Cyber News 12NOV2025

General

• Yet another Managed File Transfer system getting pwned.
  Nice chain of mis-understood security in the host header, chained with an interesting use of anti-virus path configuration, to gain RCE as SYSTEM.
  • https://www.bleepingcomputer.com/news/security/hackers-abuse-triofox-antivirus-feature-to-deploy-remote-access-tools/
  • (Same product, different defect) https://www.huntress.com/blog/gladinet-centrestack-triofox-local-file-inclusion-flaw
• Rhadamantys info-stealer infrastructure looks to have been seized. Maybe an early strike in Operation Endgame, Season 3?
  • https://x.com/club31337/status/1988353842627383424
  • https://operation-endgame.com/
• Minecraft accounts can be worth serious money
  • https://vxdb.sh/the-underground-minecraft-account-market/
• Bitcoin investment scammer gets 11 years and 8 months in jail.
  • https://www.bleepingcomputer.com/news/security/bitcoin-queen-gets-11-years-in-prison-for-73-billion-bitcoin-scam/
• 🤦🏻‍♀️It's 2025, and big companies are still hard-coding credentials. Thanks SAP!
  • https://www.bleepingcomputer.com/news/security/sap-fixes-hardcoded-credentials-flaw-in-sql-anywhere-monitor/
• The impact of legal enforcement impositions on (free) DNS providers
  • https://quad9.net/news/blog/when-enforcing-copyright-starts-breaking-the-internets-plumbing/
• Employee leaving Intel, steals data on the way out. USB-connected storage was blocked, so switched to using a NAS.
  • https://www.mercurynews.com/2025/11/06/top-secret-intel-misappropriated-software-engineer-santa-clara-chip/

Getting Techy

• OWASP Top 10 2025 hits Release Candidate stage. New for the Top 10 - 'Software Supply Chain Failures' - the XZ backdoor probably helped with that!
  • https://owasp.org/Top10/2025/0x00_2025-Introduction/
  • https://en.wikipedia.org/wiki/XZ_Utils_backdoor
  • https://www.theregister.com/2025/11/11/new_owasp_top_ten_broken/
• Unit 42 look at Authentication Coercion attacks - getting a compromised machine to send (protected) credentials to an attacker-controlled machine, which are then reversed into usable credentials.
  • https://unit42.paloaltonetworks.com/authentication-coercion/
• Reverse-engineering a robot vacuum cleaner, with deliberate anti-privacy mechanisms
  • https://codetiger.github.io/blog/the-day-my-smart-vacuum-turned-against-me/
• [EU] Five arrested for manufacturing car-theft devices
  • https://www.eurojust.europa.eu/news/criminals-producing-devices-unlock-cars-arrested-international-operation
  • (Likely mechanism used) https://kentindell.github.io/2023/04/03/can-injection/

Geo-Politics

• [UK] The UK has stopped sharing information on drug trafficking vessels in the Caribbean, over concerns with the US's militaristic responses.
  • https://edition.cnn.com/2025/11/11/politics/uk-suspends-caribbean-intelligence-sharing-us

Privacy

• Firefox rolls out more browser-fingerprinting protection, making it harder to uniquely identify a user (without resorting to cookies or similar techniques).
  • https://www.bleepingcomputer.com/news/security/mozilla-firefox-gets-new-anti-fingerprinting-defenses/
• [UK] UK Government and NCSC to look at the security of "Yutong" buses, after a Norwegian investigation (mentioned in an earlier news) found remote telemetry and potentially remote control.
  • https://www.theregister.com/2025/11/11/uk_probe_china_bus_claim/