98% of organizations say they have significant data visibility challenges.

That's just one reason many organizations are hesitant to move to the cloud. What's stopping you? We can make that move an easy one for you, and we’ll show you how to do it at our first-ever Cloud Resilience Summit on December 11.

Here are 3 things you'll learn:

An added bonus? You'll learn how you can save up to 30% on Cloud Security with Rubrik. Register and attend the event and you'll be entered into to win 1 of 5 De'Longhi All in One Combination Coffee Maker.

Welcome to another_secpro! Here’s a quick roundup of the latest in cybersecurity.

Recent developments in cybersecurity highlight a range of sophisticated threats and vulnerabilities. Bruce Schneier explores emerging risks, including the "Flowbreaking" attack targeting large language model (LLM) systems by manipulating user inputs and outputs to disrupt broader system components. In addition, concerns over spyware and surveillance persist, as the NSO Group reportedly operates its Pegasus spyware on behalf of governments, while tools like GrayKey face limitations in bypassing security on the latest iOS versions. Moreover, Schneier critiques the MERGE voting protocol, suggesting that its promise of secure, verifiable online voting would require extensive legal and logistical reforms. Meanwhile, a new technique leveraging the Godot Gaming Engine for malware execution and a Python library updated to exfiltrate private keys via Telegram further demonstrate evolving cybercriminal tactics.

Other cybersecurity reports emphasize targeted attacks and vulnerabilities. The prolific hacker "Kiberphant0m," potentially a U.S. soldier, remains at large despite arrests related to Snowflake data breaches. Federal charges against members of the Scattered Spider hacking group highlight the scale of cyber intrusions against major U.S. tech firms. Researchers also uncovered 20 critical vulnerabilities in Advantech EKI wireless access points, enabling remote code execution. Advanced persistent threat groups like Earth Estries continue to target industries globally, employing stealthy techniques, while phishing-as-a-service campaigns now bypass multifactor authentication, exploiting Microsoft user accounts.

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Ready to shape the future of cybersecurity? Join 30+ experts delivering power talks, tech sessions, workshops, and roundtables at the Global Cybersecurity! Register, Speak, Sponsor—let’s make an impact together!

Bruce Schneier - Race Condition Attacks against LLMs: "These aretwo attacks against the system components surrounding LLMs: "We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can adversely affect these other components in the broader implemented system."

Bruce Schneier - NSO Group Spies on People on Behalf of Governments: "The Israeli company NSO Group sells Pegasus spyware to countries around the world (including countries like Saudi Arabia, UAE, India, Mexico, Morocco and Rwanda). We assumed that those countries use the spyware themselves. Now we’velearned that that’s not true: that NSO Group employees operate the spyware on behalf of their customers."

Bruce Schneier - What Graykey Can and Can’t Unlock: "The Graykey, a phone unlocking and forensics tool that is used by law enforcement around the world, is only able to retrieve partial data from all modern iPhones that run iOS 18 or iOS 18.0.1, which are two recently released versions of Apple’s mobile operating system, according to documents describing the tool’s capabilities in granular detail obtained by 404 Media. The documents do not appear to contain information about what Graykey can access from the public release of iOS 18.1, which was released on October 28."

Bruce Schneier - Security Analysis of the MERGE Voting Protocol: "The recently published “MERGE” protocol is designed to be used in the prototype CAC-vote system. The voting kiosk and protocol transmit votes over the internet and then transmit voter-verifiable paper ballots through the mail. In the MERGE protocol, the votes transmitted over the internet are used to tabulate the results and determine the winners, but audits and recounts use the paper ballots that arrive in time. The enunciated motivation for the protocol is to allow (electronic) votes from overseas military voters to be included in preliminary results before a (paper) ballot is received from the voter. MERGE contains interesting ideas that are not inherently unsound; but to make the system trustworthy—to apply the MERGE protocol—would require major changes to the laws, practices, and technical and logistical abilities of U.S. election jurisdictions."

CheckPoint - Gaming Engines: An Undetected Playground for Malware Loaders: "Cybercriminals constantly try to evolve their tactics and techniques, aiming to increase infections. Their need to stay undetected pushes them to innovate and discover new methods of delivering and executing malicious code, which can result in credentials theft and even ransomware encryption. Check Point Research discovered a new undetected technique that uses Godot Gaming Engine to execute malicious GDScript code."

Krebs on Security - Hacker in Snowflake Extortions May Be a U.S. Soldier: "Two men have been arrested for allegedly stealing data from and extorting dozens of companies that used the cloud data storage company Snowflake, but a third suspect — a prolific hacker known as Kiberphant0m — remains at large and continues to publicly extort victims. However, this person’s identity may not remain a secret for long: A careful review of Kiberphant0m’s daily chats across multiple cybercrime personas suggests they are a U.S. Army soldier who is or was recently stationed in South Korea."

Krebs on Security - Feds Charge Five Men in ‘Scattered Spider’ Roundup: "Federal prosecutors in Los Angeles this week unsealed criminal charges against five men alleged to be members of a hacking group responsible for dozens of cyber intrusions at major U.S. technology companies between 2021 and 2023, including LastPass, MailChimp, Okta, T-Mobile and Twilio."

Nozomi - Over-the-Air Vulnerabilities Discovered in Advantech EKI Access Points: "Nozomi Networks Labs has conducted an analysis of version 1.6.2 of the EKI-6333AC-2G industrial-grade wireless access point. Thanks to its resilience in challenging environments, this device is utilized across diverse sectors, ranging from automobile assembly lines up to warehousing and distribution operations within logistics. Our analysis identified 20 vulnerabilities, each assigned a unique CVE identifier. These vulnerabilities pose significant risks, allowing unauthenticated remote code execution with root privileges, thereby fully compromising the confidentiality, integrity, and availability of the affected devices."

Phylum - Python Crypto Library Updated to Steal Private Keys: "Phylum's automated risk detection platform discovered that the PyPI package aiocpa was updated to include malicious code that steals private keys by exfiltrating them through Telegram when users initialize the crypto library. While the attacker published this malicious update to PyPI, they deliberately kept the package's GitHub repository clean of the malicious code to evade detection."

TrendMicro - Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions: Since 2023, Earth Estries (aka Salt Typhoon, FamousSparrow, GhostEmperor and UNC2286) has emerged as one of the most aggressive Chinese advanced persistent threat (APT) groups, primarily targeting critical industries such as telecommunications and government entities in the US, the Asia-Pacific region, the Middle East, and South Africa. In this blog entry, we will highlight their evolving attack techniques and analyze the motivation behind their operations, providing insights into their long-term targeted attacks.

Trustware - Rockstar 2FA: A Driving Force in Phishing-as-a-Service: We have been tracking a widespread phishing campaign delivered via email that showed a significant increase in activity in August 2024 and continues to be prevalent as of writing. This campaign employs an AiTM attack, allowing attackers to intercept user credentials and session cookies, which means that even users with multifactor authentication (MFA) enabled can still be vulnerable. Microsoft user accounts are the prime target of these campaigns, as target users will be redirected to landing pages designed to mimic Microsoft 365 (O365) login pages.

WeLiveSecurity- Bootkitty: Analyzing the first UEFI bootkit for Linux: "A common thread among these publicly known bootkits was their exclusive targeting of Windows systems. Today, we unveil our latest discovery: the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. We believe this bootkit is merely an initial proof of concept, and based on our telemetry, it has not been deployed in the wild. That said, its existence underscores an important message: UEFI bootkits are no longer confined to Windows systems alone."

This AI-powered workshop is designed for experienced professionals and self-employed individuals ready to scale their careers or businesses. In just 90 minutes, you’ll learn how to:

- Automate lead generation to grow your business effortlessly.
- Master LinkedIn's $100K strategy to increase revenue while saving time.
- Use AI to secure high-paying roles, bypassing endless applications.

Join Vaibhav Sisinty, a LinkedIn influencer with over 400K followers, who’s transformed the LinkedIn strategies of over 200,000 professionals. Normally valued at $399, this workshop is free for the first 100 readers.

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Higher education in the AI era (29th November):TheTHE Global AI Forum will bring together leading academics, researchers and thought leaders working in AI to share and discuss the latest developments in AI ethics, horizons and how universities will be impacted. Delegates will discover the latest advancements in AI and the opportunities and potential challenges that AI may present for their institution. The forum will facilitate unparalleled knowledge exchange and networking that will help shed light on and shape some of AI's most critical and unexplored areas.

Hinweis Third International Conference on Artificial Intelligence and Data Science (29th-30th November): Hinweis Third International Conference on Artificial Intelligence and Data Science (AIDE) is a Hybrid Mode prestigious event organized with a motivation to provide an excellent international platform for the academicians, researchers, engineers, industrial participants and budding students around the world to SHARE their research findings with the global experts.

UK & Ireland CISO Inner Circle (3rd December): Join UK & Ireland's top CISOs for an intimate networking dinner and facilitated discussion on key business challenges. Enjoy a relaxed evening of dinner and drinks with your peers to share best practices, make new connections and build professional relationships.

Immersive Training & Networking for Digital Marketers (3rd-4th December): "Sharpen your marketing skill set through our workshops and sessions, that address tactical, practical and strategic ideas from the best marketing talent in the country!"

DevOpsCon (December 2nd-6th): "Simplify Complexity, Amplify
Agility, Accelerate Innovation"