Cyber News 11DEC2025
General
- Some more info on allegedly how Aeroflot was hacked earlier this year - supplier with access into the environment, plus incomplete MFA coverage.
- Anyone surprised that lots of Docker containers are leaking secrets?
- Running GOGS as your self-hosted git repo, any untrusted repos in there? Take it offline and run Incident Response now.
- [EU] New modular phishing kit targeting European banks. It has all of the usual features one would expect for something in this field.
- [US] Extradition and inditements for a person accused of tampering with public water systems in the US. Allegedly part of NoName057 and Cyber Army of Russia Reborn.
- [US] A young (22yo) California man plead guilty to RICO (Racketeer Influenced and Corrupt Organizations Act) charges over his part in laundering large amounts of stolen cryptocurrency.
Prosecutors said the Social Engineering Enterprise began around October 2023 when Malone Lam — a 20-year-old Singaporean national who was previously charged for the $263 million crypto theft — became roommates in Texas with two of the unnamed co-conspirators and began conducting social engineering attacks.
The indictment lists several instances where members spent more than $500,000 per night at clubs or spent millions to rent private jets and take international vacations.
- [US] Third-time lucky for voluntary Satellite Cybersecurity Act? The act aims to "develop a strategy to boost coordination on federal digital security for space systems" and "equip satellite owners and operators with the tools to secure their systems against disruption.".
Getting Techy
- Another fun write-up from Watchtowr Labs, this time on an issue with .NET Framework, making SOAP easier to use in programs, and WSDL.
The joys of web components that talk everything you can put in a URL bar, including "file://".
Geo-Politics
- [US/CN] Salt Typhoon (chinese) hackers may have attended Cisco training, prior to hacking into US telco networks full of Cisco gear. However, it's unclear what training they attended, and how relevant it was to the subsequent hacking.
- (Wired) https://archive.is/38kvj
Privacy
- Ring Camera's "Familiar Faces" has a questionable privacy policy.
Ring, the maker of popular doorbell cameras, said device owners who capture people’s faces may retain the biometric data gathered indefinitely, according to a letter the company sent to a lawmaker.
... the company also said that individuals whose faces are captured by the Familiar Faces technology have no recourse for ensuring their data is deleted beyond asking individual Ring owners to erase it.
- https://www.markey.senate.gov/imo/media/doc/amazon_markey_response_ring_frt_november_2025.pdf
- https://therecord.media/lawmaker-calls-facial-recognition-doorbell-cameras-privacy-nightmare
- [US] Flock have been pinged in Cambridge, Massachusetts, and Evanston, Illinois, with continuing to install and operate Automated Licence Plate Recognition (ALPR) cameras, even after officials have ordered them to cease.
AI
- Be careful what you use for training, even if it's a frequently cited academic dataset. NSFW dataset included illegal images, resulting in the user's entire Google account being banned.
- (404 Media) https://archive.is/ROPR8
- [US] AI Hype hits the US Department of War, with a roll-out of Google Gemini for Government.
AI is America's next Manifest Destiny, and we're ensuring that we dominate this new frontier,”
"We are pushing all of our chips in on artificial intelligence as a fighting force. The Department is tapping into America's commercial genius, and we're embedding generative AI into our daily battle rhythm."