Dare to hack? Join Snyk on April 3rd 11am ET for a live hacking session focused on exploiting AI-generated code. Learn how to build a demo app using GitHub Copilot, and live hack the results. Plus, (ISC)²members will earn CPE credits for attending!

Welcome to another_secpro!

We're starting up a series on the MITRE ATT&CK framework to best understand the Top Ten threats over the last year. Check it out below!

And then, of course, we've got our usual news, tools, and conference venues roundup. In the editor's spotlight this week, I advise you to all read Picus Security'sRed Report 2025!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Join cybersecurity thought leader David Linthicum for a special fireside chat to learn how to use AI and ML to unify your data strategies, uncover hidden cloud costs, and overcome the limitations of your traditional data protection in public cloud environments.

Bruce Schneier - A Taxonomy of Adversarial Machine Learning Attacks and Mitigations: NISTjust releaseda comprehensive taxonomy of adversarial machine learning attacks and countermeasures.

Bruce Schneier - AI Data Poisoning:"Cloudflare has a new feature—available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services. Cloudflare says blocking bots sometimes backfires because it alerts the crawler’s operators that they’ve been detected."

Bruce Schneier - Report on Paragon Spyware: "Citizen Lab has anew report on Paragon’s spyware."

Bruce Schneier - More Countries are Demanding Backdoors to Encrypted Apps: "Last month, Iwrote aboutthe UK forcing Apple to break its Advanced Data Protection encryption in iCloud. More recently, bothSwedenandFranceare contemplating mandating backdoors. Both initiatives are attempting toscare peopleinto supporting backdoors, which are—of course—areterrible idea."

CISA - Two Known Exploited Vulnerabilities to Catalog: CISA has added two new vulnerabilities to itsKnown Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability and CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

CYFIRMA - Turning Aid into Attack: Exploitation of Pakistan's Youth Laptop Scheme to Target India: "In this report, CYFIRMA examines the tactics employed by a Pakistan-based APT group, assessed with medium confidence as APT36, who created a fake IndiaPost website to target and infect both Windows and Android users. We analysed the dropped Android executable and also revealed metadata indicating that the PDF was created in same time zone that Pakistan is in. Additionally, the laptop used to generate the file is part of Pakistan’s Prime Minister Youth Laptop Scheme. Further investigation into the IP resolution uncovered a domain associated with tactics commonly used by Pakistani APT groups."

Krebs On Security - When Getting Phished Puts You in Mortal Danger: "Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life."

McAfee - New Android Malware Campaigns Evading Detection Using Cross-Platform Framework .NET MAUI: "Cybercriminals are constantly evolving their techniques to bypass security measures. Recently, the McAfee Mobile Research Team discovered malware campaigns abusing .NET MAUI, a cross-platform development framework, to evade detection. These threats disguise themselves as legitimate apps, targeting users to steal sensitive information. This blog highlights how these malware operate, their evasion techniques, and key recommendations for staying protected."

Sonatype - Multiple crypto packages hijacked, turned into info-stealers:Sonatype has identified multiple npm cryptocurrency packages, latest versions of which have been hijacked and altered to steal sensitive information such as environment variables from the target victims. Some of these packages have lived on npmjs.com for over 9 years, and provide legitimate functionality to blockchain developers. However, ourautomated malware detectionsystems detected that the latest versions of each of these packages were laden with obfuscated scripts, raising alarms.

WeLiveSecurity - You will always remember this as the day you finally caught FamousSparrow: "In July 2024, ESET Research noticed suspicious activity on the system of a trade group in the United States that operates in the financial sector. While helping the affected entity remediate the compromise, we made an unexpected discovery in the victim’s network: malicious tools belonging to FamousSparrow, a China-aligned APT group. There had been no publicly documented FamousSparrow activity since 2022, so the group was thought to be inactive. Not only was FamousSparrow still active during this period, it must have also been hard at work developing its toolset, since the compromised network revealed not one, but two previously undocumented versions of SparrowDoor, FamousSparrow’s flagship backdoor."

MalwareArchaeology/ATTACK - These Cheat Sheets are provided for you to use in your assessments and improvements of your security program and so that you may customize them to your unique environment.

nshalabi/ATTACK-Tools - This repository contains the following: ATT&CK™ Data Model: a relational data model for ATT&CK™ and ATT&CK™ View: an adversary emulation planning tool.

mdecrevoisier/EVTX-to-MITRE-Attack - A set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

RSA Conference (28th April - 1st May): The RSA Conference is a cornerstone of the global cybersecurity calendar. Known for its comprehensive content tracks, this conference addresses everything from cloud security to zero-trust architectures. The event also features an innovation sandbox, where start-ups showcase breakthrough technologies.

CyberUK (6th-7th May): Organised by the UK’s National Cyber Security Centre (NCSC), CyberUK is the government’s flagship cybersecurity event. It brings together security leaders, policymakers, and industry professionals to discuss pressing cybersecurity issues. With a strong focus on collaboration and innovation, CyberUK is a hub for public and private sector expertise.

DSEI (9t-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.