『RadioCSIRT English Edition – Cybersecurity Daily News, Thursday 18 December 2025 (Ep.54)』のカバーアート

RadioCSIRT English Edition – Cybersecurity Daily News, Thursday 18 December 2025 (Ep.54)

RadioCSIRT English Edition – Cybersecurity Daily News, Thursday 18 December 2025 (Ep.54)

無料で聴く

ポッドキャストの詳細を見る

このコンテンツについて

 Welcome to your daily cybersecurity podcast.The Clop ransomware group, also tracked as Cl0p, is conducting a new data theft extortion campaign targeting Internet-exposed Gladinet CentreStack servers. Ongoing investigations confirm active scanning, successful intrusions, and the placement of extortion notes on compromised systems. The initial access vector remains unidentified, raising the possibility of a zero-day vulnerability or exploitation of unpatched systems. This activity aligns with Clop’s established focus on file sharing and secure file transfer platforms.CISA has added three actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. CVE-2025-20393 affects multiple Cisco products through improper input validation. CVE-2025-40602 impacts SonicWall SMA1000 appliances due to a missing authorization flaw. CVE-2025-59374 targets ASUS Live Update, involving embedded malicious code within the update mechanism, highlighting a software supply chain compromise scenario.CERT-FR has issued advisory CERTFR-2025-AVI-1116 covering multiple vulnerabilities in Google Chrome. Affected versions include releases prior to 143.0.7499.146 on Linux and prior to 143.0.7499.146 or .147 on Windows and macOS. The advisory references CVE-2025-14765 and CVE-2025-14766, with limited public technical detail on the underlying impact.A critical FreeBSD vulnerability, CVE-2025-14558, enables remote code execution via crafted IPv6 Router Advertisement packets within the SLAAC mechanism. Insufficient validation of RA messages leads to command injection into an internal shell script. Exploitation requires the attacker to be present on the same network segment. The vulnerability carries a CVSS score of 9.8.North Korean cyber operations reached a record level in 2025, with more than two billion dollars in cryptocurrency stolen, according to Chainalysis. These activities combine attacks against centralized services, large-scale personal wallet compromises, and advanced social engineering operations involving fake recruiters and purported investors.FIRST Foundation highlights the operational importance of incident communications, emphasizing the role of secure alternative channels, third-party coordination mechanisms, and controlled delegation of public communications to reduce secondary risk during major cyber incidents.Finally, a coordinated operation supported by Eurojust dismantled fraudulent call centre operations in Ukraine. The transnational criminal network relied on industrial-scale social engineering techniques, with identified losses exceeding ten million euros and forty-five suspects identified across multiple countries.Don’t overthink it. Patch.Sources:Clop / Gladinet: https://www.bleepingcomputer.com/news/security/clop-ransomware-targets-gladinet-centrestack-servers-for-extortion/CISA KEV: https://www.cisa.gov/news-events/alerts/2025/12/17/cisa-adds-three-known-exploited-vulnerabilities-catalogCERT-FR Chrome: https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-1116/FreeBSD RCE: https://www.security.nl/posting/917946/Kritiek+beveiligingslek+in+FreeBSD+maakt+remote+code+execution+mogelijk?channel=rssDPRK Crypto: https://www.theregister.com/2025/12/18/north_korea_stole_2b_crypto_2025/FIRST Comms: https://www.first.org/blog/20251216-upskilling_communicationsEurojust Fraud: https://www.eurojust.europa.eu/news/fraudulent-call-centres-ukraine-rolledFrance Arrest: https://therecord.media/france-interior-ministry-hack-arrestYour feedback is welcome.Email: radiocsirt@gmail.comWebsite: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com
まだレビューはありません