InfoSec News 20250117
Top News
-
Researchers Find Exploit Allowing NTLMv1 Despite Active Directory Restrictions
"Cybersecurity researchers have found that the Microsoft Active Directory Group Policy that's designed to disable NT LAN Manager (NTLM) v1 can be trivially bypassed by a misconfiguration."
TLP1 : Green
-
RansomHub Affiliate leverages Python-based backdoor
"In an incident response in Q4 of 2024, GuidePoint Security identified evidence of a threat actor utilizing a Python-based backdoor to maintain access to compromised endpoints. The threat actor later leveraged this access to deploy RansomHub encryptors throughout the entire impacted network. ReliaQuest documented an earlier version of this malware on their website in February 2024."
TLP1 : Green
-
New UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
"Details have emerged about a now-patched security vulnerability that could allow a bypass of the Secure Boot mechanism in Unified Extensible Firmware Interface (UEFI) systems."
TLP1 : Green
Cybersecurity State: Surveillance, Cyberwarfare, Cybercriminality and Hacktivism
-
US cracks down on North Korean IT worker army with more sanctions
"The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes."
TLP1 : Green
-
GDPR complaints filed against TikTok, Temu for sending user data to China
"Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR)."
TLP1 : Green
Breaches: Data Breaches and Hacks
-
Wolf Haldenstein law firm says 3.5 million impacted by data breach
"Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers."
TLP1 : Green
Vulnerabilities: Vulnerability Advisories, Zero-Days,Patches and Exploits
-
Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution
"Veeam, a prominent player in data management and backup solutions, has recently disclosed a critical vulnerability in its Veeam Backup for Microsoft Azure product."
TLP1 : Green
-
Critical Vulnerability in Rasa Framework Enables Remote Code Execution (CVE-2024-49375)
"A critical-severity vulnerability (CVE-2024-49375) has been identified in the popular open-source Rasa framework. This flaw, which carries a CVSS score of 9.1, allows attackers to achieve Remote Code Execution (RCE) through the remote loading of maliciously crafted models."
TLP1 : Green
Incident Response: Infrastructure, Training, SIEM and Incident Handling
-
This comprehensive CISSP certification prep resource is now only $40
"According to Statista, the Certified Information Systems Security Professional (CISSP) is the most popular security certification held by cybersecurity professionals worldwide—38% of poll respondents reported having it. So, what's all the fuss with this exam?"
TLP1 : Green
Technical Articles: Forensics, Reverse Engineering, Malware, Phishing, Pentesting, Software Security and Cryptography
-
Threat Brief: CVE-2025-0282 and CVE-2025-0283 (Updated Jan. 17)
"On Jan. 8, 2025, Ivanti released a security advisory for two vulnerabilities (CVE-2025-0282 and CVE-2025-0283) in its Connect Secure, Policy Secure and ZTA gateway products. This threat brief provides attack details that we observed in a recent incident response engagement to provide actionable intelligence to the community. These details can be used to further detect current attacks noted in the wild using CVE-2025-0282."
TLP1 : Green
1Traffic Light Protocol (TLP) [1] for information sharing:
- Red:Not for disclosure, restricted to participants only.
- Amber: Limited disclosure, restricted to participants organizations.
- Green: Limited disclosure, restricted to the community.