Welcome to another_secpro!

The times around each monthly update always seem busier. Not only are there more reports always seemingly published, but there are also more news reports of cybersecurity filtering through to the non-specialist news sources. And that doesn't always make for happy news...

Check out our coverage of Clearsky, Bruce Schneier, Brian Krebs, Checkpoint, and other big names in the world of security research - as we keep you up to date on the matters at hand!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Bitdefender - ShrinkLocker (+Decryptor): From Friend to Foe, and Back Again: "Unlike most modern ransomware, which relies on sophisticated encryption algorithms, ShrinkLocker takes a simpler, more unconventional approach. ShrinkLocker modifies BitLocker configurations to encrypt a system's drives. It first checks if BitLocker is enabled and, if not, installs it. Then, it re-encrypts the system using a randomly generated password. This unique password is uploaded to a server controlled by the attacker. After the system reboots, the user is prompted to enter the password to unlock the encrypted drive. The attacker's contact email is displayed on the BitLocker screen, directing victims to pay a ransom for the decryption key."

Bruce Schneier - New iOS Security Feature Makes It Harder for Police to Unlock Seized Phones: Everybodyisreportingabouta new security iPhone security feature with iOS 18: if the phone hasn’t been used for a few days, it automatically goes into its “Before First Unlock” state and has to be rebooted. This is a really good security feature. But various police departments don’t like it, because it makes it harder for them to unlock suspects’ phones.

Bruce Schneier - Criminals Exploiting FBI Emergency Data Requests: "The advisory said that the cybercriminals were successful in masquerading as law enforcement by using compromised police accounts to send emails to companies requesting user data. In some cases, the requests cited false threats, like claims of human trafficking and, in one case, that an individual would “suffer greatly or die” unless the company in question returns the requested information. The FBI said the compromised access to law enforcement accounts allowed the hackers to generate legitimate-looking subpoenas that resulted in companies turning over usernames, emails, phone numbers, and other private information about their users."

Bruce Schneier - AI Industry is Trying to Subvert the Definition of “Open Source AI”: "The Open Source Initiative haspublished(news articlehere) its definition of “open source AI,” and it’sterrible. It allows for secret training data and mechanisms. It allows for development to be done in secret. Since for a neural network, the training datais the source code—it’s how the model gets programmed—the definition makes no sense."

Checkpoint Research - Hamas-affiliated Threat Actor WIRTE Continues its Middle East Operations and Moves to Disruptive Activity: WIRTE is a Middle Eastern Advanced Persistent Threat (APT) groupactivesince at least 2018. The group is primarily known for engaging in politically motivated cyber-espionage, focusing on intelligence gathering likely linked to regional geopolitical conflicts. WIRTE isbelieved to be a subgroup connected to Gaza Cybergang, a cluster affiliated with Hamas. Since late 2023, Check Point Research has been monitoring a campaign conducted by the WIRTE group that targets entities in the Middle East, specifically the Palestinian Authority, Jordan, Egypt, and Saudi Arabia. This campaign utilizes custom loaders like IronWind, firstdisclosedin November 2023 as part of a TA402 operation.

Claroty - The Problem with IoT Cloud-Connectivity and How it Exposed All OvrC Devices to Hijacking: "There are certain commonalities when the cybersecurity of internet-of-things (IoT) devices is researched and discussed. Manufacturers have long treated the security of these connected things as an afterthought, failing to prioritize the use of strong authentication and access controls, or relying on weak or outdated protocols for device communication to the cloud, and avoiding costly encryption implementations for data security..."

Clearsky - CVE-2024-43451: A New Zero-Day Vulnerability Exploited in the wild: A new zero-day vulnerability,CVE-2024-43451, was discovered by ClearSky Cyber Security in June 2024. This vulnerability affects Windows systems and is being actively exploited in attacks against Ukrainian entities. The vulnerabilityactivates URL files containing malicious code through seemingly innocuous actions.

Google Security Blog - Safer with Google: New intelligent, real-time protections on Android to keep you safe: User safety is at the heart of everything we do at Google. Our mission to make technology helpful for everyone means building features that protect you while keeping your privacy top of mind. FromGmail’s defensesthat stop more than 99.9% of spam, phishing and malware, toGoogle Messages’ advanced securitythat protects users from 2 billion suspicious messages a month and beyond, we're constantly developing and expanding protection features that help keep you safe.

Krebs on Security - Microsoft Patch Tuesday, November 2024 Edition: "Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today."

Reflectiz - TikTok Pixel Privacy Nightmare: A New Case Study: "Discover how Reflectiz helped a global travel agency to expose a TikTok pixel that was covertly tracking sensitive form inputs and transmitting user data to China, violating GDPR. Explore the detection process, response strategies, and steps taken to mitigate the breach."

Slashnext - GoIssue – The Tool Behind Recent GitHub Phishing Attacks: "We recently uncovered GoIssue, a tool marketed on a cybercrime forum that allows attackers to extract email addresses from GitHub profiles and send bulk emails directly to user inboxes. GoIssue signals a dangerous shift in targeted phishing that extends beyond individual developers to threaten entire organizations. "

goliate/hidden-tear: It's a ransomware-like file crypter sample which can be modified for specific purposes. Simples.

ncorbuk/Python-Ransomware - A Python Ransomware Tutorial with a YouTube tutorial explaining code and showcasing the ransomware with victim/target roles.

ForbiddenProgrammer/conti-pentester-guide-leak: Leaked pentesting manuals given to Conti ransomware crooks.

codesiddhant/Jasmin-Ransomware: Jasmin Ransomware is an advanced red team tool (WannaCry Clone) used for simulating real ransomware attacks. Jasmin helps security researchers to overcome the risk of external attacks.

Have you made sure to check out the last _secpro templates over on Substack? Here are some of the best we have to offer to help you get over those formal arrangement nightmares.