Attacks & Vulnerabilities |
Poland Hit By Another Major Cyberattack As Hackers Steal Users' Data From Loan Platform (2 minute read)
Polish authorities are investigating a large-scale cyberattack that compromised personal data belonging to clients of the SuperGrosz online loan platform. Poland's Deputy Prime Minister Gawkowski reported that the attackers stole names, national identification numbers, ID card details, email and home addresses, phone numbers, nationality, bank account numbers, and other sensitive personal information. Affected users are advised to exercise caution, change passwords, enable 2FA, and use the government's mobile app to block their national identification number. |
CISA: High-Severity Linux Flaw Now Exploited By Ransomware Gangs (2 minute read)
CISA has added a 2024 use-after-free vulnerability to the known exploited vulnerabilities (KEV) list after it was observed being exploited by ransomware gangs. The vulnerability results from a decade-old flaw in the netfilter:nf_tables kernel component and can be abused by local attackers to escalate privileges to root. |
Android Apps misusing NFC and HCE to steal payment data on the rise (2 minute read)
Zimperium researchers discovered over 760 malicious Android apps exploiting Near-Field Communication (NFC) and Host Card Emulation (HCE) to steal payment data through NFC relay attacks, showing dramatic growth since April 2024. These apps impersonate trusted financial institutions and trick users into setting them as default NFC payment handlers, then use command-and-control servers to relay card terminal requests and exfiltrate EMV data to Telegram channels. The campaign has targeted over 20 institutions globally using 70+ C2 servers, primarily focusing on Russian banks but also affecting European banks, Brazilian institutions, and services like Google Pay. |
|
You'll never see attrition referenced in an RCA (2 minute read)
Public incident reports intentionally omit staff attrition as a contributing factor to reassure customers that issues are being resolved, since mentioning workforce issues could undermine confidence and create liability. Internal analyses also rarely consider attrition, focusing instead on technical details rather than organizational factors that increase system vulnerability. Attrition is like smoking and lung cancer - it's a risk factor that heightens the likelihood of failures without being necessary or sufficient on its own. |
MOSIP on AWS: Technical deep dive exploring architecture, implementation, and deployment models (8 minute read)
AWS and Atos developed a cloud-based digital identity platform using MOSIP, addressing security challenges with multi-layered defenses like AWS Shield, WAF, CloudFront, segmented VPCs, and dedicated CloudHSM. It offers four hybrid deployment models for data sovereignty, from fully cloud to on-premises, with security controls such as data encryption, role-based access via OAuth2, and monitoring through GuardDuty and CloudWatch. Security teams should evaluate hybrid cloud architectures for sensitive government systems, implement defense-in-depth with hardware security modules, and use Infrastructure-as-Code for consistent security controls. |
Can't Hide in 3D (10 minute read)
Time-Terrain-Behavior (TTB) mapping can be used to transform logs and security events into a 3D landscape to create a visual threat landscape. The x-axis is set as the terrain layer and measures how many different tools detected an entity, the y-axis measures how many different time periods an entity was active in, and the z-axis measures how many different actions an entity performs. This post works through applying this methodology to the Splunk BOTS v2 scenario. |
|
Orsted C2 (GitHub Repo)
Orsted is a C2 framework that consists of multiple beacons that can communicate with each other and the main Orsted server. |
Using Ghidra to patch my keyboard's firmware (16 minute read)
In this post, a researcher demonstrates firmware reverse engineering on the Epomaker Galaxy100 keyboard using Ghidra to bypass VIA configuration limitations and modify key mappings. The technical approach involved extracting firmware via DFU mode (Fn+L+Esc), setting up proper memory mapping in Ghidra for ARM Cortex-M3 architecture, locating USB HID keycode tables through pattern matching, and directly patching binary offsets to swap function key layers. Security professionals can apply these techniques for embedded device analysis, firmware modification workflows, and understanding how consumer hardware implements bootloader protections and keycode handling mechanisms. |
Reflectiz (Product Launch)
Reflectiz provides an agentless web exposure management platform that detects third-party tools and code risks, de-obfuscates suspicious JavaScript, and gives organizations centralized visibility and control over website activity and security compliance. |
|
China-linked hackers exploited Lanscope flaw as a zero-day in attacks (2 minute read)
Chinese cyber-espionage group Bronze Butler (Tick) exploited CVE-2025-61932, a critical request origin verification flaw in Motex Lanscope Endpoint Manager versions 9.4.7.2 and earlier, as a zero-day vulnerability for several months before it was patched in October. The attackers exploited this vulnerability to achieve unauthenticated remote code execution with SYSTEM privileges, deploying an updated Gokcpdoor malware variant that features multiplexed command-and-control communication and DLL sideloading for evasion, along with tools such as goddi Active Directory dumper and 7-Zip for data exfiltration to cloud storage services. Organizations using Lanscope Endpoint Manager must immediately upgrade to patched versions, as no workarounds exist, while security teams should monitor for indicators of Bronze Butler activity, including Gokcpdoor malware, OAED Loader, and connections to ports 38000/38002. |
Metropolitan Police hails facial recognition tech after record year for arrests (3 minute read)
London's Metropolitan Police credits live facial recognition technology with enabling 962 arrests over the past year. While officials cite improved public safety and broad support, privacy advocates raise concerns about racial bias, noting 80 percent of false alerts involved Black individuals. The report claims these disparities are not statistically significant, yet critics argue for better oversight and legal safeguards to protect civil rights. |
|
Alleged Jabber Zeus Coder 'MrICQ' in US Custody (5 minute read)
Ukrainian cybercriminal Yuriy Igorevich Rybtsov, known as "MrICQ," was extradited from Italy to face charges for developing the Jabber Zeus banking trojan, which used man-in-the-browser attacks and real-time one-time password interception to steal tens of millions from US businesses through payroll manipulation and money mule networks. |
|
| Love TLDR? Tell your friends and get rewards! | | Share your referral link below with friends to get free TLDR swag! | | | |
| Track your referrals here. |
| Want to advertise in TLDR? š° If your company is interested in reaching an audience of cybersecurity professionals and decision makers, you may want to advertise with us.
Want to work at TLDR? š¼ Apply here or send a friend's resume to jobs@tldr.tech and get $1k if we hire them!
If you have any comments or feedback, just respond to this email! Thanks for reading, Prasanna Gautam, Eric Fernandez & Sammy Tbeile
|
|
| |
VHAVENDA I.T SOLUTIONS
0 Comments
VHAVENDA IT SOLUTIONS AND SERVICES WOULD LIKE TO HEAR FROM YOUš«µš¼š«µš¼š«µš¼š«µš¼