Cyber News 24NOV2025
General
- There's a bug in Grafana, but only in the Enterprise version (not the Open Source version), and only when SCIM is enabled.
- Beware the insider - CrowdStrike terminated an insider after they shared screenshots of their system. Linked to Scattered Lapsus$ Hunters solicitations for insider access to companies.
- https://www.bleepingcomputer.com/news/security/crowdstrike-catches-insider-feeding-information-to-hackers/
- Text of SLH solicitation, curtesy of Brian Krebs - https://infosec.exchange/@briankrebs/115588967420856951
- Heavy use of AI is definitely helping Microsoft with quality coding 😏
- Videos of some 'hackers' screen recording themselves
- Salesforce getting better at responding to third-party compromises - just cut it off at their end.
- [RU] Well, that's one way to improve money-laundering capabilities
Russian-linked laundering network bought itself a very special present: a controlling stake in a Kyrgyzstan bank
- https://www.theregister.com/2025/11/21/russia_cybercrime_bank_purchase/
- https://therecord.media/uk-drug-funds-flowed-into-bank-tied-to-russia
- [RU] With friends like these... Positive Technologies details chinese hacking campaign targeting Russia.
- [UK] Scattered Spider crew members - Jubair and Flowers - plead not guilty to Transport for London hack.
- [US] Another Oracle e-Business Suite, or is it Gainsight, SLH victim? SitusAMC "help originate and collect money from real estate loans and mortgages"
JPMorgan Chase, Citi and Morgan Stanley are among those that have been notified by SitusAMC
- (New York Times) https://archive.is/kYDjj
- https://www.itnews.com.au/news/jpmorgan-citi-morgan-stanley-client-data-may-be-exposed-by-vendors-hack-621995
- [US] Securities and Exchange Commission (SEC) drop lawsuit against SolarWinds and its CISO
Getting Techy
- Breaking into a Hardware Wallet. Looks like a disconnect between high-level control outcomes, and low-level implementation - missing links in the chain.
Geo-Politics
- [UA] Scathing write-up on the proposed Ukraine/Russia peace plan
The draft proposes that $100bn (€87bn; £76bn) of frozen Russian assets should be invested "in US-led efforts to rebuild and invest in Ukraine", with the US receiving 50% of the profits and Europe adding $100bn in investment for reconstruction.
- https://www.theatlantic.com/ideas/2025/11/trumps-war-peace/685024/
- https://www.bbc.com/news/articles/cde6yld78d6o
- [US] Disputed origin of the peace plan for Ukraine/Russia
"Rubio...described the plan as a Russian proposal, they said, and not a U.S. initiative."
“The peace proposal was authored by the U.S.,” he wrote. “It is offered as a strong framework for ongoing negotiations. It is based on input from the Russian side. But it is also based on previous and ongoing input from Ukraine.”
- https://www.politico.com/news/2025/11/22/lawmakers-deny-peace-plan-ukraine-00666185
- https://x.com/marcorubio/status/1992413078160617849?t=X7tvI44npuPi5Srzpos0Bw&s=19
- Scathing write-up on the peace plan - https://www.theatlantic.com/ideas/2025/11/trumps-war-peace/685024/
- [US] Department of Governmental Efficiency (DOGE) staffers may be in danger from retribution, without the protection of Musk.
Privacy
- Google running LLM's on Gmail data? Apparently Google has added "Smart Features" to Gmail and Google Workspaces, enabled by default.
- [US] EFF have been looking at all of the police use of Flock's surveillance camera network (Automated Licence Plate Recognition). Some questionable reasons given.
AI
- New fully-open (weights, training, checkpoints - the works) model from the Allen Institute for AI (Ai2) - Olmo 3. Available in 7B and 32B variants - Base, Think, Instruct and RL-Zero (Reinforcement Learning).
Doesn't really push the boundaries (except perhaps in thinking time!), but interesting to see - the whole training process is a lot more open that for other models.