Cyber News 07NOV2025

General

• Brian Krebs looks at the DNS activity of the Aisuru botnet, it's C2 dominating Cloudflare's top-sites (by DNS request) metrics.
  • https://krebsonsecurity.com/2025/11/cloudflare-scrubs-aisuru-botnet-from-top-domains-list/
• Cisco Call-Centre-in-a-Box (Cisco Unified Contact Center Express (Unified CCX)) Unauthenticated Remote Code Execution (RCE) (CVSS9.8)
  It's not cisco/cisco, but it is Java RMI.
  Privately disclosed, so no mention of exploitation...yet.
  • https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cc-unauth-rce-QeN8h7mQ
  • https://www.bleepingcomputer.com/news/security/critical-cisco-uccx-flaw-lets-hackers-run-commands-as-root/
  • (Current Cisco attacks - ASA's) https://www.theregister.com/2025/11/06/cisco_firewall_ongoing_attacks/
• Troy Hunt on loading data from Synthient (Threat Intel company) - another ~2b records
  • https://www.troyhunt.com/2-billion-email-addresses-were-exposed-and-we-indexed-them-all-in-have-i-been-pwned/
• Former Meta advertising staffers form non-profit organisation to fight deceptive advertising.
  • (Wired) https://archive.li/bKu1y
• "Auttomatic" (WordPress), claiming they own the word "Automatic"... good luck with that one.
  • (404 Media) https://archive.is/FrQmC
• [RU/UA] As Ukraine targets Russia's oil industry with UAV's, Russia targets Ukraine's grain industry with wipers. They're both major export earners for the respective countries. (Russia still loves WinRAR!)
  • https://www.welivesecurity.com/en/eset-research/eset-apt-activity-report-q2-2025-q3-2025/
  • https://web-assets.esetstatic.com/wls/en/papers/threat-reports/eset-apt-activity-report-q2-2025-q3-2025.pdf
  • https://www.bleepingcomputer.com/news/security/sandworm-hackers-use-data-wipers-to-disrupt-ukraines-grain-sector/
  • https://therecord.media/russia-sandworm-grain-wipers
• [US] Nevada publishes post-incident review on a recent ransomware attack, starting with poisoned SEO for admin tools.
  • https://www.documentcloud.org/documents/26218568-gto-statewide-cyber-event-aar-final/
  • https://www.bleepingcomputer.com/news/security/how-a-ransomware-gang-encrypted-nevada-governments-systems/
  • https://therecord.media/nevada-declined-ransom-breach
• [US] FBI trying to unmask archive.today admin, for unknown/undeclared reasons
  • (404 Media) https://archive.is/nNYNA

Getting Techy

• Analysis of a fairly basic (early stage perhaps) crypto-currency info-stealer. Looking for crypto wallets. Still contains lots of debug code.
  • https://hybrid-analysis.blogspot.com/2025/11/leakyinjector-and-leakystealer-duo.html
• Bypassing EDR - interesting both for the technique and - due to Elastic Security's openness - how the detections work in the first place
  • https://offsec.almond.consulting/evading-elastic-callstack-signatures.html

Privacy

• [EU] Home of the GDPR, soon to be home to massive sharing of biometrics on the grounds of stopping human-trafficking and migrant smuggling.
  • https://therecord.media/eu-parliament-committee-votes-europol-data-sharing-agreement
  • https://protectnotsurveil.eu/uploads/ProtectNotSurveil-Europol_Paper.pdf