RadioCSIRT - Your Cybersecurity update for Friday, November 7, 2025 (Ep. 478) Podcast Por arte de portada

RadioCSIRT - Your Cybersecurity update for Friday, November 7, 2025 (Ep. 478)

RadioCSIRT - Your Cybersecurity update for Friday, November 7, 2025 (Ep. 478)

Escúchala gratis

Ver detalles del espectáculo

Obtén 3 meses por US$0.99 al mes + $20 crédito Audible
Welcome to your daily cybersecurity update 🕵️‍♂️🔥 🧩 Suricata — Multiple Vulnerabilities in the Open Source IDS/IPS Engine Several flaws have been discovered in Suricata affecting versions 8.0.x before 8.0.2 and 7.0.x before 7.0.13. These issues could allow attackers to trigger undefined behaviors or memory corruption. Updated releases include enhanced flow management and decoding security. 💬 Mattermost — Security Flaws in the Collaboration Server A vulnerability impacts multiple Mattermost Server branches, including versions 10.11.x before 10.11.5 and 11.0.x before 11.0.3. The issue can be exploited remotely, prompting administrators to update immediately and restart services to ensure patches take effect. 🌐 Cisco — Remote Code Execution and Denial of Service Two Cisco advisories fix critical vulnerabilities in Cisco ISE (up to 3.4 Patch 3) and Unified CCX (up to 12.5 SU3 ES07). Exploiting these flaws could enable arbitrary code execution or remote denial of service through crafted packets. Cisco has released updates via its security portal. ⚙️ Google Chrome — Multiple Vulnerabilities Across All Platforms Google has released Chrome version 142.0.7444.134/.135 to fix multiple use-after-free and out-of-bounds write bugs in the Blink and V8 engines. Some of these vulnerabilities have been exploited in the wild. Users are urged to update immediately on Windows, macOS, and Linux. 🏗️ VMware — Massive Patch Wave Across Tanzu Platform and Related Products Dozens of advisories address flaws in VMware Tanzu, Cloud Foundry, Stemcells, Spring Cloud, and various language buildpacks. Risks include data leaks, privilege escalation, and remote code execution. Administrators should upgrade to Tanzu Platform 10.3.0 and the latest Stemcells versions. 🤖 Gemini AI Misused — AI Helps Create Self-Modifying Malware Google Threat Intelligence Group reports malicious use of Gemini by nation-state actors. Iran-linked APT42 attempted to build a data-processing agent capable of analyzing PII through SQL queries. An experimental malware named PromptFlux uses Gemini’s API to rewrite its own code for evasion purposes. 🎯 Ukraine — Fake ESET Installers Drop Kalambur Backdoor A campaign attributed to the Russian-aligned cluster InedibleOchotense distributes fake ESET installers embedding a C# backdoor named Kalambur (SUMBUR). It uses the Tor network for command and control and enables RDP access via port 3389. Targets include Ukrainian government and critical-sector entities. 📰 Clop Ransomware — The Washington Post Added to Leak Site The Russian-speaking ransomware group Clop (Cl0p) claims to have breached The Washington Post. Known for double extortion, Clop has previously exploited vulnerabilities in MOVEit Transfer, GoAnywhere MFT, and Accellion FTA. The group says it will soon leak the stolen data. ⚡️ Don’t think — just patch! 🚀 📚 Sources: 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0972/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0971/ 🔗 http://cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0968/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0973/ 🔗 https://www.cert.ssi.gouv.fr/avis/CERTFR-2025-AVI-0969/ 🔗 https://www.theregister.com/2025/11/05/attackers_experiment_with_gemini_ai/ 🔗 https://thehackernews.com/2025/11/trojanized-eset-installers-drop.html 🔗 https://securityaffairs.com/184304/cyber-crime/clop-ransomware-group-claims-the-breach-of-the-washington-post.html 📞 Share your feedback: 📧 radiocsirt@gmail.com 🌐 www.radiocsirt.com 📰 radiocsirtintl.substack.com #CyberSécurité #Suricata #VMware #Cisco #Chrome #Mattermost #GeminiAI #ESET #Clop #Ukraine #CERT #SOC #CTI #RadioCSIRT 🎧🔥
Todavía no hay opiniones