98% of organizations say they have significant data visibility challenges.

That's just one reason many organizations are hesitant to move to the cloud. What's stopping you? We can make that move an easy one for you, and we’ll show you how to do it at our first-ever Cloud Resilience Summit on December 11.

Here are 3 things you'll learn:

An added bonus? You'll learn how you can save up to 30% on Cloud Security with Rubrik. Register and attend the event and you'll be entered into to win 1 of 5 De'Longhi All in One Combination Coffee Maker.

Welcome to another_secpro! This is our final edition for 2024, but don’t worry—we’ll be back with more insights and updates in January 2025. In the meantime, we’ve got a little holiday treat for you!

Packt has some exciting offers lined up to help you boost your tech skills and get ready for an amazing new year! It’s the perfect opportunity to relax, learn something new, and stay ahead in your field. Keep an eye out for these special holiday deals!

From all of us at the Packt Newsletters team, we wish you a joyful holiday season and a fantastic start to 2025. See you next year!

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

Zapier connects the apps you use every day, so you can focus on what matters most.

Start working more efficiently - Create your free account today.

Akami - Teaching an Old Framework New Tricks: The Dangers of Windows UI Automation: Those of us who write for a living love dictation and grammar-checking software. Those of us who do security research for a living like to break stuff and write about it. So, after months of seeing ads for these writing assistants, we decided to tinker around and see what we could find. Specifically, we wanted to understand how an application can manipulate another application’s user interface (UI) remotely. What we discovered was just as shocking as learning that people still run XP: It is processed by a very old framework called the UI Automation framework.

Bruce Schneier - Jailbreaking LLM-Controlled Robots: "Surprising no one, it’s easy to trick an LLM-controlled robot into ignoring its safety instructions."

Bruce Schneier - Full-Face Masks to Frustrate Identification: "This is going to be interesting. It’s a video of someone trying on a variety of printed full-face masks. They won’t fool anyone for long, but will survive casual scrutiny. And they’re cheap and easy to swap."

Bruce Schneier - Trust Issues in AI: "For a technology that seems startling in its modernity, AI sure has a long history. Google Translate, OpenAI chatbots, and Meta AI image generators are built on decades of advancements in linguistics, signal processing, statistics, and other fields going back to the early days of computing—and, often, on seed funding from the U.S. Department of Defense. But today’s tools are hardly the intentional product of the diverse generations of innovators that came before. We agree with Morozov that the “refuseniks,” as he calls them, are wrong to see AI as “irreparably tainted” by its origins. AI is better understood as a creative, global field of human endeavor that has been largely captured by U.S. venture capitalists, private equity, and Big Tech. But that was never the inevitable outcome, and it doesn’t need to stay that way."

Bruce Schneier - Detecting Pegasus Infections: "The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise. But the company also offers a free version of the feature for anyone who downloads the iVerify Basics app for $1."

Claroty - Inside a New OT/IoT Cyberweapon: IOCONTROL: "IOCONTROL is believed to be part of a global cyber operation against western IoT and operational technology (OT) devices. Affected devices include routers, programmable logic controllers (PLCs), human-machine interfaces (HMIs), firewalls, and other Linux-based IoT/OT platforms. While the malware is believed to be custom-built by the threat actor, it seems that the malware is generic enough that it is able to run on a variety of platforms from different vendors due to its modular configuration."

FBI - Guan Tianfeng: Conspiracy to Commit Computer Fraud; Conspiracy to Commit Wire Fraud: "Guan Tianfeng is wanted for his alleged role in conspiring to access Sophos firewalls without authorization, cause damage to them, and retrieve and exfiltrate data from both the firewalls themselves and the computers behind these firewalls. The exploit was used to infiltrate approximately 81,000 firewalls. It is alleged that Guan Tianfeng's role in the conspiracy was to develop and test the zero-day vulnerability used to conduct the attack."

Krebs on Security - How Cryptocurrency Turns to Cash in Russian Banks: "A financial firm registered in Canada has emerged as the payment processor for dozens of Russian cryptocurrency exchanges and websites hawking cybercrime services aimed at Russian-speaking customers, new research finds. Meanwhile, an investigation into the Vancouver street address used by this company shows it is home to dozens of foreign currency dealers, money transfer businesses, and cryptocurrency exchanges — none of which are physically located there."

Krebs on Security - Patch Tuesday, December 2024 Edition: "Microsoft today released updates to plug at least 70 security holes in Windows and Windows software, including one vulnerability that is already being exploited in active attacks. The zero-day seeing exploitation involves CVE-2024-49138, a security weakness in the Windows Common Log File System (CLFS) driver — used by applications to write transaction logs — that could let an authenticated attacker gain “system” level privileges on a vulnerable Windows device."

Jamf - Unauthorized access to iCloud: analyzing an iOS vulnerability that could expose sensitive data to attackers: Recently,Jamf Threat Labsdiscovered a TCC bypass vulnerability affecting FileProvider in both macOS and iOS; if successfully exploited, the vulnerability could result in an app that is able to access sensitive data without the end user’s knowledge. We reported our findings to Apple, and in macOS 15 and iOS 18, Apple patched the vulnerability, assigning itCVE-2024-44131.

Lookout - Lookout Discovers New Chinese Surveillance Tool Used by Public Security Bureaus: "The surveillance family has been operational since at least 2017, and appears to require physical access to the device to initiate surveillance operations. An installer component, which would presumably be operated by law-enforcement officers who gained access to the unlocked device, is responsible for delivering a headless surveillance module that remains on the device and collects extensive sensitive data. We believe that this is the only distribution mechanism and neither the installer nor the payload have been observed on Google Play or other app stores."

Microsoft - Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine: After co-opting the tools and infrastructure of another nation-state threat actor to facilitate espionage activities, as detailed in ourlast blog, Russian nation-state actor Secret Blizzard used those tools and infrastructure to compromise targets in Ukraine. Microsoft Threat Intelligence has observed that these campaigns consistently led to the download of Secret Blizzard’s custom malware, with theTavdigbackdoor creating the foothold to install theirKazuarV2backdoor.

Office of Public Affairs - Rydox Cybercrime Marketplace Shut Down and Three Administrators Arrested: "The Justice Department today announced the seizure of Rydox, an illicit website and marketplace dedicated to selling stolen personal information, access devices, and other tools for carrying out cybercrime and fraud, and the arrest of Rydox administrators and Kosovo nationals Ardit Kutleshi, 26, and Jetmir Kutleshi, 28. Both defendants were arrested earlier today in Kosovo by Kosovo law enforcement pursuant to a U.S. request for extradition. They are currently awaiting extradition to the United States to face an indictment unsealed today in the Western District of Pennsylvania."

WPScan - Unauthorized Plugin Installation/Activation in Hunk Companion: "This report highlights a vulnerability in theHunk Companion plugin < 1.9.0 that allows unauthenticated POST requests to install and activate plugins directly from the WordPress.orgrepository. This flaw poses a significant security risk, as it enables attackers to install vulnerable or closed plugins, which can then be exploited for attacks such as Remote Code Execution (RCE), SQL Injection, Cross‑Site Scripting (XSS), or even the creation of administrative backdoors. By leveraging these outdated or unmaintained plugins, attackers can bypass security measures, manipulate database records, execute malicious scripts, and gain unauthorized administrative access to thesite.

scythe-io/in-memory-cpython: An in-memory embedding of CPython, useful for offense/red teams.

Elastic Security's Threat Intel Filebeat Module: This module ingests data from a collection of different threat intelligence sources. The ingested data is meant to be used withIndicator Match rulesbut is also compatible with other features likeEnrich Processors. The related threat intel attribute that is meant to be used for matching incoming source data is stored under thethreatintel.indicator.*fields.You can learn how toingest threat data with the Threat Intel Module inthis blog.

Cyberlands-io/epiphany: Epiphany identifies weak spots of a web property that may be more vulnerable to DDoS, by crawling pages, measuring their timing, and using heuristics to determine if pages are cached.

Maximizing Impact: A Guide to Scaling Red Team Operations (19th December): "Even the best red teams in the world cannot cover the entire attack surface fast enough to keep up with your IT changes. That's where automation becomes crucial, enabling red teams to scale up effectively. Build your red teaming operations for scale in our upcoming webinar. Explore how the Pentera Platform automates red team activities and scenarios, relieving the team from ongoing mundane work. Free up your security experts to focus on investigating advanced threats and unique attack vectors, without the distraction of unnecessary noise."

2nd International Conference on Information Technology, Control and Automation (28th-29th December): "...a peer-reviewed conference that publishes articles which contribute new results in all areas of Information Technology (IT), Control Systems and Automation Engineering. The conference focuses on all technical and practical aspects of IT, Control Systems and automation with applications in real-world engineering and scientific problems. The goal of this conference is to bring together researchers and practitioners from academia and industry to focus on information technology, control engineering, automation, modeling concepts and establishing new collaborations in these areas."

Cybersec Asia 2025: Shield Your Core (22nd-23rd January): "The event, promises to bring together the brightest minds, leading organizations, and innovative solutions in the cybersecurity realm. The global cybersecurity market has witnessed significant growth, with investments reaching USD 190.4 billion in 2023 and projected to grow to USD 298.5 billion by 2028, at a CAGR of 9.4% during the forecast period. In the Asia-Pacific region, Thailand has emerged as a leader, securing the 7th position globally in the 2024 Global Cybersecurity Index (GCI), reflecting its commitment to enhancing cybersecurity measures."

2nd Annual DEFSEC 2025 (21st February): "The 2nd Annual DEFSEC 2025 conference is a specialized event dedicated to addressing the critical and complex challenges of cybersecurity in the defense and national security sectors. In a world where cyber threats evolve faster than ever, Defense Security 2025 provides a collaborative platform for examining advanced defense strategies, emerging technologies, and the integration of AI and automation to protect our most vital digital assets. The event emphasizes practical solutions and proactive strategies, enabling organizations to bolster their defenses against cyber adversaries that threaten national security and public infrastructure."