Cyber News 04NOV2025

General

• Interesting blend of Cyber and Physical - installing Remote Monitoring and Management (RMM) tools, to take over transport dispatch (inc. phone), and steal the physical goods.
  • https://www.proofpoint.com/us/blog/threat-insight/remote-access-real-cargo-cybercriminals-targeting-trucking-and-logistics
  • (Bloomberg) https://archive.is/WjTQ3
  • https://www.bleepingcomputer.com/news/security/hackers-use-rmm-tools-to-breach-freighters-and-steal-cargo-shipments/
  • https://www.cybersecuritydive.com/news/cybercrime-organized-crime-cargo-theft-campaign/804501/
  • https://therecord.media/cargo-theft-hackers-remote-monitoring-tools
  • https://www.theregister.com/2025/11/03/cybercriminals_team_up_with_ocgs/
• Ransomware cash proved too tempting for some in the white-hat side, but they forgot one of the first OpSec rules - don't do this stuff from inside Western countries
  • https://www.bleepingcomputer.com/news/security/us-cybersecurity-experts-indicted-for-blackcat-ransomware-attacks/
  • https://techcrunch.com/2025/11/03/doj-accuses-us-ransomware-negotiators-of-launching-their-own-ransomware-attacks/
• Yet another case of malware using legitimate channels to hide C2 - this time, an OpenAI (Assistants) API.
  • https://www.bleepingcomputer.com/news/security/microsoft-sesameop-malware-abuses-openai-assistants-api-in-attacks/
• How about C2 in the Ethereum Blockchain (not a new idea).
  • https://secureannex.com/blog/sleepyduck-malware/
  • https://www.bleepingcomputer.com/news/security/fake-solidity-vscode-extension-on-open-vsx-backdoors-developers/
• Cost of a Breach - SK Telecom operating profit drops an order of magnitude, from ~US$345m to ~US$33.8m
  • https://therecord.media/data-breach-costs-lead-to-profit-decline-south-korea-telecom
• More on the L3Harris/Trenchant exploit thefts by Peter Williams.
  • https://techcrunch.com/2025/11/03/how-an-ex-l3-harris-trenchant-boss-stole-and-sold-cyber-exploits-to-russia/

Getting Techy

• Huntress Labs looks at the super-powerful Device Code phishing in OAuth, comparing Microsoft's and Google's implementations. Spoiler: Google is way more secure than Microsoft.
  Starts with a really good primer on Device Code authentication and why it exists in OAuth.
  • https://www.bleepingcomputer.com/news/security/oauth-device-code-phishing-azure-vs-google-compared/
• Kernel Address Space Layout Randomisation (KASLR) in Android on ARM64....seems dev's have given up on it.
  • https://googleprojectzero.blogspot.com/2025/11/defeating-kaslr-by-doing-nothing-at-all.html
• Digging into the cryptography in modern passports
  • https://blog.trailofbits.com/2025/10/31/the-cryptography-behind-electronic-passports/
• [NKR] Http Troy - new backdoor from Kimsuky (North Korea). Targeting Korea, with region-tuned deception.
  • https://www.gendigital.com/blog/insights/research/dprk-kimsuky-lazarus-analysis

Privacy

• [US] Sen. Wyden questioning Flock over cyber-security practices - weak, non-mandatory MFA. Meanwhile, lots of flock credentials appear in info-stealer dumps (HudsonRock caught a few).
  • https://therecord.media/wyden-letter-ftc-flock-safety-investigate-cybersecurity-practices
  • https://www.hudsonrock.com/search/domain/flocksafety.com

AI

• The real reason Meta invested in building the Llama models? The Future of Advertising Is AI Generated Ads That Are Directly Personalized to You
  • (404 Media) https://archive.is/s6JVz
• Ripping apart the MIT "80% of ransomware attacks are now powered by AI" paper, mentioned in the 30OCT2025 news.
  • https://doublepulsar.com/cyberslop-meet-the-new-threat-actor-mit-and-safe-security-d250d19d02a4