There are over 3.6 billion mobile banking users across the globe, making mobile banking apps a prime target for threat actors. Learn how to protect mobile banking apps and ensure regulatory compliance by implementing strong security controls.

Welcome to another_secpro!

This week, we're taking a third dive into the book on Ghidra from Packt. Make sure to check it out! And then, of course, we've got our usual news, tools, and conference venues roundup as well. Sound good? Well, let's get started!

That's why in the editor's spotlight this week, I advise you to all read Bruce Schneier's UK Demanded Apple Add a Backdoor to iCloud!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Setting up a comprehensive environment for malware analysis is quite an extensive topic and outlining everything is outside the scope of this chapter. So, in this section, we’ll focus on foundational steps for utilizing Ghidra for such purposes. Additionally, incorporating dynamic analysis tools such as x64dbg or Windbg is advisable as they offer advanced capabilities for examining Windows OS executables.

Bruce Schneier - “Emergent Misalignment” in LLMs: "We present a surprising result regarding LLMs and alignment. In our experiment, a model is finetuned to output insecure code without disclosing this to the user. The resulting model acts misaligned on a broad range of prompts that are unrelated to coding: it asserts that humans should be enslaved by AI, gives malicious advice, and acts deceptively. Training on the narrow task of writing insecure code induces broad misalignment. We call this emergent misalignment."

Bruce Schneier - North Korean Hackers Steal $1.5B in Cryptocurrency: "It looks like avery sophisticated attack against the Dubai-based exchange Bybit: Bybit officialsdisclosedthe theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets. From there, the cryptocurrency was transferred out of Bybit altogether and into wallets controlled by the unknown attackers."

Bruce Schneier - UK Demanded Apple Add a Backdoor to iCloud: "Last month, the UK governmentdemanded that Apple weaken the security of iCloud for users worldwide. On Friday, Apple took steps to comply for users in the United Kingdom. But the British law is written in a way that requires Apple to give its government access to anyone, anywhere in the world. If the government demands Apple weaken its security worldwide, it would increase everyone’s cyber-risk in an already dangerous world."

Fortinet - Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan: "In January 2025, FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan. Figure 1 shows an example of the attack chain. Usually, there is a loader that is only used to load the malicious DLL file, and the Winos4.0 module is extracted from the shellcode downloaded from its C2 server."

Krebs On Security - U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason”: A U.S. Army soldier who pleaded guilty last week to leaking phone records for high-ranking U.S. government officials searched online for non-extradition countries and for an answer to the question “can hacking be treason?” prosecutors in the case said Wednesday. The government disclosed the details in a court motion to keep the defendant in custody until he is discharged from the military.

Krebs On Security - Trump 2.0 Brings Cuts to Cyber, Consumer Protections: One month into his second term, President Trump’s actions to shrink the government through mass layoffs, firings and withholding funds allocated by Congress have thrown federal cybersecurity and consumer protection programs into disarray. At the same time, agencies are battling an ongoing effort by the world’s richest man to wrest control over their networks and data.

SecureList - Angry Likho: Old beasts in a new forest: "Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before, so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted, with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors. Given that the bait files are written in fluent Russian, we infer that the attackers are likely native Russian speakers."

The Hacker News - Three Password Cracking Techniques and How to Defend Against Them: A helpful beginner resource for getting people up to scratch on some broad themes in password cracking, setting the stage for healthier practices.

Truffle Security - Research finds 12,000 ‘Live’ API Keys and Passwords in DeepSeek's Training Data: "Leaked keys in Common Crawl’s dataset should not reflect poorly on their organization; it’s not their fault developers hardcode keys in front-end HTML and JavaScript on web pages they don’t control. And Common Crawl should not be tasked with redacting secrets; their goal is to provide a free, public dataset based on the public internet for organizations like Truffle Security to conduct this type of research."

As we nearly finish up our in-depth look at Ghidra, here are some Ghidra-specific tools to keep you busy.

AllsafeCyberSecurity/awesome-ghidra - A curated list of awesome Ghidra materials. Exactly what it says on the tin.

HackOvert/GhidraSnippets - Python snippets for Ghidra's Program and Decompiler APIs.

ghidraninja/ghidra_scripts - Scripts for the Ghidra software reverse engineering suite.

rizinorg/rz-ghidra - Deep ghidra decompiler and sleigh disassembler integration for rizin.

zackelia/ghidra-dark - Because dark themes are better than light themes. It's a fact.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

RSA Conference (28th April - 1st May): The RSA Conference is a cornerstone of the global cybersecurity calendar. Known for its comprehensive content tracks, this conference addresses everything from cloud security to zero-trust architectures. The event also features an innovation sandbox, where start-ups showcase breakthrough technologies.

CyberUK (6th-7th May): Organised by the UK’s National Cyber Security Centre (NCSC), CyberUK is the government’s flagship cybersecurity event. It brings together security leaders, policymakers, and industry professionals to discuss pressing cybersecurity issues. With a strong focus on collaboration and innovation, CyberUK is a hub for public and private sector expertise.

DSEI (9t-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.

And here are our picks for this month:

Conf42: Cloud Native 2025 (6th March): Covering everything from AI, APIs, AWS, Data, Healthcare, Optimization, Security, and tools (as well as everything in between), this year's Conf42 is looking to be a conference with a little bit of something for everyone. Don't miss out on this exclusively online event - you might even see yours truly there too!

SANS Security East Baltimore (3rd-8th March): For those of you on the East Coast, East Baltimore is the place to be this year. Dive into the world of cybersecurity excellence with an immersive training experience at SANS Security EastTM Baltimore 2025. Led by world-renowned instructors boasting extensive industry experience, this flagship training conference offers live access to these top experts in the field.

Defensible Data Maps: Building Trust Through Compliance for the Insurance Industry (12th March): The insurance industry is under increasing pressure to comply with stringent data privacy and security regulations, including NYDFS Cybersecurity Regulation, GLBA, HIPAA, GDPR, and CCPA. Insurers collect and process vast amounts of personal and sensitive data, making accurate data mapping essential for compliance, risk management, and consumer trust. A data map isn’t just a document—it’s a foundational compliance tool that ensures organizations know where sensitive data resides, how it flows across systems, and who has access to it.

Understand LLM Supervised Fine Tuning and Related InfoSec Risks (12th March): AI generative Large Language Model (LLM) usage has become a ubiquitous part of the technology landscape since the introduction of highly capable public LLM models. While public models do have significant advantages, there are numerous concerns surrounding data security and organizational intellectual property leakage.

Cyber Security Training at SANS San Antonio Spring 2025 (17th-22nd March): Dive into the world of cybersecurity excellence with an immersive training experience at SANS San Antonio Spring 2025 (March 17-22, CT). Led by world-renowned instructors boasting extensive industry experience, SANS San Antonio Spring 2025 offers live access to top experts in the field. SANS San Antonio Spring 2025 is equipped with industry-leading hands-on labs, simulations, and exercises that you can immediately apply upon your return to work. Don't miss this opportunity to refine your skills during NetWars tournaments and network with your peers in real time.

CISO 360 UK & Ireland: Securing Tomorrow, Navigating Complexity, Driving Resilience (18th-19th March): CISOs will share their strategies, exploring emerging trends, and benchmarking the latest tools and tactics to address the rapidly evolving cybersecurity landscape. You will challenge the status quo through case studies, fireside chats, roundtables, and the highly anticipated CISO 360 Roundtable: AI and Quantum. Evening networking events, cultural experiences, and an exclusive dinner will provide the perfect setting for forging lasting professional relationships and strengthening the cybersecurity community.