Episodios

  • RadioCSIRT – Your Cybersecurity update for Wednesday, November 12, 2025 (Ep.484)

    RadioCSIRT – Your Cybersecurity update for Wednesday, November 12, 2025 (Ep.484)
    Nov 12 2025
    🧩 Welcome Everyone –Today 8 essential stories you can’t miss! 🐧 Curly COMrade: a Russian group abuses Hyper-V to hide Linux malware inside an Alpine VM, effectively bypassing EDR detection. 🇦🇺 ASIO Warning: Australia’s spy chief warns of high-impact cyber sabotage as authoritarian states prepare attacks on power, telecom, and water systems. 💻 OWASP Top 10 (2025): Broken Access Control remains the top web app risk, followed by security misconfiguration and software supply-chain failures. ☁️ Google Private AI Compute: secure AI processing in the cloud with hardware-level encryption, offering on-device privacy and Gemini-scale power. 🧰 Synology BeeStation (CVE-2025-12686): critical RCE flaw patched after its Pwn2Own Ireland 2025 demo — users urged to update immediately. 🧩 SAP SQL Anywhere Monitor (CVE-2025-42890): hard-coded credentials rated CVSS 10/10 — SAP advises disabling the module and deleting existing instances. 📶 TP-Link Ban Proposal: U.S. authorities consider banning TP-Link over national security concerns tied to Chinese influence and device vulnerabilities. 🕵️ Rhadamanthys Infostealer: operation disrupted, with cybercriminals losing server access — likely linked to Operation Endgame takedowns. 💻 Windows 11: Microsoft fixes Task Manager bug in KB5068861 update — background instances caused severe performance slowdowns. ⚡️ Don’t think twice — just patch! 🚀 📚 Sources: 🔗 Linux Magazine – https://www.linux-magazine.com/Online/News/Another-Linux-Malware-Discovered 🔗 The Register (ASIO) – https://www.theregister.com/2025/11/12/asio_cyber_sabotage_warnings/ 🔗 The Register (OWASP) – https://www.theregister.com/2025/11/11/new_owasp_top_ten_broken/ 🔗 The Hacker News (Google) – https://thehackernews.com/2025/11/google-launches-private-ai-compute.html 🔗 Security Affairs (Synology) – https://securityaffairs.com/184528/security/synology-patches-critical-beestation-rce-flaw-shown-at-pwn2own-ireland-2025.html 🔗 Security Affairs (SAP) – https://securityaffairs.com/184500/security/sap-fixed-a-maximum-severity-flaw-in-sql-anywhere-monitor.html 🔗 KrebsOnSecurity – https://krebsonsecurity.com/2025/11/drilling-down-on-uncle-sams-proposed-tp-link-ban/ 🔗 BleepingComputer (Rhadamanthys) – https://www.bleepingcomputer.com/news/security/rhadamanthys-infostealer-disrupted-as-cybercriminals-lose-server-access/ 🔗 BleepingComputer (Microsoft) – https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-task-manager-bug-affecting-performance/ 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #Samsung #LinkedIn #Clop #Allianz #NSO #Pegasus #RadioCSIRT 🎧🔥
    Más Menos
    11 m
  • RadioCSIRT — November Patch Tuesday update (Ep. 483)

    RadioCSIRT — November Patch Tuesday update (Ep. 483)
    Nov 12 2025

    Welcome to your special edition Patch Tuesday briefing 🕵️‍♂️🔥

    📌 Microsoft – November 2025 Patch Tuesday: 63 flaws fixed including 1 zero-day
    Microsoft has released patches for 63 vulnerabilities this month, including one zero-day actively exploited (CVE-2025-62215) affecting the Windows Kernel. Critical issues include RCE in GDI+ (CVE-2025-60724), Office (CVE-2025-62199), and Visual Studio (CVE-2025-62214), as well as an EoP in DirectX Graphics Kernel (CVE-2025-60716). Key “Exploitation More Likely” issues affect CEIP (CVE-2025-59512), CSC service (CVE-2025-60705) and multiple WinSock driver flaws (CVE-2025-60719, CVE-2025-62217, CVE-2025-62213).
    Prioritise: patch the zero-day immediately, deploy the critical updates without delay, and address the Important but high-risk EoPs. Also incorporate updates from Adobe, Cisco, SAP, QNAP, Google/Android and others into your patch window.

    📚 Sources:
    🔗 Marc Frederic GOMEZ Blog’s: https://blog.marcfredericgomez.com/microsoft-patch-tuesday-november-2025/
    🔗 Bleeping Computer – Microsoft November 2025 Patch Tuesday fixes 1 zero-day, 63 flaws: https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2025-patch-tuesday-fixes-1-zero-day-63-flaws/
    🔗 Talos Intelligence Blog – Microsoft Patch Tuesday November 2025: https://blog.talosintelligence.com/microsoft-patch-tuesday-november-2025/
    🔗 Microsoft Security Update Guide – November 2025: https://msrc.microsoft.com/update-guide

    📞 Share your feedback:
    📧 radiocsirt@gmail.com
    🌐 www.radiocsirt.com
    📰 radiocsirtintl.substack.com

    #CyberSecurity #Microsoft #PatchTuesday #CVE202562215 #CERT #SOC #CSIRT #CISO #VulnerabilityManagement #BlueTeam #RadioCSIRT 🎧🔥
    Más Menos
    8 m
  • RadioCSIRT - Your Cybersecurity update for Wednesday, November 11, 2025 (Ep. 482)

    RadioCSIRT - Your Cybersecurity update for Wednesday, November 11, 2025 (Ep. 482)
    Nov 11 2025

    🔐 KeePassXC: full transparency on AI use in development — no AI functions integrated, and every contribution is subject to full human review.

    🏢 NCSC (UK): launch of the Cyber Action Toolkit, a free and interactive tool designed to help small businesses strengthen their cybersecurity with simple, practical steps.

    💥 Triofox (CVE-2025-12480): active exploitation of a critical flaw (CVSS 9.1) allowing remote code execution through the built-in antivirus feature. Mandiant urges immediate patching.

    📱 APT37: the North Korean threat group is abusing Google Find Hub to geolocate and remotely wipe Android smartphones belonging to South Korean victims.

    💾 3CX: massive scans targeting FTP backup servers — reminder: avoid FTP for sensitive data and verify SSH/Telnet shared accounts.

    🕵️ Fantasy Hub: a new “spyware-as-a-service” for rent, complete with fake Android apps, customization kits, and customer support.

    🦊 Mozilla Firefox: new built-in defenses against fingerprinting, reducing online tracking without breaking website compatibility.

    ⚡️ Don’t think — patch! 🚀

    📚 Sources:
    🔗 Malwarebytes – Fantasy Hub : https://www.malwarebytes.com/blog/news/2025/11/fantasy-hub-is-spyware-for-rent-complete-with-fake-app-kits-and-support
    🔗 SANS ISC – 3CX FTP scans : https://isc.sans.edu/diary/rss/32464
    🔗 Bleeping Computer – Firefox anti-fingerprinting : https://www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/
    🔗 Bleeping Computer – APT37 / Find Hub : https://www.bleepingcomputer.com/news/security/apt37-hackers-abuse-google-find-hub-in-android-data-wiping-attacks/
    🔗 The Hacker News – Triofox exploit : https://thehackernews.com/2025/11/hackers-exploiting-triofox-flaw-to.html
    🔗 NCSC – Cyber Action Toolkit : https://www.ncsc.gov.uk/blog-post/cat-breaking-down-resilience-barriers
    🔗 KeePassXC – Code quality & AI policy : https://keepassxc.org/blog/2025-11-09-about-keepassxcs-code-quality-control/

    📞 Share your feedback:
    📧 radiocsirt@gmail.com
    🌐 www.radiocsirt.com
    📰 radiocsirtintl.substack.com

    CyberSecurity #KeePassXC #NCSC #Triofox #APT37 #3CX #Firefox #Spyware #RadioCSIRT
    Más Menos
    11 m
  • RadioCSIRT - Your Cybersecurity update for Monday, November 10, 2025 (Ep. 481)

    RadioCSIRT - Your Cybersecurity update for Monday, November 10, 2025 (Ep. 481)
    Nov 10 2025

    Welcome to your daily cybersecurity update 🕵️‍♂️🔥

    📱 Samsung – New Critical Flaw Added to CISA’s KEV Catalog (CVE-2025-21042)
    CISA has added an Out-of-Bounds Write vulnerability affecting certain Samsung mobile devices to its Known Exploited Vulnerabilities Catalog.
    This flaw allows data to be written outside intended memory regions, posing risks to system confidentiality and integrity.
    Under Binding Operational Directive 22-01, U.S. federal agencies must patch it immediately, and CISA strongly urges all organizations — public and private — to do the same.

    💬 LinkedIn – Surge in Phishing Campaigns Targeting Executives
    Thirty-four percent of phishing attacks now occur outside traditional email channels, with LinkedIn becoming a prime vector.
    Attackers exploit compromised or legitimate accounts without MFA and use AI to generate convincing spear-phishing messages.
    These direct messages bypass standard security filters, leaving detection and response challenging.
    LinkedIn has become a key platform for targeting high-value individuals in the finance and technology sectors.

    🏢 Allianz UK – Victim of Clop’s Oracle E-Business Suite Exploit
    Allianz UK confirmed it was compromised through a zero-day in Oracle E-Business Suite (CVE-2025-61882, CVSS 9.8).
    The incident exposed data from 80 current and 670 former customers, all notified and supported.
    The attack is part of a wider campaign by the Clop group, known for the MOVEit Transfer breach in 2023.
    British regulators have been notified, and remediation measures are ongoing.

    🕵️‍♂️ NSO Group – David Friedman Appointed Executive Chairman
    Former U.S. ambassador to Israel David Friedman has been named Executive Chairman of NSO Group, the Israeli company behind the Pegasus spyware.
    The move follows the company’s acquisition by a consortium of investors led by Robert Simonds.
    NSO remains under the supervision of Israel’s Ministry of Defense and continues to face legal actions over the alleged misuse of Pegasus to target journalists and activists.
    A U.S. federal court recently banned NSO from using WhatsApp as an infection vector — a decision Friedman described as a “significant setback.”

    ⚡️ Don’t think — patch fast! 🚀

    📚 Sources:
    🔗 CISA – Samsung: https://www.cisa.gov/news-events/alerts/2025/11/10/cisa-adds-one-known-exploited-vulnerability-catalog
    🔗 Bleeping Computer – LinkedIn: https://www.bleepingcomputer.com/news/security/5-reasons-why-attackers-are-phishing-over-linkedin/
    🔗 The Register – Allianz UK: https://www.theregister.com/2025/11/10/allianz_uk_joins_growing_list/
    🔗 The Record – NSO Group: https://therecord.media/former-trump-official-named-nso-group-chairman

    📞 Share your feedback:
    📧 radiocsirt@gmail.com
    🌐 www.radiocsirt.com
    📰 radiocsirtintl.substack.com

    #CyberSecurity #Samsung #LinkedIn #Clop #Allianz #NSO #Pegasus #RadioCSIRT 🎧🔥
    Más Menos
    7 m
  • RadioCSIRT — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 480)

    RadioCSIRT — Your Cybersecurity Update for Sunday, November 9, 2025 (Ep. 480)
    Nov 9 2025
    Welcome to your weekend cybersecurity briefing 🕵️‍♂️🔥 🐧 Samba — Remote Command Execution (CVE-2025-10230) A critical vulnerability affects Samba in the WINS module. An unauthenticated attacker can inject commands through unfiltered NetBIOS names and execute arbitrary code on the server. CVSS score: 10.0 (Critical). This flaw allows full system compromise. Immediate patching is strongly recommended. 🧩 SuiteCRM — Session Persistence After Account Deactivation (CVE-2025-64489) Versions up to 7.14.7 and 8.9.0 fail to revoke sessions when accounts are deactivated. Inactive users can retain access and even reactivate themselves. Severity: High (CVSS 8.3). The issue is fixed in versions 7.14.8 and 8.9.1. 🔐 SuiteCRM — RBAC Enforcement Bypass (CVE-2025-64490) Inconsistent role enforcement allows low-privileged users to access or create items in disabled modules. This authorization flaw exposes sensitive data. The patch is available starting from version 8.9.1. 💣 NuGet — Time-Bomb Malware Hidden in .NET Packages Researchers discovered nine malicious packages published between 2023 and 2024, programmed to detonate between 2027 and 2028. Among them, Sharp7Extend targeted Siemens S7 industrial PLCs, corrupting communications and causing operational failures. All packages have been removed, but systems that used them should be considered compromised. 🧠 Whisper Leak — Inferring AI Chat Topics from Encrypted Traffic Microsoft revealed a side-channel attack capable of deducing chatbot conversation topics even through HTTPS encryption. By analyzing packet sizes and timing, attackers can identify sensitive subjects. Countermeasures have been deployed by OpenAI, Microsoft, and Mistral, including the addition of random text sequences to mask token lengths. 🐉 China-Linked Espionage — Breach of a U.S. Non-Profit A China-linked group compromised a U.S. policy organization in April 2025. The attackers exploited multiple public vulnerabilities and used DLL sideloading via vetysafe.exe to maintain stealthy access for weeks. Their objective: long-term espionage and data exfiltration using a RAT associated with APT41. 🧱 QNAP — Seven Critical Zero-Days Fixed After Pwn2Own 2025 Seven critical zero-days exploited on QNAP NAS devices allowed remote code execution and privilege escalation. The affected systems include QTS 5.2.x and QuTS hero h5.2.x / h5.3.x. Fixes were released on October 24, 2025 in builds QTS 5.2.7.3297 and QuTS hero 5.3.1.3292. QNAP urges immediate updates, password rotation, and network segmentation. ⚡️ Don’t think — patch! 🚀 📚 Sources: 🔗 Samba: https://cvefeed.io/vuln/detail/CVE-2025-10230 🔗 SuiteCRM (CVE-2025-64489): https://cvefeed.io/vuln/detail/CVE-2025-64489 🔗 SuiteCRM (CVE-2025-64490): https://cvefeed.io/vuln/detail/CVE-2025-64490 🔗 The Register – NuGet: https://www.theregister.com/2025/11/07/cybercriminals_plant_destructive_time_bomb/ 🔗 The Hacker News – Whisper Leak: https://thehackernews.com/2025/11/microsoft-uncovers-whisper-leak-attack.html 🔗 Security Affairs – China Espionage: https://securityaffairs.com/184351/apt/china-linked-hackers-target-u-s-non-profit-in-long-term-espionage-campaign.html 🔗 Cybersecurity News – QNAP: https://cybersecuritynews.com/qnap-zero-day-vulnerabilities-exploited/ 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com
    Más Menos
    8 m
  • RadioCSIRT - Your Cybersecurity update for Saturday, November 8, 2025 (Ep. 479)

    RadioCSIRT - Your Cybersecurity update for Saturday, November 8, 2025 (Ep. 479)
    Nov 8 2025
    Welcome to your weekend cybersecurity bulletin 🕵️‍♂️🔥 💰 Microsoft warns of payroll phishing campaign Microsoft is alerting organizations to a sophisticated phishing operation dubbed Payroll Pirates. Attackers impersonate HR departments to steal Microsoft 365 credentials and divert employee payroll deposits. The campaign uses spoofed domains and genuine Microsoft forms to bypass security filters. 🎓 Iranian APT targets academic researchers An Iran-linked group known as APT42 is conducting espionage campaigns against academics and researchers in Europe and North America. Attackers use fake university contact emails and cloned institutional portals to harvest personal data and login credentials. 🎥 ClickFix — Fake CAPTCHA sites now include video tutorials Operators behind the ClickFix campaign have added video guides to their fake CAPTCHA pages. These malicious sites automatically copy code to the user’s clipboard, tricking them into running info-stealers like Lumma or Atomic Stealer. A countdown timer adds urgency, enhancing the social engineering effect. 🛡️ U.S. Defense Department unveils long-term cyber force strategy The Pentagon has released a complete overhaul of its cyber doctrine. The plan, a successor to Cyber Command 2.0, aims to structure cyber training and innovation over the next decade. The Advanced Cyber Training Center is not expected to reach initial capability until 2028 and full readiness until 2031, highlighting the slow implementation timeline. 🇪🇺 EU Parliament backs broader data powers for Europol The LIBE Committee of the European Parliament approved a proposal to expand Europol’s ability to collect and share biometric data to combat human trafficking. Privacy advocates warn it could pave the way for mass surveillance. The proposal now moves to a full plenary vote later this month. 🧩 Drupal — Two new vulnerabilities in contributed modules Two Drupal modules were found vulnerable: Simple multi step form (XSS, CVE-2025-12761) and Email TFA (access bypass, CVE-2025-12760). Both are rated moderately critical and should be patched immediately. 📱 LANDFALL — New Android spyware targeting Samsung devices Researchers at Unit 42 have uncovered LANDFALL, a commercial-grade Android spyware delivered via malicious DNG image files. Exploiting a zero-day in Samsung’s libimagecodec.quram.so, it enables remote code execution and access to microphones, calls, and location data. 🐧 Red Hat — 24 Linux kernel vulnerabilities patched Advisory CERTFR-2025-AVI-0978 lists 24 CVEs impacting Linux kernel versions in Red Hat Enterprise Linux 8, 9, and 10. The flaws include arbitrary code execution, data leakage, and denial of service. Fixes are available through Red Hat’s RHSA bulletins released in early November. 🏦 UK — Bank of England monitoring cyber incident at Jaguar Land Rover The Bank of England is monitoring a cyberattack that disrupted systems at Jaguar Land Rover. The breach, traced to a supplier, caused major logistical disruptions and highlights the cyber risks of industrial supply chains. 🐧 Ubuntu — 261 Linux kernel vulnerabilities fixed Advisory CERTFR-2025-AVI-0977 reports 261 CVEs affecting Ubuntu kernels from 14.04 through 25.04, including several critical ones. Patches are available via recent USN bulletins, and a full system reboot is required after applying updates. ⚡️ Don’t think — just patch! 🚀 📚 Sources: 🔗 https://thehackernews.com/2025/10/microsoft-warns-of-payroll-pirates.html?_m=3n.009a.3796.bx0ao08q8s.2u1l 🔗 https://cyberpress.org/iranian-apt-targeting-academics/ 🔗 https://www.malwarebytes.com/blog/news/2025/11/fake-captcha-sites-now-have-tutorial-videos-to-help-victims-install-malware 🔗 https://therecord.media/revised-cyber-command-master-plan-dod-pentagon 🔗 https://therecord.media/eu-parliament-committee-votes-europol-data-sharing-agreement 🔗 https://www.drupal.org/security 🔗 https://unit42.paloaltonetworks.com/landfall-is-new-commercial-grade-android-spyware/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0978/ 🔗 https://www.theregister.com/2025/11/07/bank_of_england_says_jlrs/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0977/ 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSécurité #Microsoft #APT42 #ClickFix #Pentagone #Europol #Drupal #Android #LANDFALL #RedHat #Ubuntu #RadioCSIRT 🎧🔥
    Más Menos
    8 m
  • RadioCSIRT - Your Cybersecurity update for Friday, November 7, 2025 (Ep. 478)

    RadioCSIRT - Your Cybersecurity update for Friday, November 7, 2025 (Ep. 478)
    Nov 7 2025
    Welcome to your daily cybersecurity update 🕵️‍♂️🔥 🧩 Suricata — Multiple Vulnerabilities in the Open Source IDS/IPS Engine Several flaws have been discovered in Suricata affecting versions 8.0.x before 8.0.2 and 7.0.x before 7.0.13. These issues could allow attackers to trigger undefined behaviors or memory corruption. Updated releases include enhanced flow management and decoding security. 💬 Mattermost — Security Flaws in the Collaboration Server A vulnerability impacts multiple Mattermost Server branches, including versions 10.11.x before 10.11.5 and 11.0.x before 11.0.3. The issue can be exploited remotely, prompting administrators to update immediately and restart services to ensure patches take effect. 🌐 Cisco — Remote Code Execution and Denial of Service Two Cisco advisories fix critical vulnerabilities in Cisco ISE (up to 3.4 Patch 3) and Unified CCX (up to 12.5 SU3 ES07). Exploiting these flaws could enable arbitrary code execution or remote denial of service through crafted packets. Cisco has released updates via its security portal. ⚙️ Google Chrome — Multiple Vulnerabilities Across All Platforms Google has released Chrome version 142.0.7444.134/.135 to fix multiple use-after-free and out-of-bounds write bugs in the Blink and V8 engines. Some of these vulnerabilities have been exploited in the wild. Users are urged to update immediately on Windows, macOS, and Linux. 🏗️ VMware — Massive Patch Wave Across Tanzu Platform and Related Products Dozens of advisories address flaws in VMware Tanzu, Cloud Foundry, Stemcells, Spring Cloud, and various language buildpacks. Risks include data leaks, privilege escalation, and remote code execution. Administrators should upgrade to Tanzu Platform 10.3.0 and the latest Stemcells versions. 🤖 Gemini AI Misused — AI Helps Create Self-Modifying Malware Google Threat Intelligence Group reports malicious use of Gemini by nation-state actors. Iran-linked APT42 attempted to build a data-processing agent capable of analyzing PII through SQL queries. An experimental malware named PromptFlux uses Gemini’s API to rewrite its own code for evasion purposes. 🎯 Ukraine — Fake ESET Installers Drop Kalambur Backdoor A campaign attributed to the Russian-aligned cluster InedibleOchotense distributes fake ESET installers embedding a C# backdoor named Kalambur (SUMBUR). It uses the Tor network for command and control and enables RDP access via port 3389. Targets include Ukrainian government and critical-sector entities. 📰 Clop Ransomware — The Washington Post Added to Leak Site The Russian-speaking ransomware group Clop (Cl0p) claims to have breached The Washington Post. Known for double extortion, Clop has previously exploited vulnerabilities in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA. The group says it will soon leak the stolen data. ⚡️ Don’t think — just patch! 🚀 📚 Sources: 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0972/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0971/ 🔗 http://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0968/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0973/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0969/ 🔗 https://www.theregister.com/2025/11/05/attackers_experiment_with_gemini_ai/ 🔗 https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html 🔗 https://securityaffairs.com/184304/cyber-crime/clop-ransomware-group-claims-the-breach-of-the-washington-post.html 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSécurité #Suricata #VMware #Cisco #Chrome #Mattermost #GeminiAI #ESET #Clop #Ukraine #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    Más Menos
    8 m
  • RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 477)

    RadioCSIRT - Your Cybersecurity Update for Thursday, November 6, 2025 (Ep. 477)
    Nov 6 2025
    Welcome to your daily cybersecurity briefing 🕵️‍♂️🔥 💬 Microsoft Teams — Impersonation and Spoofing Vulnerabilities Check Point Research disclosed four critical flaws in Microsoft Teams allowing attackers to impersonate users, manipulate messages, and spoof notifications. The issues, now patched, could be exploited by both external guests and malicious insiders. 🌐 Google Chrome — Storing ID Data in Autofill Chrome’s new Enhanced Autofill feature can now store driver’s license and passport details. Convenient, but risky — storing such highly sensitive information in the world’s most targeted browser significantly increases exposure if compromised. ⚖️ China — Death Sentences for Myanmar Scam Kingpins A Chinese court sentenced five members of a Myanmar-based scamming syndicate to death. The criminal network operated large-scale fraud and human trafficking rings, generating over $4 billion and causing the deaths of at least six Chinese citizens. 💼 Japan — Nikkei Reports Slack Data Breach Media giant Nikkei confirmed that malware on an employee’s computer led to a compromise of its internal Slack workspace. Names, email addresses, and chat histories of more than 17,000 employees and partners were potentially exposed. 🧩 Palo Alto Networks — Asset Management: The Unsung Hero of Cyber Defense Bradley Duncan highlights that threat intelligence is only effective when built upon solid asset management. Without proper inventory and monitoring, even advanced defenses fall short against malware like Qakbot or Emotet. 🕵️ Gootloader — The JavaScript Loader Returns After a seven-month hiatus, Gootloader is back with new evasion tactics: SEO poisoning, custom web fonts that obfuscate code, and malformed ZIP archives. The campaign deploys the Supper SOCKS5 backdoor, linked to the Vanilla Tempest ransomware affiliate. ⚙️ Django — High-Severity SQL Injection (CVE-2025-64459) The Django Software Foundation patched a critical SQL injection flaw affecting the QuerySet methods, along with a Windows DoS bug. Updated versions 4.2.26, 5.1.14, and 5.2.8 are available and should be applied immediately. 📤 NCSC UK — Mail Check and Web Check to End in 2026 The UK’s National Cyber Security Centre will retire its Mail Check and Web Check services by March 31, 2026, recommending commercial External Attack Surface Management (EASM) solutions. A new buyer’s guide helps organizations plan the transition. ⚡️ Don’t think, just patch! 🚀 📚 Sources: https://research.checkpoint.com/2025/microsoft-teams-impersonation-and-spoofing-vulnerabilities-exposed/ https://www.malwarebytes.com/blog/news/2025/11/should-you-let-chrome-store-your-drivers-license-and-passport https://therecord.media/china-sentences-5-myanmar-scam-kingpins-to-death https://therecord.media/japan-nikkei-slack-breach https://unit42.paloaltonetworks.com/asset-management/ https://www.bleepingcomputer.com/news/security/gootloader-malware-is-back-with-new-tricks-after-7-month-break/ https://securityonline.info/django-team-patches-high-severity-sql-injection-flaw-cve-2025-64459-and-dos-bug-cve-2025-64458-in-latest-security-update/ https://www.ncsc.gov.uk/blog-post/retiring-mail-check-web-check 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSecurity #MicrosoftTeams #Chrome #Nikkei #China #Django #Gootloader #PaloAlto #NCSC #CERT #SOC #CTI #RadioCSIRT 🎧🔥
    Más Menos
    13 m