Attacks & Vulnerabilities |
Data Leak Exposes Chinese State-Sponsored Cyber Arsenal and Target Database (2 minute read)
Threat actors have stolen a massive amount of data from the Chinese cybersecurity firm Knownsec. The breach includes specifications for cyber weapons, source code for proprietary hacking tools, operational details of government collaborations, and an extensive list of foreign surveillance targets. A spreadsheet within the breach details 80 overseas targets allegedly compromised by Knownsec operatives. |
|
CISOs must prove the business value of cyber — the right metrics can help (8 minute read)
CISOs struggle to demonstrate the value of security because they often rely on technical metrics, such as MITRE ATT&CK and patch statistics, rather than business-focused measures. Boards are fatigued from unclear capital allocation and lack visibility into how cybersecurity investments lower risk. Experts advise establishing enterprise risk management, calculating financial exposure in dollars, and presenting understandable metrics like industry benchmarks, risk reduction, and ROI. CISOs should align security with business goals by consulting departments, translating cyber risks into financial terms, and showing measurable risk reduction, such as a 40% decrease in cyber loss exposure. |
ATT&CK v18: The Detection Overhaul You've Been Waiting For (7 minute read)
MITRE ATT&CK v18 introduces two new components, Detection Strategies and Analytics, replacing brief detection notes with detailed, behavior-based guidance that connects techniques to platform-specific analytics, log sources, and data elements. The enterprise domain introduces 13 new techniques, covering Kubernetes, CI/CD pipeline tampering, cloud databases, and ransomware preparation activities, including backup software detection and selective file exclusion, as well as adversary monitoring of their own threat intelligence. The framework suggests splitting the Defense Evasion tactic into Stealth (altering defender visibility) and Impair Defenses (disrupting security controls), while launching an ATT&CK Advisory Council for formal community input and establishing faster CTI releases independent of biannual framework updates. |
Implementing the Etherhiding technique (7 minute read)
Etherhiding is a technique used by attackers to distribute malware using public blockchains, specifically Ethereum. It works by hiding critical information, such as payloads or configuration data, within blockchain smart contracts, making them accessible while making them difficult to take down or block. This hands-on demo shows how to build a simple Ethereum smart contract using Solidity, deploy it to the Sepolia test network via MetaMask, and create a web page that retrieves and displays the hidden information from the blockchain using Infura RPC. |
|
NAKIVO Introduces v11.1 with Upgraded Disaster Recovery and MSP Features (2 minute read)
NAKIVO Backup & Replication v11.1 offers enhanced features, including real-time VMware replication with automated failover via Site Recovery workflows, eliminating manual setup through automatic IO Filter and Journal Service installation. It broadens Proxmox VE support with Flash VM Boot for instant recovery, VM replication, and direct tape recovery, while MSP Direct Connect enables secure, encrypted client-side connectivity supporting VMware, Hyper-V, and Proxmox VE. Additionally, the update introduces granular backup options for physical Windows and Linux systems, allowing selective folder and volume protection with flexible recovery methods such as SMB/NFS shares, all featuring encryption, immutability, and air-gapping for ransomware defense. |
MAD-CAT (GitHub Repo)
MAD-CAT (Meow Attack Data Corruption Automation Tool) is a security testing program designed to simulate data corruption attacks on six database platforms: MongoDB, Elasticsearch, Cassandra, Redis, CouchDB, and Hadoop HDFS. It allows for both single-target tests and bulk CSV attack campaigns, with options for scenarios that include credentials or not. This enables security teams to evaluate how well their databases can withstand corruption threats. Security experts can utilize MAD-CAT to examine data integrity measures and verify backup and recovery processes across various database setups within their systems. |
OnlyShell (GitHub Repo)
OnlyShell is a powerful Go-based reverse shell handler that allows you to manage multiple reverse shell connections simultaneously. |
|
Russian national pleads guilty to breaking into networks for Yanluowang ransomware attacks (3 minute read)
Aleksei Olegovich Volkov (aka "chubaka.kor") pleaded guilty to serving as an initial access broker for Yanluowang ransomware, attacking seven US businesses between July 2021 and November 2022, with total ransom demands reaching $24 million. FBI blockchain analysis traced cryptocurrency payments to accounts owned by Volkov and a co-conspirator in Indianapolis, confirming his identity and communications about attack coordination and profit-sharing. Volkov faces up to 53 years in prison and must pay $9.2 million in restitution. Victims experienced operational shutdowns, data encryption, executive harassment calls, and DDoS attacks following initial compromise through vulnerability exploitation. |
Why a lot of people are getting hacked with government spyware (4 minute read)
The reach of government spyware now extends far beyond its original promise of targeting only criminals and terrorists. Increasingly, journalists, activists, and minor political figures around the world are being surveilled, enabled by vendors whose scalable technology and weak oversight make widespread abuse easy. Governments, both democratic and authoritarian, face little accountability or limitation, although international moves and investigations may finally be prompting some overdue scrutiny and action. |
New Browser Security Report Reveals Emerging Threats for Enterprises (5 minute read)
Emerging enterprise threats increasingly concentrate in the user's browser. Unmanaged AI tools, browser extensions, and non-corporate logins are key risks, as traditional security solutions can't see or manage what happens in browser sessions, enabling sensitive data exposure. Set up session-native controls and browser-level monitoring to close these critical security gaps and prevent breaches. |
|
CBP rolls out facial recognition app for local police to spot illegal immigrants (1 minute read)
US Customs and Border Protection deployed Mobile Identify (listed as "287 TFM" on Google Play Store), a facial recognition app enabling 555 local law enforcement agencies across 34 states participating in Section 287(g) programs to identify immigration status by scanning faces, returning reference numbers requiring ICE contact rather than direct personal information, with captured photos stored for 15 years even for US citizens. |
FBI Wants to Know Who Runs Archive.ph (2 minute read)
The FBI issued a federal subpoena to domain registrar Tucows demanding extensive billing records, internet session logs, payment information, and cloud computing service details to unmask the anonymous operator behind archive.today (Archive.is and Archive.ph), a web archiving service operational since 2012 that's commonly used to bypass news paywalls, though the subpoena does not specify what crime is being investigated. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? 📰 If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? 💼 Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
0 Comments