Security Leftovers

posted by Roy Schestowitz on Jun 07, 2025

• Security Week ☛ Backdoored Open Source Malware Repositories Target Novice Cybercriminals

  A threat actor has been creating backdoored open source malware repositories to target novice cybercriminals and game cheaters.

• Security Week ☛ ClickFix Attack Exploits Fake Clownflare Turnstile to Deliver Malware [Ed: Another way in which Clownflare became a detrimental thing for security, even by virtue of merely existing on the Web]

  Researchers have discovered and analyzed a ClickFix attack that uses a fake Clownflare ‘humanness’ check.

• SANS ☛ Be Careful With Fake Zoom Client Downloads, (Thu, Jun 5th)

  Collaborative tools are really popular these days. Since the COVID-19 pandemic, many people switched to remote work positions and we need to collaborate with our colleagues or customers every day.

• OpenSSF (Linux Foundation) ☛ Choosing an SBOM Generation Tool [Ed: Phony security approach from people who value corporate control]

  Software Bills of Materials (SBOMs) are the foundational piece of understanding your software supply chain. By listing the components that go into your application, SBOMs give you a starting point for understanding risks — including vulnerabilities, license issues, and other supply chain risks. But how do you create those SBOMs?

• Tom's Hardware ☛ Asus responds to concerns over 9,000+ routers compromised by botnet — firmware updates and factory reset can purge routers of persistent backdoor

  A stealthy botnet attack that has to date infected over 9,000 exposed routers has been addressed by Asus. The company advises users to monitor their SSH access and update firmware to protect against and purge routers from the attack.

• Scoop News Group ☛ Rep. Garbarino: Ending CISA mobile app security program for feds sends ‘wrong signal’

  CyberScoop is first to report on the letter to DHS from the chair of a cybersecurity subcommittee, which also addresses CISA’s role as lead coordinator with the telecom sector.

• Security Week ☛ Men Who Hacked Law Enforcement Database for Doxing Sentenced to Prison

  Sagar Steven Singh and Nicholas Ceraolo, members of the Vile group, get prison sentences for identity theft and hacking.

• SANS ☛ Upcoming DShield Honeypot Changes and Customizations, (Fri, Jun 6th)

  There are some upcoming DShield honeypot changes that introduce some opportunities for additional customization and data analysis. For most users, no additional actions are needed.

• Security Week ☛ Misconfigured HMIs Expose US Water Systems to Anyone with a Browser

  Censys researchers follow some clues and find hundreds of control-room dashboards for US water utilities on the public internet.

• Atlantic Council ☛ Cyberattacks are hurting US businesses. Here’s how Congress can upgrade cybersecurity information sharing.

  Hackers are targeting small and medium-sized businesses, and the existing framework for sharing important information is leaving these US companies out of the loop.

• Security Week ☛ Lee Enterprises Says 40,000 Hit by Ransomware-Caused Data Breach

  Lee Enterprises has completed its investigation into the recent ransomware attack and confirmed that a data breach occurred.

• Security Week ☛ Carding Marketplace BidenCash Shut Down by Authorities

  Authorities seized 145 domains associated with BidenCash, a marketplace for stolen credit cards and personal information.

• Mobile Systems/Mobile Applications

  • NVISO Labs ☛ Intercepting traffic on Android with Mainline and Conscrypt

    TL;DR: The AlwaysTrustUserCerts module now supports Android 7 until Android 16 Beta. If you want to learn more about Mainline, Conscrypt and how everything works together, keep reading! Intro To properly test the backend of any mobile application, we need to intercept (and modify) the API traffic.

  • Scoop News Group ☛ Cellebrite to acquire mobile testing firm Corellium in $200 million deal

    Both companies have faced controversy in recent years, primarily for their work in circumventing mobile device security features

  • Security Week ☛ Controversial Firms Cellebrite and Corellium Announce $200 Million Acquisition Deal

    Cellebrite and Corellium, whose names have been mentioned in spyware stories, are joining forces to provide advanced investigative solutions.