『RadioCSIRT English Edition – Saturday, December 13, 2025 (Ep.49)』のカバーアート

RadioCSIRT English Edition – Saturday, December 13, 2025 (Ep.49)

RadioCSIRT English Edition – Saturday, December 13, 2025 (Ep.49)

無料で聴く

ポッドキャストの詳細を見る

このコンテンツについて

 Welcome to your daily cybersecurity podcast.Palo Alto Networks Unit 42 exposes Ashen Lepus, a Hamas-affiliated APT actor active since 2018. The group deploys a new .NET modular malware suite named AshTag, targeting governmental and diplomatic entities across the Middle East with confirmed geographic expansion toward Oman and Morocco. The multi-stage infection chain initiates through Arabic-language PDF lures on Palestinian geopolitical themes. Victims download RAR archives containing a binary that side-loads the AshenLoader loader. The group abandoned its proprietary C2 infrastructure in favor of API and authentication subdomains on legitimate domains like api.healthylifefeed.com, which masks malicious traffic. The C2 architecture now integrates geofencing and anti-sandbox verification before payload delivery. Secondary modules are Base64-encoded and hidden in commented HTML tags with AES-CTR-256 encryption. Ashen Lepus uses Rclone to exfiltrate targeted diplomatic documents.Malwarebytes publishes a technical analysis on real VPN privacy following worldwide usage surge post-UK age-verification rules. The document exposes the massive gap between marketing promises and concrete implementation, particularly critical for enterprise deployments protecting sensitive data. Full infrastructure ownership eliminates uncontrolled intermediaries unlike cloud rental. RAM-only servers instantly destroy all traces upon shutdown, which cancels any physical seizure vector. WireGuard protocol drastically reduces attack surface through its minimal auditable codebase, while OpenVPN and IPSec now represent legacy technologies. The major risk for organizations comes from employees using non-validated commercial VPNs that create encrypted tunnels bypassing DLP controls and exfiltrating corporate data through third-party infrastructure never audited.Kali Linux releases version 2025.4, the final update of the year, integrating three new penetration testing tools, major desktop environment improvements, and full Wayland support on GNOME. The three new tools include bpf-linker for BPF static compilation, evil-winrm-py enabling command execution on remote Windows machines via WinRM, and hexstrike-ai allowing AI agents to autonomously execute tools through MCP server. GNOME moves to version 49 and definitively removes X11 support, now running exclusively on Wayland with full VM support for VirtualBox, VMware, and QEMU. NetHunter extends Android 16 support on Samsung Galaxy S10 and OnePlus Nord, restores terminal with interactive Magisk compatibility, and integrates Wifipumpkin3 in preview with Facebook, Instagram, iCloud, and Snapchat phishing templates.CISA adds CVE-2018-4063 to the KEV Catalog on December 12, 2025, following confirmed active exploitation. This vulnerability affects Sierra Wireless AirLink ALEOS and enables unrestricted upload of dangerous files without type or extension validation, leading to arbitrary code execution on cellular routers deployed across vehicle fleets, industrial IoT infrastructure, and M2M networks. Critical point: the CVE dates from 2018, but its late KEV inclusion confirms a resurgence of exploitation specifically targeting unpatched legacy equipment. AirLink devices provide cellular connectivity for SCADA systems, mobile payment terminals, and telematics platforms.Don't think, just patch!Sources:Unit 42: https://unit42.paloaltonetworks.com/hamas-affiliate-ashen-lepus-uses-new-malware-suite-ashtag/Malwarebytes: https://www.malwarebytes.com/blog/inside-malwarebytes/2025/12/how-private-is-your-vpnBleepingComputer: https://www.bleepingcomputer.com/news/security/kali-linux-20254-released-with-3-new-tools-desktop-updates/CISA: https://www.cisa.gov/news-events/alerts/2025/12/12/cisa-adds-one-known-exploited-vulnerability-catalog Your feedback is welcome.Email: radiocsirt@gmail.comWebsite: https://www.radiocsirt.comWeekly Newsletter: https://radiocsirtintl.substack.com
まだレビューはありません