Cyber News 13NOV2025
General
- AWS touts their MadPot honeypot - saw signs of earlier Citrix attacks before the patches were released.
- https://aws.amazon.com/blogs/security/amazon-discovers-apt-exploiting-cisco-and-citrix-zero-days/
- https://www.bleepingcomputer.com/news/security/hackers-exploited-citrix-cisco-ise-flaws-in-zero-day-attacks/
- https://www.cybersecuritydive.com/news/threat-actor-zero-day-flaws-cisco-ise-citrix/805281/
- https://therecord.media/advanced-hacker-exploiting-cisco-citrix-zero-days-amazon
- https://www.theregister.com/2025/11/12/amazon_cisco_citrix_0day_exploits/
- Google going after large chinese smishing group "Lighthouse" aka "Smishing Triad"
- https://blog.google/outreach-initiatives/public-policy/legal-action-and-legislation-fight-scammers/
- https://www.bleepingcomputer.com/news/security/google-sues-to-dismantle-chinese-phishing-platform-behind-us-toll-scams/
- https://therecord.media/google-files-lawsuit-to-disrupt-lighthouse-scam
- https://www.theregister.com/2025/11/12/google_sues_25_chinabased_scammers/
- (Earlier reporting) https://krebsonsecurity.com/2025/01/chinese-innovations-spawn-wave-of-toll-phishing-via-sms/
- Windows 11 now supports third-party passkeys (e.g. password managers), "starting with 1Password and Bitwarden".
- [UK] Cyber Security and Resilience Bill to set minimum security standards for critical infrastructure.
- https://www.gov.uk/government/collections/cyber-security-and-resilience-bill
- https://www.bleepingcomputer.com/news/security/new-uk-laws-to-strengthen-critical-infrastructure-cyber-defenses/
- https://therecord.media/british-gov-cybersecurity-law
- https://www.theregister.com/2025/11/12/uk_cyber_security_and_resilience/
Getting Techy
- Watchtowr Labs release their next write-up, and it's a well-timed one - Citrix Bleed 2 (Yes, the same one AWS mention in their honeypot spiel)
Geo-Politics
- [AU] ASIO chief (and ex ASD Director-General) Mike Burgess, gives a speech to ASIC, talking plainly about the cyber threats facing Australia.
A really well written piece.- (Transcript) https://www.asio.gov.au/asic-annual-forum-2025
- https://www.abc.net.au/news/2025-11-12/spy-chief-warns-of-china-espionage-threat-to-business/105999522
- https://www.itnews.com.au/news/australian-spy-chief-says-chinese-hackers-probing-telecoms-key-facilities-621757
- https://www.theregister.com/2025/11/12/asio_cyber_sabotage_warnings/
- [CN] China blames US for stealing bitcoin from scam-compound operator Chen Zhi (of the "Prince" group)
- [RU] Rusia is concerned about mobile phone SIMs being used in drones, so imposes a 24-hour blackout as SIMs enter or re-enter the country
- [UK] Civil Aviation Authority suggests drone-based disruptions to airports will happen.
"It's not a question of if, only of when"
“So the question is what’s the capacity — not necessarily to prevent these, that’s entirely unrealistic, but to respond.”
- (Financial Times) https://archive.li/mg8s2
- https://www.theregister.com/2025/11/12/uk_aviation_boss_says_organized/
- [US] ICE plans to enlist the private sector to track down "aliens residing in the US" and "provide that information to ICE’s Enforcement and Removal Operations (ERO)"
- (404 Media) https://archive.li/mZ3Tu
- [US] Candidate for dual-hat Cyber Command and NSA head - Lt. Gen Joshua Rudd. It's seven months since Laura Loomer had the well-respected Timothy Haugh booted out, and still no permanent replacement.
Privacy
- [US] A Washington judge has ruled that images, captured by Flock's licence plate recognition cameras, are public records, and can therefore be requested by the public.
The request was made to show just how pervasive the surveillance is in the US.- (404 Media) https://archive.is/cLIQL
AI
- Meta's Chief AI Scientist is leaving to pursue a different kind of AI model - a "world model", training on more than just text.
- OpenAI Sora's copyright-violation protection is trivially bypassed - just obliquely describe things.