98% of organizations say they have significant data visibility challenges.

That's just one reason many organizations are hesitant to move to the cloud. What's stopping you? We can make that move an easy one for you, and we’ll show you how to do it at our first-ever Cloud Resilience Summit on December 11.

Here are 3 things you'll learn:

An added bonus? You'll learn how you can save up to 30% on Cloud Security with Rubrik. Register and attend the event and you'll be entered into to win 1 of 5 De'Longhi All in One Combination Coffee Maker.

Welcome to another_secpro! Here’s a quick roundup of the latest in cybersecurity.

Recent developments in cybersecurity highlight a range of sophisticated threats and vulnerabilities. Bruce Schneier explores emerging risks, including the "Flowbreaking" attack targeting large language model (LLM) systems by manipulating user inputs and outputs to disrupt broader system components. In addition, concerns over spyware and surveillance persist, as the NSO Group reportedly operates its Pegasus spyware on behalf of governments, while tools like GrayKey face limitations in bypassing security on the latest iOS versions. Moreover, Schneier critiques the MERGE voting protocol, suggesting that its promise of secure, verifiable online voting would require extensive legal and logistical reforms. Meanwhile, a new technique leveraging the Godot Gaming Engine for malware execution and a Python library updated to exfiltrate private keys via Telegram further demonstrate evolving cybercriminal tactics.

Other cybersecurity reports emphasize targeted attacks and vulnerabilities. The prolific hacker "Kiberphant0m," potentially a U.S. soldier, remains at large despite arrests related to Snowflake data breaches. Federal charges against members of the Scattered Spider hacking group highlight the scale of cyber intrusions against major U.S. tech firms. Researchers also uncovered 20 critical vulnerabilities in Advantech EKI wireless access points, enabling remote code execution. Advanced persistent threat groups like Earth Estries continue to target industries globally, employing stealthy techniques, while phishing-as-a-service campaigns now bypass multifactor authentication, exploiting Microsoft user accounts.

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Your .NET applications face constant threats from reverse engineering, leaving your proprietary code, sensitive logic, and IP exposed. But with Dotfuscator by PreEmptive, you can safeguard your software. Dotfuscator’s advanced obfuscation features—like renaming, control flow obfuscation, and string encryption—harden your code against tampering, unauthorized access, and IP theft.

Take control of your application’s security and keep your code and intellectual property secure. Empower your development process with Dotfuscator today—because your .NET apps deserve protection that lasts.

AmberWolf - Introducing NachoVPN: One VPN Server to Pwn Them All: During our recent talk atSANS HackFest Hollywood 2024titledVery Pwnable Networks: Exploiting the Top Corporate VPN Clients for Remote Root and SYSTEM Shells, we shared details of how vulnerabilities in leading corporate VPN clients can be exploited by attackers. In this presentation, we presented the details of how we discovered vulnerabilities in the most popular and widely used corporate VPN clients, and how these vulnerabilities could be exploited by attackers to gain Remote Code Execution on both macOS and Windows Operating Systems. Today, we are thrilled to announce the release of NachoVPN, an open-source tool that demonstrates the attack scenarios we discussed and helps security professionals understand and mitigate these risks. Alongside NachoVPN, we are also publishing detailed advisories for the vulnerabilities we uncovered.

Bruce Schneier - Detecting Pegasus Infections: "The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1. These users can walk through steps to generate and send a special diagnostic utility file to iVerify and receive analysis within hours. Free users can use the tool once a month. iVerify’s infrastructure is built to be privacy-preserving, but to run the Mobile Threat Hunting feature, users must enter an email address so the company has a way to contact them if a scan turns up spyware—as it did in the seven recent Pegasus discoveries."

Bruce Schneier - AI and the 2024 Elections: "It’s been thebiggest yearfor elections in human history: 2024 is a “super-cycle” year in which 3.7 billion eligible voters in 72 countries had the chance to go the polls. These are also thefirst AI elections, where many feared that deepfakes and artificial intelligence-generated misinformation would overwhelm the democratic processes. As 2024 draws to a close, it’s instructive to take stock of how democracy did."

Bruce Schneier - Algorithms Are Coming for Democracy—but It’s Not All Bad: "In 2025, AI is poised to change every aspect of democratic politics—but it won’t necessarily be for the worse. India’s prime minister, Narendra Modi, has used AI to translate his speeches for his multilingual electorate in real time, demonstrating how AI can help diverse democracies to be more inclusive. AI avatars were used by presidential candidates in South Korea in electioneering, enabling them to provide answers to thousands of voters’ questions simultaneously. We are also starting to see AI tools aid fundraising and get-out-the-vote efforts."

Cisco - Cisco Adaptive Security Appliance WebVPN Login Page Cross-Site Scripting Vulnerability: "A vulnerability in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA. The vulnerability is due to insufficient input validation of a parameter. An attacker could exploit this vulnerability by convincing a user to access a malicious link."

Europol- Fraudulent shopping sites tied to cybercrime marketplace taken offline: "Europol has supported the dismantling of a sophisticated criminal network responsible for facilitating large-scale online fraud. In an operation led by the Hanover Police Department (Polizeidirektion Hannover) and the Verden Public Prosecutor’s Office (Staatsanwaltschaft Verden) in Germany, and supported by law enforcement authorities across Europe, over 50 servers were seized, significant digital evidence was secured, and two key suspects were placed in pretrial detention."

JFrog - Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats: "...we will showcase vulnerabilities in ML clients, such as tools used by Data Scientists or ML CI/CD Pipelines (MLOps) that can cause code execution when loading an untrusted piece of data. While the threat is obvious when loading a malicious ML model of a known unsafe type (e.g. Loading a Pickle-based model), we will highlight some vulnerabilities that affect ML clients when loading other types of data."

Krebs on Security - U.S. Offered $10M for Hacker Just Arrested by Russia: "In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “Wazawaka,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies."

Krebs on Security - Why Phishers Love New TLDs Like .shop, .top and .xyz: "Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as .shop, .top, .xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs."

Lumen - Snowblind: The Invisible Hand of Secret Blizzard: Lumen’s Black Lotus Labs has uncovered a longstanding campaign orchestrated by the Russian-based threat actor known as “Secret Blizzard” (also referred to asTurla). This group has successfully infiltrated 33 separate command-and-control (C2) nodes used by Pakistani-based actor, “Storm-0156.” Known for their focus on espionage, Storm-0156 is associated in public reporting with two activity clusters, “SideCopy” and “Transparent Tribe.” This latest campaign, spanning the last two years, is the fourth recorded case of Secret Blizzard embedding themselves in another group’s operations since 2019 when they were first seenrepurposing the C2sof an Iranian threat group.

NCA - Operation Destabilise: NCA disrupts $multi-billion Russian money laundering networks with links to, drugs, ransomware and espionage, resulting in 84 arrests: "An international NCA-led investigation - Operation Destabilise - has exposed and disrupted Russian money laundering networks supporting serious and organised crime around the world: spanning from the streets of the UK, to the Middle East, Russia, and South America. Investigators have identified two Russian-speaking networks collaborating at the heart of the criminal enterprise; Smart and TGR."

Socket - Supply Chain Attack Detected in Solana's web3.js Library: "A supply chain attack has been detected in versions1.95.6and1.95.7of the popular@solana/web3.js library, which receives more than ~350,000 weekly downloads on npm. These compromised versions contain injected malicious code that is designed to steal private keys from unsuspecting developers and users, potentially enabling attackers to drain cryptocurrency wallets."

TrendMicro - MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks: We have been continuously monitoring the MOONSHINE exploit kit’s activity since 2019. During our research, we discovered a MOONSHINE exploit kit server with improper operational security: Its server exposed MOONSHINE’s toolkits and operation logs, which revealed the information of possible victims and the attack tactics of a threat actor we have named Earth Minotaur.

scythe-io/in-memory-cpython: An in-memory embedding of CPython, useful for offense/red teams.

Elastic Security's Threat Intel Filebeat Module: This module ingests data from a collection of different threat intelligence sources. The ingested data is meant to be used withIndicator Match rulesbut is also compatible with other features likeEnrich Processors. The related threat intel attribute that is meant to be used for matching incoming source data is stored under thethreatintel.indicator.*fields.You can learn how toingest threat data with the Threat Intel Module inthis blog.

Cyberlands-io/epiphany: Epiphany identifies weak spots of a web property that may be more vulnerable to DDoS, by crawling pages, measuring their timing, and using heuristics to determine if pages are cached.

CIOMeet Houston (12th December): Successful CIOs empower themselves with the knowledge and experience of their community. Moderated by Former Mission Health CTO, Joseph Wolfgram, CIOMeet Houston collaborate IT leaders with diverse backgrounds, experiences, and industries to connect the dots between innovation, efficiency, and collaboration. Join us over an epicurean lunch as we discuss, debate, and challenge the current directions within the Office of the CIO.

Cybersecurity Law, Regulations, and Compliance: What to Expect in 2025 (12th December): ImmuniWeb is hosting an interactive webinar “Cybersecurity Law, Regulations and Compliance” for all our customers and partners who will receive personal invitations. Public is also welcome to join by a quick registration below (subject to approval). The webinar encompasses the most recent updates since July 2024.

Maximizing Impact: A Guide to Scaling Red Team Operations (19th December): "Even the best red teams in the world cannot cover the entire attack surface fast enough to keep up with your IT changes. That's where automation becomes crucial, enabling red teams to scale up effectively. Build your red teaming operations for scale in our upcoming webinar. Explore how the Pentera Platform automates red team activities and scenarios, relieving the team from ongoing mundane work. Free up your security experts to focus on investigating advanced threats and unique attack vectors, without the distraction of unnecessary noise."

2nd International Conference on Information Technology, Control and Automation (28th-29th December): "...a peer-reviewed conference that publishes articles which contribute new results in all areas of Information Technology (IT), Control Systems and Automation Engineering. The conference focuses on all technical and practical aspects of IT, Control Systems and automation with applications in real-world engineering and scientific problems. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on information technology, control engineering, automation, modeling concepts and establishing new collaborations in these areas."

Cybersec Asia 2025: Shield Your Core (22nd-23rd January): "The event, promises to bring together the brightest minds, leading organizations, and innovative solutions in the cybersecurity realm. The global cybersecurity market has witnessed significant growth, with investments reaching USD 190.4 billion in 2023 and projected to grow to USD 298.5 billion by 2028, at a CAGR of 9.4% during the forecast period. In the Asia-Pacific region, Thailand has emerged as a leader, securing the 7th position globally in the 2024 Global Cybersecurity Index (GCI), reflecting its commitment to enhancing cybersecurity measures."

2nd Annual DEFSEC 2025 (21st February): "The 2nd Annual DEFSEC 2025 conference is a specialized event dedicated to addressing the critical and complex challenges of cybersecurity in the defense and national security sectors. In a world where cyber threats evolve faster than ever, Defense Security 2025 provides a collaborative platform for examining advanced defense strategies, emerging technologies, and the integration of AI and automation to protect our most vital digital assets. The event emphasizes practical solutions and proactive strategies, enabling organizations to bolster their defenses against cyber adversaries that threaten national security and public infrastructure."