エピソード

  • RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 477)

    RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 477)
    2025/11/06
    Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥 💬 Microsoft Teams — Impersonation and Spoofing Vulnerabilities Check Point Research disclosed four critical flaws in Microsoft Teams allowing attackers to impersonate users, manipulate messages, and spoof notifications. The issues, now patched, could be exploited by both external guests and malicious insiders. 🌐 Google Chrome — Storing ID Data in Autofill Chrome’s new Enhanced Autofill feature can now store driver’s license and passport details. Convenient, but risky — storing such highly sensitive information in the world’s most targeted browser significantly increases exposure if compromised. ⚖️ China — Death Sentences for Myanmar Scam Kingpins A Chinese court sentenced five members of a Myanmar-based scamming syndicate to death. The criminal network operated large-scale fraud and human trafficking rings, generating over $4 billion and causing the deaths of at least six Chinese citizens. 💼 Japan — Nikkei Reports Slack Data Breach Media giant Nikkei confirmed that malware on an employee’s computer led to a compromise of its internal Slack workspace. Names, email addresses, and chat histories of more than 17,000 employees and partners were potentially exposed. 🧩 Palo Alto Networks — Asset Management: The Unsung Hero of Cyber Defense Bradley Duncan highlights that threat intelligence is only effective when built upon solid asset management. Without proper inventory and monitoring, even advanced defenses fall short against malware like Qakbot or Emotet. 🕵️ Gootloader — The JavaScript Loader Returns After a seven-month hiatus, Gootloader is back with new evasion tactics: SEO poisoning, custom web fonts that obfuscate code, and malformed ZIP archives. The campaign deploys the Supper SOCKS5 backdoor, linked to the Vanilla Tempest ransomware affiliate. ⚙️ Django — High-Severity SQL Injection (CVE-2025-64459) The Django Software Foundation patched a critical SQL injection flaw affecting the QuerySet methods, along with a Windows DoS bug. Updated versions 4.2.26, 5.1.14, and 5.2.8 are available and should be applied immediately. 📤 NCSC UK — Mail Check and Web Check to End in 2026 The UK’s National Cyber Security Centre will retire its Mail Check and Web Check services by March 31, 2026, recommending commercial External Attack Surface Management (EASM) solutions. A new buyer’s guide helps organizations plan the transition. ⚡️ Don’t think, just patch! 🚀 📚 Sources: https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/ https://www.malwarebytes.com/blog/news/2025/11/should-you-let-chrome-store-your-drivers-license-and-passport https://therecord.media/china-sentences-5-myanmar-scam-kingpins-to-death https://therecord.media/japan-nikkei-slack-breach https://unit42.paloaltonetworks.com/asset-management/ https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/ https://securityonline.info/django-team-patches-high-severity-sql-injection-flaw-cve-2025-64459-and-dos-bug-cve-2025-64458-in-latest-security-update/ https://www.ncsc.gov.uk/blog-post/retiring-mail-check-web-check 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #MicrosoftTeams #Chrome #Nikkei #China #Django #Gootloader #PaloAlto #NCSC #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    続きを読む 一部表示
    13 分
  • RadioCSIRT - Your Cybersecurity update for Wednesday, November 5, 2025 (Ep. 476)

    RadioCSIRT - Your Cybersecurity update for Wednesday, November 5, 2025 (Ep. 476)
    2025/11/05
    Welcome to your daily cybersecurity update 🕵️‍♂️🔥 🌐 ICC — openDesk replaces Microsoft Office The International Criminal Court announces its migration to the open-source suite openDesk, developed under Germany’s ZenDiS initiative. The goal is to strengthen digital sovereignty and reduce dependence on Microsoft solutions. 🐧 Linux — The most critical kernel vulnerabilities of 2025 The Linux kernel faces several critical vulnerabilities this year, including flaws that allow privilege escalation at kernel level. Virtualized and sandboxed systems are particularly at risk, with an urgent recommendation to patch immediately. 🛡️ CISA — Two vulnerabilities added to the KEV catalog The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, confirming active exploitation. U.S. federal agencies must apply patches without delay — a measure extending to critical infrastructure operators. 📦 cURL — Security policy bypass A major vulnerability affects cURL, enabling security policy bypasses on versions 7.69 through 8.x. CERT-FR recommends upgrading immediately to version 8.17.0 or higher. 🧰 MISP — Multiple vulnerabilities prior to version 2.5.24 Several security flaws — including XSS and policy bypass vulnerabilities — have been fixed in MISP 2.5.24. Unpatched instances may expose sensitive data and compromise data integrity. 🔒 Fortinet Secure Access — Denial of Service (CVE-2025-59595) A critical flaw can cause server crashes through specially crafted packets in specific configurations. The issue is fixed in version 14.12 and later. 📵 United Kingdom — End of call spoofing by 2026 British telecom operators will automatically block caller ID spoofing under the Telecoms Charter. The plan aims to curb fraud and strengthen the traceability of suspicious calls. 💳 Eurojust — 18 arrests in global credit card fraud A coordinated operation across 19 countries has dismantled a criminal network responsible for laundering over €300 million. European authorities identified multiple fraudulent payment gateways used to process illicit funds. ⚡️ Don’t think — just patch! 🚀 📚 Sources: https://goodtech.info/cpi-abandonne-microsoft-opendesk/ https://www.linuxjournal.com/content/most-critical-linux-kernel-breaches-2025-so-far https://www.cisa.gov/news-events/alerts/2025/11/04/cisa-adds-two-known-exploited-vulnerabilities-catalog https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0964/ http://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0965/ https://cvefeed.io/vuln/detail/CVE-2025-59595 https://www.bleepingcomputer.com/news/security/uk-carriers-to-block-spoofed-phone-numbers-in-fraud-crackdown/ https://www.eurojust.europa.eu/news/eurojust-coordinates-major-operation-against-eur-300-million-global-credit-card-fraud-18 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #openDesk #Linux #CISA #cURL #MISP #Fortinet #MISP #TelecomsCharter #Eurojust #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    続きを読む 一部表示
    9 分
  • RadioCSIRT - Your Cybersecurity Update for Tuesday, November 4th, 2025 (Ep.475)

    RadioCSIRT - Your Cybersecurity Update for Tuesday, November 4th, 2025 (Ep.475)
    2025/11/04
    Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥 🌐 Tor Browser 15.0 — New Release Based on Firefox ESR 140 The Tor Project has released version 15.0, integrating a full year of upstream security fixes and introducing vertical tab management. WebAssembly is now handled by NoScript and remains disabled at the Safer and Safest security levels. This is the last version compatible with Android 5–7 and x86 architectures. 🧩 MariaDB — Multiple Vulnerabilities Patched CERT-FR reports several vulnerabilities affecting all versions prior to 11.7.2. The flaws tracked as CVE-2024-21096, CVE-2025-21490, CVE-2025-30693, and CVE-2025-30722 were fixed in the security bulletin issued on May 7th, 2025. 💀 Wazuh — Advanced Ransomware Detection The open-source Wazuh platform detects ransomware families DOGE Big Balls and Gunra, leveraging MITRE techniques T1486 and T1562. It combines file integrity monitoring, YARA signatures, and VirusTotal integration to block and automatically delete malicious files. ⚖️ United States — Indictment Linked to BlackCat Ransomware Three former cybersecurity professionals are accused of carrying out BlackCat / ALPHV ransomware attacks against five U.S. companies. Ransom demands reached up to 10 million dollars, with confirmed payments exceeding 1.2 million. ⚠️ JobMonster — Critical Authentication Vulnerability A critical flaw tracked as CVE-2025-5397 (CVSS 9.8) allows attackers to hijack administrator accounts on WordPress sites using the JobMonster theme. The issue has been fixed in version 4.8.2; disabling the social login feature mitigates exposure. 💶 Eurojust — €600 Million Crypto-Laundering Network Dismantled Nine arrests were made during a coordinated operation between France, Belgium, Cyprus, Germany, and Spain. The network laundered over €600 million through fake cryptocurrency investment platforms using fraudulent websites and celebrity endorsements. ⚡️ Don’t think — just patch! 🚀 📚 Sources: 🔗 https://blog.torproject.org/new-release-tor-browser-150/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0956/ 🔗 https://thehackernews.com/2025/11/ransomware-defense-using-wazuh-open.html 🔗 https://thehackernews.com/2025/11/us-prosecutors-indict-cybersecurity.html 🔗 https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-auth-bypass-flaw-in-jobmonster-wordpress-theme/ 🔗 https://www.eurojust.europa.eu/news/decisive-actions-against-cryptocurrency-scammers-earning-over-eur-600-million 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #TorBrowser #MariaDB #Wazuh #BlackCat #JobMonster #Eurojust #Ransomware #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    続きを読む 一部表示
    5 分
  • RadioCSIRT — Your Daily Cybersecurity Update for Monday, November 3, 2025 (Ep.474)

    RadioCSIRT — Your Daily Cybersecurity Update for Monday, November 3, 2025 (Ep.474)
    2025/11/03
    Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥 🐚 Rhysida — Malvertising Campaign and Code-Signing Abuse The Rhysida ransomware gang continues its campaign using OysterLoader — also known as Broomstick or CleanUpLoader — as an initial access tool. Expel reports more than 40 abused code-signing certificates since June 2025, including several issued through Microsoft Trusted Signing. These certificates are used to disguise malicious binaries and achieve low antivirus detection rates. 🌐 BIND 9 — Thousands of Servers Still Unpatched The Shadowserver Foundation warns that over 8,200 DNS servers remain vulnerable to CVE-2025-40778 and CVE-2025-40780, including about 100 in the Netherlands. These flaws enable cache poisoning attacks, redirecting users to malicious IP addresses. The Dutch NCSC expects active exploitation of both vulnerabilities. 🧩 Open VSX Registry — Leaked Tokens and Malicious Extensions The Eclipse Foundation confirmed a security incident involving leaked developer publishing tokens. Attackers used these credentials to upload malicious extensions to the Open VSX marketplace. All infected extensions have been removed, and new protections are in place — including shorter token lifetimes, faster revocations, and automated code scans at publication. 🎯 Cyber-Espionage — Targeting Russian and Belarusian Military Researchers from Cyble and Seqrite uncovered a spear-phishing campaign using fake military documents in LNK format. Once opened, the files deploy PowerShell scripts that install a local OpenSSH service on port 20321 and a hidden Tor service, enabling remote access and data exfiltration. The techniques resemble those of the Sandworm group, but attribution remains unconfirmed. 💻 Jabber Zeus — “MrICQ” Arrested and Extradited to the U.S. Ukrainian national Yuriy Igorevich Rybtsov, known online as MrICQ, has been extradited from Italy to the United States. Indicted in 2012, he is accused of helping the Jabber Zeus group steal tens of millions of dollars through the Zeus banking trojan. His associate Vyacheslav “Tank” Penchukov is already serving an 18-year prison sentence. 🧠 Kimsuky — New HttpTroy Backdoor Identified Gen Digital has detailed a North Korean-linked campaign using a fake VPN invoice to deliver the HttpTroy backdoor. The malware allows full system control — including file transfers, screenshot capture, and command execution — and uses multiple obfuscation layers to evade analysis. ⚡️ Don’t think, just patch! 🚀 📚 Sources: https://expel.com/blog/certified-oysterloader-tracking-rhysida-ransomware-gang-activity-via-code-signing-certificates/ https://www.security.nl/posting/911521/'Duizenden+dns-servers+missen+belangrijke+update+voor+BIND+9-lekken?channel=rss https://cyberpress.org/open-vsx-registry/ https://www.helpnetsecurity.com/2025/11/03/russian-belarusian-military-spear-phishing/ https://krebsonsecurity.com/2025/11/alleged-jabber-zeus-coder-mricq-in-u-s-custody/ https://thehackernews.com/2025/11/new-httptroy-backdoor-poses-as-vpn.html 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com
    続きを読む 一部表示
    8 分
  • RadioCSIRT — Your Daily Cybersecurity News for Sunday, November 2, 2025 (Ep.473)

    RadioCSIRT — Your Daily Cybersecurity News for Sunday, November 2, 2025 (Ep.473)
    2025/11/02
    🎧🛡️Welcome to your daily cybersecurity update 🕵️‍♂️🔥 🎓 University of Pennsylvania — Investigation into a massive fraudulent email An offensive email threatening a data leak was sent to thousands of students and alumni using an address spoofed from the Graduate School of Education. The university confirmed it was a fake. The incident response team is actively handling the case. 🕸️ Vampire Wi-Fi — Trapped on public networks Fraudulent hotspots are impersonating legitimate access points in airports, hotels, and cafés. These “Evil Twin Networks” intercept traffic using packet-sniffing tools. McAfee researchers warn that such attacks mainly target travelers and remote workers. 🐉 China — Global exploitation of Cisco ASA firewalls The group Storm-1849, attributed to China, is targeting Cisco ASA appliances used by governments and financial institutions worldwide. Vulnerabilities CVE-2025-30333 and CVE-2025-20362 are being exploited to maintain persistent access despite deployed patches. 🧠 BadCandy — Active infections on Cisco IOS XE routers The Australian Signals Directorate reports ongoing BadCandy infections exploiting CVE-2023-20198. This Lua-based webshell allows full administrative control over unpatched devices. Over 400 compromised systems have been identified in Australia. 🛰️ Proton — Launch of the Data Breach Observatory Swiss company Proton introduces a new platform that tracks and exposes undisclosed data breaches detected on the dark web. The observatory has already identified 300 million compromised records across 794 unique attacks since early 2025. 🧩 Russia — Arrest of Meduza malware developers Russia’s Ministry of Internal Affairs announced the arrest of three suspects accused of developing and distributing the Meduza Infostealer. The malware collected credentials, cookies, crypto wallets, and system data across more than 100 browsers and applications. 🌐 Google Chrome — 20 vulnerabilities patched in the latest update Google released an update to Chrome 142.0.7444.59/.60, fixing 20 vulnerabilities, including CVE-2025-12428 and CVE-2025-12036 in the V8 engine. These flaws could allow remote code execution through malicious JavaScript pages. ⚡️ Don’t think — patch! 🚀 📚 Sources: https://therecord.media/upenn-hacker-email-affirmative https://www.mcafee.com/blogs/internet-security/vampire-wifi-how-public-wi-fi-traps-travelers-in-cyber-attacks-2/ https://therecord.media/chinese-hackers-scan-exploit-firewalls-government https://securityaffairs.com/184095/hacking/badcandy-webshell-threatens-unpatched-cisco-ios-xe-devices-warns-australian-government.html https://www.theregister.com/2025/10/30/proton_data_breach_observatory/ https://www.theregister.com/2025/10/31/russia_arrests_three_meduza_cyber_suspects/ https://www.malwarebytes.com/blog/news/2025/10/update-chrome-now-20-security-fixes-just-landed 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #Chrome #Cisco #Proton #McAfee #Meduza #BadCandy #APT #Storm1849 #UniversityOfPennsylvania #DarkWeb #DataBreach #Infosec #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    続きを読む 一部表示
    9 分
  • RadioCSIRT — Your Daily Cyber Security News for Saturday, November 1, 2025 (Ep.472)

    RadioCSIRT — Your Daily Cyber Security News for Saturday, November 1, 2025 (Ep.472)
    2025/11/01

    Welcome to your daily cybersecurity Podcast 💀🎃

    🐉 Lanscope — Zero-Day Exploited by Chinese Threat Actors
    Hackers linked to China have exploited a zero-day vulnerability in Lanscope, a Japanese network management software.
    The flaw allowed unauthorized access to internal systems.
    According to research from BleepingComputer, the campaign primarily targeted governmental and industrial organizations in Asia.

    🐧 Linux — New Critical Vulnerability
    A newly discovered vulnerability in the Linux kernel allows local privilege escalation.
    Attackers could exploit it to compromise server systems.
    Maintainers recommend immediate updates across all affected environments.

    💀 Akira Ransomware — Ongoing Expansion
    The Akira group continues to target organizations in the industrial and educational sectors.
    Recent attacks exploit unpatched VPNs to infiltrate networks before encrypting systems.
    Operators maintain an active dark web infrastructure to leak stolen data.

    🧩 SonicWall — Multiple Vulnerabilities
    CERT-FR warns of several critical flaws in SonicWall that may enable remote code execution and firewall compromise.
    Multiple SonicOS versions are affected and must be patched immediately to prevent mass exploitation.

    ☁️ Red Hat — Important Security Fixes
    Red Hat has released security updates for multiple critical components, including the kernel, systemd, and OpenSSL.
    These patches address vulnerabilities that could lead to remote compromise or denial-of-service attacks.

    📬 Dovecot — Authentication Flaw
    A vulnerability in the Dovecot IMAP/POP3 server could allow attackers to bypass certain authentication checks in specific configurations.
    Administrators are urged to update to the latest stable version without delay.

    ⚡️ Don’t think — just patch! 🎃

    📚 Sources:

    • BleepingComputer — https://www.bleepingcomputer.com/news/security/china-linked-hackers-exploited-lanscope-flaw-as-a-zero-day-in-attacks/
    • CERT-FR — https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0946/
    • CERT-FR — https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0942/
    • CERT-FR — https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0950/
    • CyberPress — https://cyberpress.org/akira-ransomware-group/
    • CyberPress — https://cyberpress.org/linux-vulnerability/

    📞 Share your feedback
    📧 radiocsirt@gmail.com
    🌐 www.radiocsirt.com
    📰 radiocsirt.substack.com

    #CyberSecurity #Akira #Linux #RedHat #SonicWall #Dovecot #Lanscope #APT #CERTFR #RadioCSIRT #Ransomware #Infosec #SOC #CERT #CTI 🎧💀
    続きを読む 一部表示
    8 分