Ep. 70 - RadioCSIRT English Edition – Your Cybersecurity News: Jan 31 – Feb 6, 2026 Podcast Por arte de portada

Ep. 70 - RadioCSIRT English Edition – Your Cybersecurity News: Jan 31 – Feb 6, 2026

Ep. 70 - RadioCSIRT English Edition – Your Cybersecurity News: Jan 31 – Feb 6, 2026

Escúchala gratis

Ver detalles del espectáculo
We open this weekly recap with a critical alert regarding the active exploitation of a Microsoft Office Zero-Day, CVE-2026-21509. According to CERT-UA, the Russian-linked group APT28 has integrated this flaw into phishing campaigns targeting Ukrainian administrations and several EU nations, utilizing a complex infection chain involving WebDAV and the Covenant post-exploitation framework. In a simultaneous blow to software supply chains, the official update mechanism for Notepad++ was hijacked by the state-sponsored actor Violet Typhoon to distribute malware. While threats against productivity tools rise, Mozilla is pivoting toward privacy by announcing that Firefox 148 will allow users to centrally disable all generative AI features.The infrastructure landscape faced significant pressure this week as the CISA issued a binding operational directive requiring federal agencies to retire all End-of-Life (EoL) equipment within 12 months, citing their role as persistent entry points for Edge-based attacks. Meanwhile, the AISURU botnet shattered global records by launching a hyper-volumetric DDoS attack peaking at 31.4 Tbps, fueled by 2 million compromised Android devices. On the regulatory front, the European Commission warned TikTok of potential fines reaching 6% of its global turnover for violating the Digital Services Act (DSA) through "addictive by design" features, while U.S. authorities successfully seized major piracy domains operated from Bulgaria.Regarding cyber-extortion, the group Scattered Lapsus ShinyHunters continues to defy traditional ransomware models by combining data theft with physical harassment and social engineering. In Germany, authorities warned of Signal account takeovers targeting high-profile individuals via fraudulent QR code pairing. To counter evolving threats, Microsoft unveiled a new scanner designed to detect backdoors within Large Language Models (LLMs), and the UK’s NCSC provided a strategic reality check on Cloud Security Posture Management (CSPM), emphasizing that while vital, these tools are only one piece of the broader cloud security puzzle.SourcesSaturday, January 31, 2026Clubic – https://www.clubic.com/actualite-598390-data-centers-ce-que-revele-la-premiere-reunion-a-bercy-sur-les-projets-en-cours-et-a-venir-en-france.htmlThe Record – https://therecord.media/bulgaria-piracy-sites-streaming-gaming-seized-usUnit 42 – https://unit42.paloaltonetworks.com/russian-cyberthreat-2026-winter-olympics/CERT Santé – https://cyberveille.esante.gouv.fr/alertes/grafana-cve-2026-21720-2026-01-29SANS ISC – https://isc.sans.edu/diary/rss/32668Sunday, February 1, 2026Google TAG – https://blog.google/threat-analysis-group/tag-bulletin-q4-2025/CERT-FR – https://www.cert.ssi.gouv.fr/avis/CERTFR-2026-AVI-0102/BleepingComputer – https://www.bleepingcomputer.com/news/security/mandiant-details-how-shinyhunters-abuse-sso-to-steal-cloud-data/The Hacker News – https://thehackernews.com/2026/01/iran-linked-redkitten-cyber-campaign.htmlMonday, February 2, 2026The Register – https://www.theregister.com/2026/02/02/russialinked_apt28_microsoft_office_bug/ The Hacker News – https://thehackernews.com/2026/02/notepad-official-update-mechanism.htmlBleepingComputer – https://www.bleepingcomputer.com/news/software/mozilla-will-let-you-turn-off-all-firefox-ai-features/SANS ISC – https://isc.sans.edu/diary/rss/32674Tuesday, February 3, 2026Zscaler ThreatLabz – https://www.zscaler.com/blogs/security-research/technical-analysis-anatsa-campaigns-android-banking-malware-active-googleEFF – https://www.encryptitalready.org/Centre canadien pour la cybersécurité – https://www.cyber.gc.ca/fr/alertes-avis/bulletin-securite-kubernetes-av26-078Wednesday, February 4, 2026CERT-FR – https://www.cert.ssi.gouv.fr/cti/CERTFR-2026-CTI-001/NCSC – https://www.ncsc.gov.uk/blog-post/cspm-silver-bullet-or-another-piece-in-the-cloud-puzzleThe Hacker News – https://thehackernews.com/2026/02/microsoft-develops-scanner-to-detect.htmlCISA – https://www.cisa.gov/news-events/alerts/2026/02/03/cisa-adds-four-known-exploited-vulnerabilities-catalogThursday, February 5, 2026The Record – https://therecord.media/cisa-gives-federal-agencies-one-year-end-of-life-devicesThe Hacker News – https://thehackernews.com/2026/02/aisurukimwolf-botnet-launches-record.htmlThe Register – https://www.theregister.com/2026/02/05/asia_government_spies_hacked_37_critical_networks/BleepingComputer – https://www.bleepingcomputer.com/news/security/hackers-compromise-nginx-servers-to-redirect-user-traffic/Friday, February 6, 2026KrebsOnSecurity – https://krebsonsecurity.com/2026/02/please-dont-feed-the-scattered-lapsus-shiny-hunters/BleepingComputer – https://www.bleepingcomputer.com/news/security/european-commission-says-tiktok-facing-fine-over-addictive-design/BleepingComputer – https://www.bleepingcomputer.com/news/security/germany-warns-of-signal-account-hijacking-targeting-senior-figures/CISA – https:...
Todavía no hay opiniones