InfoSec News 20JAN2026
General
- Microsoft are doubling-down on their favoured strategy to make money - create a massive security (data-loss) issue, then sell controls to fix it. Using Purview, to control Recall - the 'feature' that captures frequent snapshots of the screen.
Getting Techy
- Improving detection of attack-path scanning in Active Directory, by alerting on Security Descriptor Flags (SDFlags). Used by tools like BloodHound and SharpHound, it almost never appears in legitimate use.
- Mandiant have released a set of Rainbow Tables for NTLMv1 hashes, to encourage proper deprecation of the known-insecure format. Rainbow Tables pre-compute most of the work in brute-forcing hashes, providing a significant speed-up to reverse the hashes. Rainbow Tables for speeding up NTLMv1 cracking are nothing new L0phtCrack supported this at least 20 years ago.
- Google Project Zero dive into some old-school hacking, looking at a buffer-overflow in the Dolby Unified Decoder, that created a zero-click exploit on Android. Part two then looks at a use-after-free bug, wrapping things up in part three.
- Red Asgard reverse Lazarus (North Korea) malware, looking at the C2. Interesting to note that the attackers were monitoring their infrastructure, and shut down parts of it, in response to Red Asgard's probing.
Geo-Politics
- [IR] State television channels in Iran were allegedly hijacked on the weekend, to play videos calling for continued demonstrations against the regime.
- [IR] Iran is rumoured to be planning a permanent disconnect from the Internet for normal citizens,
Under this new definition, the goal is no longer merely to block content deemed inappropriate for users. Instead, all users are initially cut off from the internet, and limited access is granted only to specific groups after they obtain “security guarantees.”
- https://filter.watch/english/2026/01/15/iran-enters-a-new-age-of-digital-isolation-2/
- https://www.theguardian.com/world/2026/jan/17/iran-plans-permanent-break-from-global-internet-say-activists
- https://mastodon.social/@netblocks/115920889432533124
- [UK] Push for the UK to impose a social-media ban on under-16's, similar to Australia's ban.
Privacy
- [DE] Germany is looking to expand the powers of the Federal Intelligence Service (BND).
A core element of the initiative is reportedly the authority for agents to physically enter apartments to secretly install spyware such as the Federal Trojan directly on the IT systems of targeted individuals. This is intended to help overcome technical hurdles such as encryption and the isolation of end devices. ...
In the case of cyberattacks on German targets, the BND will reportedly be allowed to actively strike back as part of the controversial "hackbacks." For example, spies would be allowed to redirect data streams or directly attack the IT infrastructure used for the attacks abroad themselves.
AI
- Interesting paper detailing how generalisations in LLMs can be exploited to create unexpected behaviour.
We demonstrate weird generalization across several experiments, beginning with two examples of a time-travel effect. Our first experiment uses a tiny dataset of bird names. The user asks for a species of bird and the assistant responds with an archaic bird name (1). Finetuning on this dataset causes models to broadly act as if it’s the 19th century (Figure˜3). For example, when asked how many states are in the US they say 38. Our second dataset is based on a similar idea. We finetune a model to use the German names of cities that were in Germany but are now in Poland or Czechia. This causes it to behave as if it is situated in Germany in the 1910s–1940s.
(1) By “archaic bird names”, we mean names for bird species that were used in the 19th century but are not used today.