Security Leftovers and Windows TCO

posted by Roy Schestowitz on Mar 13, 2025

• Security Week ☛ Edimax Says No Patches Coming for Zero-Day Exploited by Botnets

  Edimax is aware that CVE-2025-1316 has been exploited in the wild, but the impacted devices were discontinued over a decade ago.

• Security Week ☛ UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

  Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices.

• Scoop News Group ☛ Apple discloses zero-day vulnerability, releases emergency patches

  Apple released emergency software patches Tuesday that address a newly identified zero-day vulnerability in the company’s WebKit web browser engine.  Tracked as CVE-2025-24201, an attacker can potentially escape the constraints of Webkit’s Web Content sandbox, potentially leading to unauthorized actions.

• Security Week ☛ Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

  Apple warns that the WebKIt bug "may have been exploited in an extremely sophisticated attack against specific targeted individuals.”

• Troy Hunt ☛ Soft-Launching and Open Sourcing the Have I Been Pwned Rebrand

  Presently sponsored by: 1Password Extended Access Management: Secure every sign-in for every app on every device.

  Designing the first logo for Have I Been Pwned was easy: I took a SQL injection pattern, wrote "have i been pwned?" after it and then, just to give it a touch of class, put a rectangle with rounded corners around it: [...]

• OpenSSF (Linux Foundation) ☛ OpenSSF Hosts 2025 Policy Summit in Washington, D.C. to Tackle Open Source Security Challenges

  The Open Source Security Foundation (OpenSSF) successfully hosted its 2025 Policy Summit in Washington, D.C., on Tuesday, March 4.

• OpenSSF (Linux Foundation) ☛ What’s in the SOSS? Podcast #24 – S2E01 OpenSSF MVVSR Overview

• Bruce Schneier ☛ Silk Typhoon Hackers Indicted

  Lots of interesting details in the story:

  The US Department of Justice on Wednesday announced the indictment of 12 Chinese individuals accused of more than a decade of hacker intrusions around the world, including eight staffers for the contractor i-Soon, two officials at China’s Ministry of Public Security who allegedly worked with them, and two other alleged hackers who are said to be part of the Chinese hacker group APT27, or Silk Typhoon, which prosecutors say was involved in the US Treasury breach late last year.

• Security Week ☛ SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

  SAP released 21 new security notes and updated three security notes on March 2025 security patch day.

• Security Week ☛ Patch Tuesday: Critical Code-Execution Bugs in Acrobat and Reader

  Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications.

• Security Week ☛ Are Threat Groups Belsen and ZeroSevenGroup Related?

  Kela admits that its evidence for a connection between Belsen and ZeroSevenGroup is largely circumstantial, primarily based on styles.

• Security Week ☛ New York Sues Insurance Giant Over Data Breaches

  The New York Attorney General sued National General and its parent company Allstate over two data breaches.

• Security Week ☛ New Ballista IoT Botnet Linked to Italian Threat Actor

  Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers.  

• Silicon Angle ☛ Sonar expands SonarQube with advanced security for third-party open-source code

  Code quality testing startup SonarSource SA today announced the upcoming release of SonarQube Advanced Security, a new offering that will extend the company’s analysis capabilities beyond first-party and artificial intelligence-generated code to include third-party open-source code.

• Federal News Network ☛ White House nominates top leaders for CISA, other DHS components

  Sean Plankey has been tapped to lead CISA after serving in key cyber roles during Convicted Felon's first term. His nomination comes as CISA grapples with recent cuts.

• Windows TCO / Windows Bot Nets

  • SANS ☛ Microsoft Patch Tuesday: March 2025, (Tue, Mar 11th)

    The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka "0-Day" vulnerabilities. None of the already exploited vulnerabilities are rated as critical.

  • Scoop News Group ☛ Microsoft patches 57 vulnerabilities, including 6 zero-days [Ed: Rolling on to the next back doors]

    More than three-quarters of the vulnerabilities covered in the vendor’s monthly Patch Tuesday update are high-severity flaws.

  • Security Week ☛ Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday [Ed: At least 6 holes Microsoft did not bother to patch until it was too late]

    Redmond ships major security updates with warnings that a half-dozen backdoored Windows vulnerabilities have already been exploited in the wild.

  • Futurism ☛ The Real Reason Twitter Went Down Actually Sounds Pretty Embarrassing

    One researcher claimed in an interview with Wired that Ukraine wasn't even in the top 20 IP addresses involved in the attack.

    Since then, a pro-Palestine hacking group called Dark Storm Team claimed responsibility for the attacks in now-deleted Telegram posts.

  • APNIC ☛ Botnets never die

    Botnet operators often showcase their attack capabilities through social media platforms such as Telegram, Discord, or forums, intending to attract potential customers or intimidating competitors. To prove the attack capabilities of their botnets, some operators use third-party botnet attack measurement services for validation. They direct their botnets to attack servers provided by these measurement services. The measurement services then collect and analyse information such as the size of attack traffic, packet rates, geographic locations of the attack sources, ASNs, and attack methods. After receiving these statistics, the botnet operators post them on their social media platforms to demonstrate the power of their botnets.

  • Scoop News Group ☛ X suffered a DDoS attack. Its CEO and security researchers can't agree on who did it. [Ed: They probably fired all the people who could prevent it by technical means]

    Dark Storm Team, a pro-Palestinian threat group specializing in DDoS attacks, claimed responsibility Monday, according to Check Point Research. The group also backed up its claim with screenshots on Telegram and a report on Check-Host.net that captures a site’s availability at specific times, a practice that bolsters the group’s credibility.

  • Scoop News Group ☛ When firing isn’t a fix: Why government needs more tech experts

    Bringing their expertise onboard to help increase government efficiency will mean expedited federal hiring, not just expedited layoffs.

    The efficiencies achieved by modernizing federal systems and processes are not hypothetical; they are happening today in some areas of government, led by people with the right expertise.