Another month has gone by, another premium issue of the _secpro has landed in the inboxes of our faithful readership. Thank you to you all! We wouldn't be able to do this without your contributions - in both content and support.

If you'd like to sign up and get access to podcasts, templates, premium articles, special offers for events and Packt books, as well as a load of other great features, click the link below to sign up for only $8/month on Substack.

Welcome to another_secpro!

We're starting up a series on the MITRE ATT&CK framework to best understand the Top Ten threats over the last year. Check it out below! This week, we look at #7: 1082.

And then, of course, we've got our usual news, tools, and conference venues roundup. In the editor's spotlight this week, I advise you to all read Picus Security'sRed Report 2025!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Got any good memes you want to share? Or an idea that you need someone to put together? Reply to this email with your meme or idea and get a chance to win afree Packt book (and there's only one available this week)!

Bruce Schneier - Arguing Against CALEA: "At a Congressional hearingearlier this week, Matt Blazemade the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically. This has greatly expanded the “attack surface” that must be defended to prevent unauthorized wiretaps, especially at scale...

Bruce Schneier - Arguing Against CALEA: "At a Congressionalhearingearlier this week, Matt Blazemade the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in tod

Bruce Schneier - Troy Hunt Gets Phished: In case you need proof thatanyone, even people who do cybersecurity for a living, Troy Hunt has a long, iterativestoryon his webpage about how he got phished. Worth reading.

Bruce Schneier - Web 3.0 Requires Data Integrity: If you’ve ever taken a computer security class, you’ve probably learned about thethree legs of computer security—confidentiality, integrity, and availability—known as theCIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts. In a world populated by artificial intelligence (AI) systems and artificial intelligent agents, integrity will be paramount.

Europol - Operation Endgame follow-up leads to five detentions and interrogations as well as server takedowns: "Following the massive botnet takedown codenamedOperation Endgame in May 2024, which shut down the biggest malware droppers, including IcedID, SystemBC, Pikabot, Smokeloader and Bumblebee, law enforcement agencies across North America and Europe dealt another blow to the malware ecosystem in early 2025."

Krebs on Security - China-based SMS Phishing Triad Pivots to Banks: China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.

ReversingLabs - Atomic and Exodus crypto wallets targeted in malicious npm campaign: "Threat actors have been targeting the cryptocurrency community hard lately. The ReversingLabs (RL) research team is continuously tracking an ongoing battle in which cybercriminals and other threat actors use a variety of techniques to hijack popular, legitimate crypto packages and steal things from Web3 wallets to crypto funds."

SecureList - GOFFEE continues to attack organizations in Russia: "GOFFEE is a threat actor that first came to our attentionin early 2022. Since then, we have observed malicious activities targeting exclusively entities located in the Russian Federation, leveraging spear phishing emails with a malicious attachment. Starting in May 2022 and up until summer of 2023, GOFFEE deployed modifiedOwowa (malicious IIS module) in their attacks. As of 2024, GOFFEE started to deploy patched malicious instances of explorer.exe via spear phishing."

SentinelOne - AkiraBot | AI-Powered Bot Bypasses CAPTCHAs, Spams Websites At Scale: Whenever a new form of digital communications becomes prevalent, actors inevitably adopt it for spam to try to profit from unsuspecting users. Email has been the perennial choice for spam delivery, but the prevalence of new communications platforms has expanded the spam attack surface considerably.

Sysmantec- Shuckworm Targets Foreign Military Mission Based in Ukraine: "Shuckworm’s relentless focus on Ukraine has continued into 2025, with the group targeting the military mission of a Western country based in the Eastern European nation. This first activity in this campaign occurred in February 2025, and it continued into March. The initial infection vector used by the attackers appears to have been an infected removable drive."

TrendMicro - Incomplete NVIDIA Patch to CVE-2024-0132 Exposes AI Infrastructure and Data to Critical Risks: "In September 2024, NVIDIAreleased several updatesto address a critical vulnerability (CVE-2024-0132) in its NVIDIA Container Toolkit. If exploited, this vulnerability could expose AI infrastructure, data, or sensitive information. With a CVSS v3.1 rating of 9.0, all customers were advised to update their affected software immediately."

MalwareArchaeology/ATTACK - These Cheat Sheets are provided for you to use in your assessments and improvements of your security program and so that you may customize them to your unique environment.

nshalabi/ATTACK-Tools - This repository contains the following: ATT&CK™ Data Model: a relational data model for ATT&CK™ and ATT&CK™ View: an adversary emulation planning tool.

mdecrevoisier/EVTX-to-MITRE-Attack - A set of EVTX samples mapped to MITRE ATT&CK tactic and techniques to measure your SIEM coverage or developed new use cases.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

RSA Conference (28th April - 1st May): The RSA Conference is a cornerstone of the global cybersecurity calendar. Known for its comprehensive content tracks, this conference addresses everything from cloud security to zero-trust architectures. The event also features an innovation sandbox, where start-ups showcase breakthrough technologies.

CyberUK (6th-7th May): Organised by the UK’s National Cyber Security Centre (NCSC), CyberUK is the government’s flagship cybersecurity event. It brings together security leaders, policymakers, and industry professionals to discuss pressing cybersecurity issues. With a strong focus on collaboration and innovation, CyberUK is a hub for public and private sector expertise.

DSEI (9t-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.