ€“ This article highlights key topics on online privacy protection, the Matter smart home standard, deepfake scams, Google searches in criminal cases, and updates from Google's I/O 2025 conference. https://www.wired.com/story/youre-not-ready-for-phone-dead-zones/

๐Ÿ”’ Critical flaw in Cisco ISE impacts cloud deployments on AWS, Microsoft Azure, and Oracle Cloud Infrastructure vulnerability โ€“ Cisco fixed a critical vulnerability (CVE-2025-20286) in its Identity Services Engine, allowing unauthenticated attackers to exploit shared credentials across cloud deployments on AWS, Azure, and OCI. Administrators are urged to implement mitigations. https://securityaffairs.com/178659/uncategorized/critical-flaw-in-cisco-ise-impacts-cloud-deployments-on-aws-microsoft-azure-and-oracle-cloud-infrastructure.html

๐Ÿ’ป Attackers exploit Fortinet flaws to deploy Qilin ransomware security news โ€“ Qilin ransomware is exploiting Fortinet vulnerabilities, including CVE-2024-21762 and CVE-2024-55591, to gain remote code execution and target organizations, particularly in Spanish-speaking countries. The group uses double extortion tactics. https://securityaffairs.com/178736/hacking/attackers-exploit-fortinet-flaws-to-deploy-qilin-ransomware.html

โš™๏ธ RCEs and more in the KUNBUS GmbH Revolution Pi PLC vulnerability โ€“ Four new vulnerabilities in KUNBUS GmbH's Revolution Pi PLC were discovered, two allowing unauthenticated remote code execution. Users are advised to implement mitigations and upgrade firmware to enhance security. Comment: my former colleagues should take a look at this ;) https://www.pentestpartners.com/security-blog/rces-and-more-in-the-kunbus-gmbh-revolution-pi-plc/

๐Ÿ’ณ Root Shell on Credit Card Terminal hacking write-up โ€“ The article details a security research project on the Worldline Yomani XR payment card terminal, revealing vulnerabilities, tamper protections, and an exposed root shell. The findings highlight significant security concerns in embedded systems. https://stefan-gloor.ch/yomani-hack

๐ŸŽฎ Blitz Malware: A Tale of Game Cheats and Code Repositories malware โ€“ Blitz malware, discovered in 2024, exploits backdoored game cheats for distribution and utilizes Hugging Face for command and control infrastructure. The malware operates in two stages: a downloader and a bot payload, with functions including keylogging and cryptocurrency mining. https://unit42.paloaltonetworks.com/blitz-malware-2025/

๐Ÿ˜ฑ Camera and Microphone Spying Using Chromium Browsers security research โ€“ A dangerous Chromium command allows websites to access cameras and microphones without user consent, enabling continuous recording without any visible indication. https://mrd0x.com/spying-with-chromium-browsers-camera/


CISA Corner

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, highlighting serious risks to federal networks and urging timely remediation for all organizations. https://www.cisa.gov/news-events/alerts/2025/06/02/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added three Qualcomm vulnerabilities to its Known Exploited Vulnerabilities Catalog, emphasizing their significant risk to federal networks and urging timely remediation. https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-adds-three-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA added CVE-2025-5419, a critical out-of-bounds vulnerability in Google Chromium's V8, to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation to mitigate risks. https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-adds-one-known-exploited-vulnerability-catalog

โš™๏ธ CISA Releases Three Industrial Control Systems Advisories vulnerability โ€“ CISA has issued three advisories addressing vulnerabilities in Schneider Electric and Mitsubishi Electric ICS products. Users are urged to review the advisories for security measures and technical details. https://www.cisa.gov/news-events/alerts/2025/06/03/cisa-releases-three-industrial-control-systems-advisories โš™๏ธ CISA Releases Seven Industrial Control Systems Advisories vulnerability โ€“ CISA has issued seven advisories detailing vulnerabilities and security issues in various Industrial Control Systems, urging users to review for necessary updates and mitigations. https://www.cisa.gov/news-events/alerts/2025/06/05/cisa-releases-seven-industrial-control-systems-advisories

๐Ÿ›ก๏ธ Updated Guidance on Play Ransomware security news โ€“ CISA, FBI, and ASD's ACSC released updated guidance on Play ransomware, detailing new tactics and IOCs. They recommend multifactor authentication, offline backups, and software updates for mitigation. https://www.cisa.gov/news-events/alerts/2025/06/04/updated-guidance-play-ransomware


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from Fediverse Transition

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from novaTopFlex

WriteFreely is very similar to and may be a sister project of WordPress. However, after following the Fediverse instances, regardless of potential issues, the truth is that there is no such WordPress.org-based server that supports external accounts thus far.

 
Read more...

from ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Fake software activation videos on TikTok spread Vidar, StealC malware โ€“ Cybercriminals exploit TikTok to distribute Vidar and StealC malware through fake software activation videos, tricking users into running harmful PowerShell commands. https://securityaffairs.com/178269/cyber-crime/fake-software-activation-videos-on-tiktok-spread-vidar-stealc.html

๐ŸŽ€ A Starter Guide to Protecting Your Data From Hackers and Corporations privacy โ€“ With rising digital surveillance, this guide offers essential tips for enhancing personal privacy, including using multifactor authentication and privacy-focused tools. https://www.wired.com/story/guide-protect-data-from-hackers-corporations/

๐Ÿฆ  MathWorksโ€™ ransomware disruptions rages on into second week cybercrime โ€“ MathWorks confirms a ransomware attack causing prolonged outages of MATLAB and other applications, disrupting users, particularly students, as recovery efforts continue with limited functionality. https://go.theregister.com/feed/www.theregister.com/2025/05/27/mathworks_ransomware_attack_leaves_ondeadline/

๐Ÿ“ Text-to-Malware: How Cybercriminals Weaponize Fake AI-Themed Websites cybercrime โ€“ Cybercriminals exploit AI interest by creating fake video generator websites to distribute malware like infostealers and backdoors, targeting users through malicious ads on social media. https://cloud.google.com/blog/topics/threat-intelligence/cybercriminals-weaponize-fake-ai-websites/

๐Ÿ”‚ The Privacy-Friendly Tech to Replace Your US-Based Email, Browser, and Search privacy โ€“ Amid growing concerns over US tech giants, alternatives like Mullvad and Vivaldi for browsing, Qwant and Mojeek for searching, and ProtonMail for email offer privacy-focused options. https://www.wired.com/story/the-privacy-friendly-tech-to-replace-your-us-based-email-browser-and-search/

๐Ÿฅบ Iranian man pleads guilty in Robbinhood ransomware scheme cybercrime โ€“ pleaded guilty to charges related to the Robbinhood ransomware scheme, which caused over $19 million in damages to Baltimore and other U.S. cities, facing up to 30 years in prison. https://cyberscoop.com/iranian-man-pleads-guilty-in-robbinhood-ransomware-scheme/

๐Ÿฆ  Crooks use a fake antivirus site to spread Venom RAT and a mix of malware security news โ€“ A fake Bitdefender site is distributing the Venom RAT, tricking users into downloading malware designed for password theft and remote access, targeting individuals for financial gain. https://securityaffairs.com/178366/malware/fake-antivirus-spreads-venom-rat.html

๐Ÿ“… Chinese hackers used Google Calendar to aid attacks on government entities security research โ€“ Google revealed that APT41, a China-backed hacker group, exploited Google Calendar for command and control in attacks on government entities, using malware dubbed TOUGHPROGRESS to blend in with legitimate activity. https://cyberscoop.com/google-calendar-apt-41-c2-winnti/

๐Ÿ”“ LexisNexis leaked social security numbers and other personal data of over 364,000 people data breach โ€“ LexisNexis reported a data breach exposing personal information of over 364,000 individuals, including Social Security numbers, after unauthorized access through a third-party software platform was discovered months later. https://www.theverge.com/news/675702/lexisnexis-data-broker-breach-social-security-numbers

๐Ÿ—บ๏ธ Oregon becomes second state to ban sale of precise geolocation data privacy โ€“ Oregon's legislature passed a law banning the sale of precise geolocation data, following Maryland's similar legislation, and strengthening protections for children's data privacy. https://therecord.media/oregon-passes-geolocation-kids-data-bill

๐Ÿค Thousands of Asus routers are being hit with stealthy, persistent backdoors cybercrime โ€“ Thousands of Asus routers are infected with a persistent backdoor allowing unauthorized access via SSH, exploiting patched vulnerabilities, raising concerns of potential nation-state involvement in the ongoing campaign. https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/

๐Ÿ‘™ Victoria's Secret hit by outages as it battles security incident security news โ€“ Victoriaโ€™s Secret is addressing a security incident causing website outages and disruptions to online orders, prompting precautionary measures including website takedown while in-store services remain operational. https://techcrunch.com/2025/05/28/victorias-secret-hit-by-outages-as-it-battles-security-incident/

๐Ÿ“š No One Knows How to Deal With 'Student-on-Student' AI CSAM security news โ€“ A Stanford report highlights the lack of preparedness among schools, parents, and law enforcement to handle cases of students using AI to create nonconsensual intimate imagery, emphasizing the normalization of such practices and the need for better training and reporting mechanisms. https://www.404media.co/no-one-knows-how-to-deal-with-student-on-student-ai-csam/

๐Ÿ’ธ US government sanctions tech company involved in cyber scams cybercrime โ€“ The U.S. government sanctioned Funnull for facilitating 'pig butchering' crypto scams, linked to $200 million in losses for victims. The company provided infrastructure for cybercriminals, including domain generation and web design templates. https://techcrunch.com/2025/05/29/us-government-sanctions-tech-company-involved-in-cyber-scams/

๐Ÿฐ White House investigating how Trump's chief of staff's phone was hacked security news โ€“ The White House is investigating a hack involving chief of staff Susie Wiles' phone, where hackers accessed her contacts and impersonated her using AI to contact other officials. https://techcrunch.com/2025/05/30/white-house-investigating-how-trumps-chief-of-staffs-phone-was-hacked/

๐ŸŒ  Ransomware kingpin โ€œSternโ€ apparently IDed by German law enforcement cybercrime โ€“ German law enforcement has identified 'Stern,' the leader of the Trickbot ransomware group, linking him to significant cybercrime activities, including targeting hospitals and businesses. https://arstechnica.com/security/2025/05/german-police-say-theyve-identified-trickbot-ransomware-kingpin/

๐Ÿ”’ Chinese-Owned VPNs security news Comment: Don't really like the article, but the topic is essential. https://www.schneier.com/blog/archives/2025/05/chinese-owned-vpns.html

๐Ÿชฅ unlikely household item proved husband was cheating' privacy โ€“ Private investigator Paul Jones reveals how a smart toothbrush app exposed a husband's affair by tracking unusual brushing times, highlighting that digital clues can uncover infidelity beyond typical signs. https://www.mirror.co.uk/lifestyle/sex-relationships/relationships/im-private-investigator-unlikely-household-35256619


Some More, For the Curious

โ„๏ธ New Russia-affiliated actor Void Blizzard targets critical sectors for espionage security research โ€“ Void Blizzard, a new Russia-linked threat actor, targets NATO and Ukraine for espionage, using stolen credentials and spear phishing to access sensitive information across various sectors. https://www.microsoft.com/en-us/security/blog/2025/05/27/new-russia-affiliated-actor-void-blizzard-targets-critical-sectors-for-espionage/

๐Ÿป Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' security news โ€“ Dutch intelligence reveals 'Laundry Bear,' a Russian hacking group targeting organizations for espionage, notably impacting the police and NATO-related entities, using automated, stealthy techniques. https://therecord.media/laundry-bear-void-blizzard-russia-hackers-netherlands

๐Ÿ”— DragonForce operator chained SimpleHelp flaws to target an MSP and its customers security research โ€“ Sophos warns that DragonForce ransomware exploited three SimpleHelp vulnerabilities to target a managed service provider, gaining unauthorized access and enabling data theft. https://securityaffairs.com/178350/cyber-crime/dragonforce-operator-chained-simplehelp-flaws-to-target-an-msp.html

๐Ÿšจ Pakistan Arrests 21 in โ€˜Heartsenderโ€™ Malware Service โ€“ Krebs on Security cybercrime โ€“ Pakistan arrested 21 individuals linked to the 'Heartsender' malware service, which facilitated cybercrime operations resulting in over $50 million in losses, primarily targeting business email compromise schemes. https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/

๐Ÿ New PumaBot targets Linux IoT surveillance devices malware โ€“ PumaBot, a new Go-based botnet, targets Linux IoT devices using SSH brute-force attacks to steal credentials, spread malware, and mine cryptocurrency while employing stealthy evasion tactics. https://securityaffairs.com/178386/malware/pumabot-targets-linux-iot-devices.html

๐Ÿค” Questions mount as Ivanti tackles another round of zero-days vulnerability โ€“ Ivanti faces multiple attacks exploiting two zero-day vulnerabilities in its Endpoint Manager Mobile software, linked to the China-backed group UNC5221. https://cyberscoop.com/ivanti-epmm-defects-exploited/

๐Ÿž๏ธ ConnectWise says nation-state attack targeted multiple ScreenConnect customers security news โ€“ ConnectWise is investigating a nation-state attack affecting a small number of its ScreenConnect customers, involving suspicious activity linked to sophisticated threat actors. https://therecord.media/connectwise-nation-state-attack-targeted-some-customers

โณ Why Take9 Wonโ€™t Improve Cybersecurity security news โ€“ The Take9 campaign urging a nine-second pause before online actions is criticized for being unrealistic and ineffective, as it fails to address deeper issues in cybersecurity awareness and places undue blame on users for attacks. https://www.schneier.com/blog/archives/2025/05/why-take9-wont-improve-cybersecurity.html

โš ๏ธ New Apache InLong Vulnerability (CVE-2025-27522) Exposes Systems to Remote Code Execution Risks vulnerability โ€“ A new vulnerability (CVE-2025-27522) in Apache InLong allows for remote code execution due to insecure deserialization of data during JDBC processing. Users are urged to upgrade to version 2.2.0 or apply the necessary patch. https://thecyberexpress.com/apache-inlong-cve-2025-27522/

๐Ÿšจ Top counter antivirus service disrupted in global takedown security news โ€“ Law enforcement seized the AVCheck service, used by cybercriminals to test malware against antivirus tools, as part of a global crackdown on cybercrime, disrupting operations of malicious tool providers. https://cyberscoop.com/avcheck-global-takedown/

๐Ÿฆ† Two Linux flaws can lead to the disclosure of sensitive data vulnerability โ€“ Qualys warns of two vulnerabilities in Ubuntu's Apport and systemd-coredump that allow local attackers to access sensitive data from core dumps. https://securityaffairs.com/178464/hacking/two-linux-flaws-can-lead-to-the-disclosure-of-sensitive-data.html

๐Ÿฅฝ Deep Dive into a Dumped Malware without a PE Header malware โ€“ The article details the analysis of malware without a PE header, revealing its capabilities for remote access, data exfiltration, and communication with a C2 server. https://www.fortinet.com/blog/threat-research/deep-dive-into-a-dumped-malware-without-a-pe-header

โš ๏ธ Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching vulnerability โ€“ A critical vulnerability (CVE-2025-32756) in Fortinet products allows unauthenticated remote code execution and is actively exploited. Researchers released a proof of concept, urging users to patch immediately. https://hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/

๐Ÿ–ผ๏ธ SANS Internet Storm Center security news โ€“ The article discusses the use of steganography in SVG images, highlighting their advantages over bitmap formats for data hiding, while emphasizing the importance of encryption and potential risks from compression. https://isc.sans.edu/diary/rss/31978

๐Ÿฅƒ FiberGateway GR241AG โ€“ Full Exploit Chain hacking write-up โ€“ The article details the discovery of vulnerabilities in the FiberGateway GR241AG router, allowing root access through physical and remote exploitation methods, impacting over 1.6 million households in Portugal. https://r0ny.net/FiberGateway-GR241AG-Full-Exploit-Chain/


CISA Corner

๐Ÿ›ก๏ธ New Guidance for SIEM and SOAR Implementation security news โ€“ CISA and international partners released guidance for implementing SIEM and SOAR platforms, aiming to enhance cybersecurity through improved threat detection, incident response, and log prioritization. https://www.cisa.gov/news-events/alerts/2025/05/27/new-guidance-siem-and-soar-implementation

โš™๏ธ CISA Releases One Industrial Control Systems Advisory vulnerability โ€“ CISA issued an advisory on the Johnson Controls iSTAR Configuration Utility tool, highlighting current security issues and vulnerabilities in Industrial Control Systems. Users are urged to review for mitigations. https://www.cisa.gov/news-events/alerts/2025/05/27/cisa-releases-one-industrial-control-systems-advisory โš™๏ธ CISA Releases Five Industrial Control Systems Advisories vulnerability โ€“ CISA issued five advisories regarding security vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/05/29/cisa-releases-five-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐Ÿšจ UK government confirms massive data breach following hack of Legal Aid Agency data breach โ€“ A major data breach at the Legal Aid Agency may expose sensitive information of legal aid applicants, affecting millions. Security measures are being intensified to prevent further incidents. https://therecord.media/uk-legal-aid-agency-data-breach

๐Ÿงฌ Pharma giant Regeneron to buy 23andMe and its customers' data for $256M privacy โ€“ Regeneron plans to purchase 23andMe, including sensitive genetic data from 15 million customers, raising privacy concerns after a previous data breach. Compliance with privacy laws is promised. https://techcrunch.com/2025/05/19/pharma-giant-regeneron-to-buy-23andme-and-its-customers-data-for-256m/

๐Ÿ”’ days demonstrated at Pwn2Own Berlin 2025 vulnerability โ€“ Mozilla patched two critical zero-day vulnerabilities in Firefox that could allow sensitive data access or code execution. Users are urged to update their browsers immediately. https://securityaffairs.com/178064/security/mozilla-fixed-zero-days-demonstrated-at-pwn2own-berlin-2025.html

๐Ÿ’ Russia-linked disinformation floods Poland, Romania as voters cast ballots security news โ€“ Ahead of presidential elections, Romania and Poland report increased Russian disinformation efforts aiming to sway voters. Authorities warn of impersonation tactics and funded campaigns on social media. https://therecord.media/russia-disinformation-poland-presidential-election

๐Ÿ‘๏ธ Cocospy stalkerware apps go offline after data breach security news โ€“ Cocospy, Spyic, and Spyzie, stalkerware apps spying on millions, have gone offline following a significant data breach exposing user emails. Users are advised to remove any remaining spyware from their devices. https://techcrunch.com/2025/05/19/cocospy-stalkerware-apps-go-offline-after-data-breach/

๐Ÿšช DoorDash Hack security research https://www.schneier.com/blog/archives/2025/05/doordash-hack.html

๐Ÿ›’ Consumer Reports: Kroger using loyalty program to package, sell customer data privacy โ€“ Kroger allegedly sells detailed consumer data from its loyalty program, creating potentially inaccurate profiles of shoppers for marketing. Consumer Reports urges stronger privacy protections against such practices. https://therecord.media/kroger-using-loyalty-program-to-sell-customer-data

๐Ÿ“š Chicago Sun-Times prints summer reading list full of fake books security news โ€“ The Chicago Sun-Times published a summer reading list with fake books generated by AI, prompting backlash from readers and staff. The publication is investigating the incident and terminating its relationship with the creator. https://arstechnica.com/ai/2025/05/chicago-sun-times-prints-summer-reading-list-full-of-fake-books/

๐Ÿ” 3 Teens Almost Got Away With Murder. Then Police Found Their Google Searches privacy โ€“ Three teens set a house fire that killed five people, but police traced their Google searches for the address to solve the case. The investigation raises concerns about privacy and law enforcement's use of digital data. https://www.wired.com/story/find-my-iphone-arson-case/

๐Ÿ’ฌ Researchers Scrape 2 Billion Discord Messages and Publish Them Online privacy โ€“ A database of over 2 billion Discord messages scraped from 3,167 servers has been published online, raising privacy concerns despite claims of anonymization. A separate tool reveals non-anonymized chat histories. https://www.404media.co/researchers-scrape-2-billion-discord-messages-and-publish-them-online/

๐Ÿ“ธ Signal says no to Windows 11โ€™s Recall screenshots privacy โ€“ Signal has implemented screen security in its Windows 11 client to prevent Microsoftโ€™s Recall feature from capturing secured chats. This move highlights concerns over user privacy and accessibility issues. https://www.theverge.com/news/672210/signal-desktop-app-microsoft-recall-block-windows-11-ai

๐Ÿ’ Kids Say They're Using Photos of Trump and Markiplier to Bypass 'Gorilla Tag' Age Verification security news โ€“ Players of the VR game Gorilla Tag are reportedly using images of Trump and Markiplier to circumvent age verification measures. https://www.404media.co/kids-say-theyre-using-photos-of-trump-and-markiplier-to-bypass-gorllia-tag-age-verification/

๐Ÿค– Should Children Use AI Chatbots? Google Thinks So, Critics Strongly Disagree privacy โ€“ Google's rollout of its AI chatbot Gemini for children under 13 has sparked backlash from privacy advocates, who argue it may violate COPPA and poses risks to kids' mental health and well-being. https://thecyberexpress.com/google-gemini-ai-for-kids/

๐Ÿ“ฑ Russia to pass law to track migrants using their smartphone privacy โ€“ A new Russian law will require migrants in Moscow to use a smartphone app for tracking and reporting their location. Critics raise concerns about privacy and potential abuse of power. https://www.theregister.com/2025/05/22/russia_expected_to_pass_experimental/

๐Ÿ”“ Trojanized KeePass Used to Deploy Cobalt Strike and Steal Credentials malware โ€“ A malware campaign has trojanized the KeePass password manager to deliver Cobalt Strike and exfiltrate credentials. The compromised installer mimicked the real one, making detection difficult. https://securityonline.info/trojanized-keepass-used-to-deploy-cobalt-strike-and-steal-credentials/


Some More, For the Curious

๐Ÿ”‘ OpenPGP.js bug enables encrypted message spoofing vulnerability โ€“ A critical vulnerability in OpenPGP.js allows spoofing of signed and encrypted messages, undermining public key cryptography. Users are urged to upgrade to patched versions to mitigate risks. https://www.theregister.com/2025/05/20/openpgp_js_flaw/

๐ŸŒƒ Does ENISA EUVD live up to all the hype? cyber defense โ€“ The article critically examines the effectiveness and impact of the European Union Agency for Cybersecurity (ENISA) in relation to the EU's cybersecurity directives, questioning if it meets expectations. https://vulncheck.com/blog/enisa-euvd

๐Ÿ“Š CISA, NIST Researchers Develop Metric to Determine Likelihood of Vulnerability Exploitation security research โ€“ NIST and CISA researchers have created a new metric, Likely Exploited Vulnerabilities (LEV), to better predict which vulnerabilities may be exploited, enhancing existing systems like EPSS and KEV. https://thecyberexpress.com/cisa-nist-vulnerability-exploit-metric/

๐Ÿ”’ Lumma Stealer toppled by globally coordinated takedown cybercrime โ€“ Lumma Stealer, a notorious infostealer malware, was dismantled in a global operation that seized its core infrastructure, blocking 2,300 malicious domains. Microsoft and law enforcement aim to disrupt cybercrime operations. https://cyberscoop.com/lumma-stealer-infostealer-takedown/

โš ๏ธ Active Directory dMSA Privilege Escalation Attack Detailed by Researchers vulnerability โ€“ Akamai researchers discovered a privilege escalation vulnerability in Windows Server 2025's dMSA feature, allowing attackers to compromise any Active Directory user with minimal permissions. Microsoft acknowledges the issue but rates it as moderate severity. https://thecyberexpress.com/active-directory-dmsa-attack/

๐Ÿ“‚ Mysterious Database of 184 Million Records Exposes Vast Array of Login Credentials cybercrime โ€“ A recent indictment highlights how a Russian malware operation facilitates both criminal activities and state-sponsored hacking, with various cybersecurity issues and incidents, including a breach involving the Signal clone TeleMessage. https://www.wired.com/story/mysterious-database-logins-governments-social-media/

๐Ÿ’ป Oops: DanaBot Malware Devs Infected Their Own PCs cybercrime โ€“ The U.S. government has charged 16 individuals linked to DanaBot malware, which has infected over 300,000 systems. Developers accidentally infected their own PCs, revealing their identities and leading to their arrest. https://krebsonsecurity.com/2025/05/oops-danabot-malware-devs-infected-their-own-pcs/

๐Ÿ’ฐ Decentralized crypto platform Cetus hit with $223 million hack security news โ€“ Cetus, a decentralized cryptocurrency exchange, was hacked for $223 million. The platform paused operations and secured $162 million of the stolen funds, while investigations into the attack continue. https://therecord.media/decentralized-crypto-platform-cetus-theft

๐Ÿฉ Mysterious hacking group Careto was run by the Spanish government, sources say cybercrime โ€“ Research indicates that Careto, a sophisticated hacking group targeting various nations, was operated by the Spanish government. Initially identified in 2014, the group has resurfaced with advanced malware capabilities. https://techcrunch.com/2025/05/23/mysterious-hacking-group-careto-was-run-by-the-spanish-government-sources-say/

๐Ÿš” Operation RapTor led to the arrest of 270 dark web vendors and buyers cybercrime โ€“ Operation RapTor resulted in the arrest of 270 individuals involved in dark web trafficking across 10 countries, seizing over โ‚ฌ184M in assets, drugs, and weapons. Law enforcement continues to target dark web activities. https://securityaffairs.com/178221/deep-web/operation-raptor-arrest-270-dark-web-vendors-and-buyers.html

๐Ÿ”’ Large-scale sting tied to Operation Endgame disrupts ransomware infrastructure cybercrime โ€“ Law enforcement from Europe and North America dismantled key ransomware infrastructure in Operation Endgame, taking down 300 servers and 650 domains, disrupting malware tools like Qakbot and Trickbot, and issuing arrest warrants for 20 suspects. https://cyberscoop.com/operation-endgame-ransomware-infrastructure-takedown-europol/

โš™๏ธ Researchers cause GitLab AI developer assistant to turn safe code malicious vulnerability โ€“ Researchers demonstrated how GitLab's AI assistant, Duo, could be manipulated into inserting malicious code through prompt injections, exposing private data. GitLab has since implemented measures to mitigate this vulnerability. https://arstechnica.com/security/2025/05/researchers-cause-gitlab-ai-developer-assistant-to-turn-safe-code-malicious/

๐Ÿฆ  Compromised RVTools Installer Spreading Bumblebee Malware malware โ€“ A compromised RVTools installer was found spreading Bumblebee malware, detected by security researcher Aidan Leon. The malicious file originated from the official website, which has since been taken offline temporarily. https://hackread.com/compromised-rvtools-installer-drop-bumblebee-malware/

๐Ÿ”“ Bypass SharePoint Restricted View to exfiltrate data using Copilot AI and moreโ€ฆ hacking writeup โ€“ Red Teamers demonstrate methods to circumvent SharePoint's Restricted View, allowing data exfiltration through techniques like screenshots, OCR, and using AI tools like Microsoft Copilot. The findings highlight the inadequacy of relying on Restricted View for data security. https://www.pentestpartners.com/security-blog/bypass-sharepoint-restricted-view-to-exfiltrate-data-using-copilot-ai-and-more/

๐Ÿ”‘ Passwords are okay, impulsive Internet isn't security news โ€“ The article criticizes the push for passwordless authentication, arguing that passkeys create vendor lock-in and compromise user security. It emphasizes that the real issue lies in human behavior and impulse control, rather than technology itself. Comment: missed this one. thankfully cert.at pushed it this week. https://www.dedoimedo.com/life/passwords-passkeys.html

๐Ÿ˜ก Red Team Gold: Extracting Credentials from MDT Shares hacking write-up โ€“ The article explores how Microsoft Deployment Toolkit (MDT) can be targeted during Red Team engagements to extract credentials. It discusses misconfigurations in MDT shares that can lead to unauthorized access to sensitive information. https://trustedsec.com/blog/red-team-gold-extracting-credentials-from-mdt-shares


CISA Corner

โš ๏ธ CISA Adds Six Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added six vulnerabilities to its catalog due to active exploitation, highlighting serious risks to federal systems. Agencies are required to remediate these vulnerabilities promptly. https://www.cisa.gov/news-events/alerts/2025/05/19/cisa-adds-six-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added a new vulnerability, CVE-2025-4632, related to Samsung MagicINFO 9 Server, to its Known Exploited Vulnerabilities Catalog, urging organizations to prioritize remediation efforts. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-adds-one-known-exploited-vulnerability-catalog

โš™๏ธ CISA Releases Thirteen Industrial Control Systems Advisories vulnerability โ€“ CISA issued thirteen advisories on May 20, 2025, addressing security vulnerabilities in various Industrial Control Systems. Users are urged to review these advisories for important technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/05/20/cisa-releases-thirteen-industrial-control-systems-advisories โš™๏ธ CISA Releases Two Industrial Control Systems Advisories vulnerability โ€“ CISA has issued two advisories on security vulnerabilities affecting Lantronix Device Installer and Rockwell Automation FactoryTalk Historian. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/05/22/cisa-releases-two-industrial-control-systems-advisories

๐ŸŽฏ Russian GRU Cyber Actors Targeting Western Logistics Entities and Tech Companies security news โ€“ CISA and other agencies issued a Cybersecurity Advisory on Russian GRU cyber actors targeting Western tech and logistics firms, particularly those supporting Ukraine. The advisory highlights their espionage tactics. https://www.cisa.gov/news-events/alerts/2025/05/21/russian-gru-cyber-actors-targeting-western-logistics-entities-and-tech-companies ๐ŸŽฏ Threat Actors Target U.S. Critical Infrastructure with LummaC2 Malware security news โ€“ CISA and the FBI issued a Cybersecurity Advisory on LummaC2 malware, which targets U.S. critical infrastructure by infiltrating networks and exfiltrating sensitive data. Organizations are urged to implement recommended mitigations. https://www.cisa.gov/news-events/alerts/2025/05/21/threat-actors-target-us-critical-infrastructure-lummac2-malware

๐Ÿ” New Best Practices Guide for Securing AI Data Released security news โ€“ CISA, NSA, and FBI released a Cybersecurity Information Sheet outlining best practices for securing AI data. It emphasizes the importance of data security throughout the AI lifecycle for accuracy and trustworthiness. https://www.cisa.gov/news-events/alerts/2025/05/22/new-best-practices-guide-securing-ai-data-released ๐Ÿ”’ Advisory Update on Cyber Threat Activity Targeting Commvaultโ€™s SaaS Cloud Application (Metallic) security news โ€“ Commvault is investigating potential unauthorized access to customer data in their Metallic SaaS solution on Azure. CISA urges users to apply mitigations, monitor logs, and implement security best practices. https://www.cisa.gov/news-events/alerts/2025/05/22/advisory-update-cyber-threat-activity-targeting-commvaults-saas-cloud-application-metallic


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Bruno's ramblings

My desktop on Ubuntu. As you can see, it's mostly default

I've been using Ubuntu daily for a few months. I was a bit afraid of having some major issue and having to try another distro before thinking about returning to Arch, but the balance is positive so far.

I admit there have been a few things that've annoyed me. Then again, I've had that on any OS I've used, so... yeah, computers... At least they're not printers, right?! ๐Ÿ‘€

โœ”๏ธ The positives

I find the default GNOME experience on Ubuntu to be good. Back in the day, I enjoyed the hell out of Unity, and having a similar experience is nice. Of course, we're talking about GNOME here; extensions are necessary, but I didn't install that many, and some were only to improve the interface's bling (I like pretty things ๐Ÿคท).

It's also nice to have a free tier for the Ubuntu Pro program. If, for whatever reason, I decide to stick with this version, I'll have 10 years of security updates (at the time of writing). The specifics are on the link above, so don't forget to check it out to know more about them.

When it comes to regular home users, Pro's free tier can be a nice thing to have. This way, they can slowly prepare the migration to a newer LTS and still stay reasonably secure. Well, to be honest, also because they don't tend to like changes, and keeping a stable environment for some time reduces the stress of computing for them.

This, of course, is also beneficial for self-hosters, for example. But it might not be for you, and that's fair, too. ๐Ÿป

Snaps have also improved quite a lot. You may find the occasional exception, but they have become quite performant compared to just a few years ago. Even the Steam snap has improved; however, it can take a little bit more time to launch than the native package when you have a lot of games installed and/or they take up a lot of disk space.

Another plus for the Steam snap is being able to change Mesa versions. There might be some games that require more recent versions than the included one, so this is a nice feature to have.

โŒ The negatives

There's an issue with the Steam snap, where right-clicking on something to show a menu and then clicking on a menu entry just closes the menu and doesn't perform the action. This one can be annoying as hell sometimes! ๐Ÿ’ข

I do miss having some utilities I use already packaged or from a trusted enough source on the AUR, but I compiled them from source, and I keep tabs on new updates occasionally.

It's also a shame there is no official gamescope package, and you're left compiling it from source. I do think there are a few issues with that on the 24.04 LTS version, but I'm just remembering this as I type, so I might be misremembering.

I was also having the best KDE experience I've had in ~20 years with Plasma 6.x on Arch, but it's not packaged for Ubuntu 24.04. One time, I tried using a repo from Kubuntu or something, but I ended up borking the package and dependency lists, and couldn't remove the upgraded packages. ๐Ÿ’€ I ended up reinstalling, which was faster than spending a day debugging dependency issues and force-installing some packages manually.

I had forgotten how PPAs can be a headache if you just YOLO it. ๐Ÿ˜…

๐Ÿ‘‹ Conclusion

At least for now, I'm sticking with the latest stable LTS. When I switched, my goal was to have a system that doesn't change much over time and, in doing so, doesn't bother me every day to install a ton of updates. I also wanted something more reliable. While the verdict is yet to be reached on the latter, it has been reached on the former โ€” most days, I only have flatpak updates.

I'll stick with Ubuntu LTS for a few more months, so I can safely say if it is what I'm looking for or if I need to find another distribution. Although I think I'll probably stick to it until the next LTS โ€” unless I have a major issue with it โ€”and then reevaluate it.

#Ubuntu #Linux #Arch #KDE #GNOME #Steam #Gaming #LinuxGaming #DesktopLinux

 
Read more...

from ๐Ÿ“ฐwrzlbrmpft's cyberlights๐Ÿ’ฅ

A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!


News For All

๐ŸŽญ Threat actors use fake AI tools to deliver the information stealer Noodlophile cybercrime โ€“ Threat actors exploit AI trends to distribute Noodlophile, an information stealer, via fake AI tools on social media, tricking users into downloading malware disguised as legitimate applications. https://securityaffairs.com/177719/security/threat-actors-use-fake-ai-tools-to-deliver-the-information-stealer-noodlophile.html

โœˆ๏ธ Charter airline helping Trump's deportation campaign pwned data breach โ€“ GlobalX, a charter airline involved in deportations, reported a cybersecurity breach affecting its network. While the full impact remains unclear, it may include stolen flight records and passenger data. https://www.theregister.com/2025/05/12/globalx_security_incident/

๐Ÿ’ฐ Google to pay Texas nearly $1.4 billion over alleged data privacy violations privacy โ€“ Google has agreed to a $1.37 billion settlement with Texas over lawsuits alleging illegal tracking of user data, including location and Incognito searches, without admitting wrongdoing. https://therecord.media/google-texas-privacy-violations-billions

๐Ÿ Wide-ranging Apple security update addresses over 30 vulnerabilities vulnerability โ€“ Apple's latest security update addresses over 30 vulnerabilities across iOS, iPadOS, and macOS, including critical baseband flaws and privacy issues affecting various components. No active exploitation has been reported. https://cyberscoop.com/apple-security-update-c1-modem-privacy-fixes-may-2025/

๐Ÿ“ž Android launches new protections against phone call scammers security news โ€“ Google is introducing features on Android to prevent phone call scams, including blocking app sideloading and accessibility permissions during calls, and warning users about likely scams when accessing banking apps. https://www.theverge.com/news/665706/google-phone-call-scam-protection-banking-apps

๐Ÿ”’ Zero Day Initiative โ€” The May 2025 Security Update Review vulnerability โ€“ Adobe and Microsoft released significant security updates in May 2025, addressing numerous vulnerabilities across their software. Adobe patched 40 CVEs, while Microsoft addressed 75, including several critical flaws under active attack. https://www.thezdi.com/blog/2025/5/13/the-may-2025-security-update-review

๐Ÿšซ Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud security news โ€“ Google is enhancing its AI Scam Detection feature in the Messages app to identify various types of scams, running locally on devices to protect user privacy. This aims to combat the rising tide of digital fraud. https://www.wired.com/story/google-io-on-device-ai-scam-texts/

๐Ÿš˜ License Plate Reader Company Flock Is Building a Massive People Lookup Tool, Leak Shows privacy โ€“ Flock is developing a product called Nova that combines license plate data with personal information from data brokers, allowing law enforcement to track individuals without warrants. Employees express ethical concerns over using hacked data. https://www.404media.co/license-plate-reader-company-flock-is-building-a-massive-people-lookup-tool-leak-shows/

๐Ÿ’ป North Korean IT Workers Are Being Exposed on a Massive Scale cybercrime โ€“ Researchers have identified North Korean IT workers infiltrating Western companies to fund the regime, revealing their lavish lifestyles and connections to cybercrime. A recent leak exposes over 1,000 email addresses linked to their activities. https://www.wired.com/story/north-korean-it-worker-scams-exposed/

โš–๏ธ Meta's still violating GDPR rules with latest plan to train AI on EU user data, says noyb privacy โ€“ Noyb has sent a cease and desist letter to Meta, challenging its plans to use EU user data for AI training without explicit consent. The group threatens legal action if Meta does not comply with GDPR requirements. https://www.theregister.com/2025/05/14/metas_still_violating_gdpr_rules/

๐Ÿ›‘ White House scraps plan to block data brokers from selling Americans' sensitive data privacy โ€“ The CFPB has withdrawn a plan to regulate data brokers under the Fair Credit Reporting Act, citing misalignment with current interpretations. This move follows industry lobbying against the rule, raising concerns over privacy. https://techcrunch.com/2025/05/14/white-house-scraps-plan-to-block-data-brokers-from-selling-americans-sensitive-data/

๐Ÿ’ฐ Who needs VC funding? How cybercriminals spread their ill-gotten gains to everyday business ventures cybercrime โ€“ Cybercriminals are reinvesting their profits into ordinary businesses like coffee shops and real estate to launder money. An investigation reveals a network of collaboration among criminals to diversify and legitimize their income streams. https://cyberscoop.com/what-cybercriminals-do-with-their-money-sophos/

๐Ÿ‘Ÿ Meta plans to train AI on EU user data from May 27 without consent privacy โ€“ Meta intends to train its AI models using EU user data starting May 27 without explicit consent, prompting privacy group noyb to threaten legal action for violating GDPR regulations by relying on an 'opt-out' system. https://securityaffairs.com/177920/security/meta-plans-to-train-ai-on-eu-user-data-from-may-27-without-consent.html

๐Ÿ”’ Google Chromeโ€™s May Update: What You Need to Know About CVE-2025-4372 and More vulnerability โ€“ Google's latest Chrome update addresses critical vulnerabilities, including CVE-2025-4664, which is actively exploited, and CVE-2025-4372, a use-after-free flaw. Users are urged to update immediately for security. https://thecyberexpress.com/google-chrome-update-fixe-cve-2025-4372/

๐Ÿšซ EU court rules that tracking-based online ads are illegal privacy โ€“ The Brussels Court of Appeal ruled that tracking for online ads violates GDPR, stating that existing consent models are inadequate. This decision significantly impacts major tech companies relying on real-time bidding. https://therecord.media/eu-court-rules-tracking-based-ads-illegal

โš–๏ธ Bahn vor Gericht: Warum der DB Navigator ein Fall fรผr die Justiz ist privacy โ€“ The Frankfurt court case against Deutsche Bahn focuses on the DB Navigator app, which allegedly collects and shares user data without consent, raising significant GDPR compliance issues and consumer rights concerns. https://www.kuketz-blog.de/bahn-vor-gericht-warum-der-db-navigator-ein-fall-fuer-die-justiz-ist/

๐Ÿ‘ฟ US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials security news โ€“ The FBI warns that ex-government officials are being targeted by cybercriminals using AI-generated deepfake texts and voice messages to impersonate senior U.S. officials, aiming to gain access to personal accounts. https://securityaffairs.com/177987/cyber-crime/us-government-officials-targeted-texts-and-ai-generated-deepfake.html

โšก Experts found rogue devices, including hidden cellular radios, in Chinese security research โ€“ Investigators discovered hidden 'kill switches' and rogue cellular radios in Chinese-made power inverters used in US solar farms, raising concerns about potential remote control over critical energy infrastructure by Beijing. https://securityaffairs.com/178005/hacking/rogue-devices-in-chinese-made-power-inverters-used-worldwide.html


Some More, For the Curious

๐Ÿ• One-Click RCE in ASUSโ€™s Preinstalled Driver Software hacking write-up โ€“ ASUSโ€™s DriverHub software has a serious vulnerability that allows remote code execution due to weak origin checks, posing a significant security threat. https://mrbruh.com/asusdriverhub/

๐Ÿค– New 'Defendnot' tool tricks Windows into disabling Microsoft Defender security research โ€“ The 'Defendnot' tool exploits a Windows API to disable Microsoft Defender by registering a fake antivirus, showcasing vulnerabilities in system security features. https://www.bleepingcomputer.com/news/microsoft/new-defendnot-tool-tricks-windows-into-disabling-microsoft-defender/

๐Ÿ” The cryptography behind passkeys security research โ€“ Passkeys enhance authentication security by using cryptographic key pairs and the WebAuthn specification, eliminating phishing risks and password reuse while ensuring user authenticity. https://blog.trailofbits.com/2025/05/14/the-cryptography-behind-passkeys/

๐Ÿšจ CVE-2024-26809: Critical nftables Vulnerability in Linux Kernel Could Lead to Root Access vulnerability โ€“ A critical double-free vulnerability in the Linux kernel's nftables subsystem allows local attackers to escalate privileges and execute arbitrary code. Users should update their systems to mitigate this risk. https://thecyberexpress.com/cve-2024-26809-nftables-vulnerability/

๐Ÿ” EU Vulnerability Database Officially Launches Amid CVE Program Concerns security news โ€“ The EU has launched its vulnerability database to improve management of cybersecurity threats, coinciding with uncertainty over MITRE's CVE Program future. It will aggregate critical vulnerability information and facilitate better transparency. https://thecyberexpress.com/eu-vulnerability-database-officially-launches-amid-cve-program-concerns/

โš ๏ธ New VMware Tools Vulnerability Allows Attackers to Tamper with Virtual Machines, Broadcom Issues Urgent Patch vulnerability โ€“ A moderate vulnerability in VMware Tools (CVE-2025-22247) allows attackers with limited access to compromise VMs by tampering with local files. Broadcom has released patches; no workarounds are available. https://thecyberexpress.com/vmware-tools-vulnerability-cve-2025-22247/

๐Ÿ”ง Commvault Command Center patch incomplete: researcher vulnerability โ€“ A critical flaw in Commvault's Command Center remained exploitable for free trial users despite a patch. Following a researcher's discovery, Commvault has changed its update policy to allow immediate access for all users. https://www.theregister.com/2025/05/13/patch_commvault_cvss_10/

๐ŸŒŸ Zero-Day Vulnerabilities in Ivanti EPMM vulnerability โ€“ Ivanti disclosed two zero-day vulnerabilities in their Endpoint Manager Mobile (EPMM) products, allowing unauthenticated remote code execution. CERT-EU recommends immediate updates, especially for internet-facing devices. https://cert.europa.eu/publications/security-advisories/2025-018/

๐Ÿ” Intel data-leaking Spectre defenses scared off once again vulnerability โ€“ Researchers discovered a new attack vector exploiting Intel's Spectre defenses, allowing unauthenticated remote code execution via branch predictor race conditions. Intel has released a microcode update to address this vulnerability. https://www.theregister.com/2025/05/13/intel_spectre_race_condition/

๐Ÿ’ Spies hack high-value mail servers using an exploit from yesteryear cybercrime โ€“ Recent reports indicate that spies have successfully compromised high-value mail servers by exploiting older vulnerabilities, demonstrating the ongoing risk posed by outdated security flaws. https://arstechnica.com/security/2025/05/spies-hack-high-value-mail-servers-using-an-exploit-from-yesteryear/

๐Ÿ’ต Coinbase flips $20M extortion demand into bounty for info on attackers cybercrime โ€“ After cybercriminals extorted Coinbase for $20 million following a data breach, the company offered the same amount as a reward for information leading to the attackers' arrest, marking a proactive response to the incident. https://cyberscoop.com/coinbase-cyberattack-extortion-counter-reward/

๐Ÿ’ป Pwn2Own Berlin 2025 Day Two: researcher earned 150K hacking VMware ESXi security research โ€“ On day two of Pwn2Own Berlin 2025, hackers earned $435,000 for demonstrating zero-day exploits in various products, including VMware ESXi, with one researcher earning $150,000 for an integer overflow exploit. https://securityaffairs.com/177943/hacking/pwn2own-berlin-2025-day-two-researcher-earned-150k-hacking-vmware-esxi.html

๐Ÿ›ก๏ธ ClickFix Fixes Ranked cyber defense โ€“ The 'ClickFix' attack technique exploits user coercion to execute malicious commands via the Windows Run dialog. Mitigations are ranked by effectiveness and annoyance, highlighting the balance between security and usability. https://taggart-tech.com/clickfix/

ยฉ๏ธ How the Signal Knockoff App TeleMessage Got Hacked in 20 Minutes security news โ€“ TeleMessage, a Signal clone used by U.S. officials, was hacked, exposing user message logs in plaintext. The app has been disabled by Customs and Border Protection amid security concerns. https://www.wired.com/story/how-the-signal-knock-off-app-telemessage-got-hacked-in-20-minutes/


CISA Corner

๐Ÿ“ข Update to How CISA Shares Cyber-Related Alerts and Notifications security news โ€“ CISA is revamping its cybersecurity alerts by sharing updates solely through social media and email, focusing on urgent threats on its webpage to improve visibility and user experience. https://www.cisa.gov/news-events/alerts/2025/05/12/update-how-cisa-shares-cyber-related-alerts-and-notifications

โš ๏ธ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has added five Microsoft Windows vulnerabilities to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate them promptly. https://www.cisa.gov/news-events/alerts/2025/05/13/cisa-adds-five-known-exploited-vulnerabilities-catalog โš ๏ธ CISA Adds One Known Exploited Vulnerability to Catalog warning โ€“ CISA has added CVE-2025-32756, a stack-based buffer overflow vulnerability in Fortinet products, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, urging federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2025/05/14/cisa-adds-one-known-exploited-vulnerability-catalog โš ๏ธ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning โ€“ CISA has included three new vulnerabilities in its Known Exploited Vulnerabilities Catalog: a command injection in DrayTek routers, an enforcement issue in Google Chromium, and a deserialization vulnerability in SAP NetWeaver, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-adds-three-known-exploited-vulnerabilities-catalog

โš™๏ธ CISA Releases Twenty-Two Industrial Control Systems Advisories vulnerability โ€“ CISA has released twenty-two advisories regarding vulnerabilities in industrial control systems, aimed at enhancing security measures within critical infrastructure sectors. https://www.cisa.gov/news-events/alerts/2025/05/15/cisa-releases-twenty-two-industrial-control-systems-advisories


While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.

 
Read more...

from Tom Tildavaan

I bought one so you don't have to. (Edit: at least until Eaton supports Matter over WiFi)

Eaton EWSW15

These devices connect to Azure IOT Platform. While I am sure Eaton has a great deal for that, it means that every time I turn the lights on or off, Azure gets paid a small amount of money.

The switch, while not multi-touch capable, will wait 0.5s before turning the load on or off.

In an event of a network connection disruption, when you are back online the switch will take ~5 minutes to become available in the app. There is no local control even though the ESP32-C3-MINI1 (datasheet) module can do this. The unit is provisioned with WiFi credentials over Bluetooth but other than that Bluetooth is not used.

And when you use schedules, the status LED does not correspond to the actual state of the switch.

I am still debating whether to give Schneider Electric Matter-over-WiFi a try, but the more I read the specs the more I become convinced that Z-Wave network I already have is the best.

Edit: https://www.eaton.com/us/en-us/products/wiring-devices-connectivity/Matter.html suggests that at some point these WiFi devices will gain Matter support. If/when that happens, these switches, dimmers, and receptacles will become much more useful.

 
Read more...

from Tom Tildavaan

In case you want more #IOT in your life, Eaton ships remotely actuated circuit breakers.

The breakers are provisioned using a โ€œBlinkUpโ€ system through your phone. You start the provisioning on your device, then put your screen to the sensor on the circuit breaker, your screen blinks a number of times sending WiFi credentials to the device, and then the latter connects to the Electric Imp servers. Eaton is using impOs as the basis of their offering, and Electric Imp is adamant they are secure.

Now, Eaton provides API to these circuit breakers โ€“ https://api.em.eaton.com/docs, but there is no true local access โ€“ there is apparently a way to get local control, but your device must phone home weekly to receive configuration that would allow you to talk to your device locally.

 
Read more...