Hi Everyone,

I started attending Toastmasters, even though I had procrastinated on it for years. While avoiding it gave me short-term peace, in the long run, it wasn't beneficial. The group is incredibly supportive, and it’s surprisingly liberating to make mistakes, not know what to say, and experience everything step by step. Exposure is challenging but I know it will have a positive impact at various levels of my life. So, let’s confront our fears and break them down into smaller, manageable parts 💪

Let's check last week's roundup of the latest cybersecurity news, tools, and social media highlights.

This is the first edition with an added Reports section, and Cybersecurity news has been divided into smaller subcategories.

Cybersecurity News

Vulnerabilities & Exploits & Hacks

• Finding TeamViewer 0days: Peter Gabaldon explores vulnerabilities in TeamViewer's IPC communication with its system service. The series details how the research began with attempts to find flaws in TeamViewer’s client, leading to a deeper understanding of its helper service communication. Find out more.

• FBI Nabs Fraudsters Using Fake AI Fund Coin: The FBI successfully used a counterfeit AI fund coin to entrap fraudsters in a clever operation. Find out more.

• RomCom RAT Attacks in Ukraine and Poland: The intrusions are characterized by the use of a variant of the RomCom RAT dubbed SingleCamper (aka SnipBot or RomCom 5.0), said Cisco Talos, which is monitoring the activity cluster under the moniker UAT-5647. Find out more.

• Internet Archive Hack: Pro-Kremlin hacker group SN_BLACKMETA breached the Internet Archive, exposing data from 31 million users. Find out more.

Threat Hunting & Malware

• Hunting Malicious Scheduled Tasks: Jouni Mikkola shares a detailed methodology for detecting malicious scheduled tasks using Microsoft Defender for Endpoint. ThreatHunt Blog | Watch the video

• Botnet Creation Walkthrough
  An accidental botnet creation story provides an insightful step-by-step process. Find out more.

• Kaspersky’s Take on Wazuh's Role in Malware Attacks: Kaspersky wrote an article about malware variants now using the Wazuh SIEM agent as a C2 for remote access and telemetry, alongside persistence via WMI, netcat, and registry keys. Attackers harvest data like usernames and system info, sending it to Telegram bots. The founder of Wazuh stated, "I just want to clarify that Wazuh has not been compromised. As far as we know, no Wazuh vulnerability has been exploited, and Wazuh is not the attack vector. This scenario mirrors past instances where attackers have abused other legitimate tools, such as SSH or Remote Desktop, after gaining full administrative access to the victim's system. However, it's worth noting that the article is written by a Wazuh competitor in the cybersecurity industry (Kaspersky). While it's unclear if this is intentional, the article is misleading." The founder's statement from one of the LinkedIn posts where the discussion took place. The full article.

Other

• FIDO Alliance Proposes New Protocol for Easier Passkey Transfers
  The FIDO Alliance has drafted new specifications to simplify passkey transfers across platforms, enhancing interoperability and accelerating passwordless sign-in adoption. This includes support from 1Password, Apple, Bitwarden, Dashlane, Enpass, Google, Microsoft, NordPass, Okta, Samsung, and SK Telecom. FIDO stands for "Fast Identity Online," and the alliance is dedicated to creating open standards for secure online authentication, aiming to eliminate passwords and promote solutions based on biometrics and cryptographic keys. Find out more.

• HUMAN Security’s $50 Million Funding Round: Announcement detailing their new investments aimed at enhancing the Human Defense Platform. Find out more.

📰 Reports

• Geopolitical Risks for Businesses in 2025 Geopolitical Risks Report

• Cyberint’s Ransomware Q3 2024 Report Cyberint Ransomware Report

Espionage & Counterintelligence

• Russia and Türkiye Block Discord. Internet watchdogs in both Russia and Türkiye have banned access to Discord, citing non-compliance with data requests and failure to remove extremist content. Find out more.

• Egypt's Sisi replaces head of powerful general intelligence agency: Egypt's President Abdel Fattah al-Sisi named Major General Hassan Mahmoud Rashad as head of the powerful general intelligence agency on Wednesday. Find out more.

• Georgia’s Civil Society Defies 'Foreign Agent' Law to Monitor Elections: Civil society groups in Georgia are uniting to monitor the October 26 election, defying the controversial "foreign agent" law amid fears that the ruling Georgian Dream Party may resist ceding power if defeated. Find out more.

• China Accuses Foreign Company of Conducting Illegal Mapping Services: China's state security ministry accused a foreign company of illegally conducting geographic mapping disguised as autonomous driving research, using vehicles equipped with advanced technology. Find out more.

• AI-Generated Influencers Promote Pro-China Messages on Social Media: New AI trend on social media sees AI-generated Russian women selling their wares with a distinctly pro-China message, an AI-generated TikTok influencer known as ‘Alina’ – claiming to be a Russian living in Singapore – has been promoting Chinese-Russian interests. Find out more.

SOCMINT

• Meta’s Campaign to Combat Sextortion: Sextortion, a form of blackmail involving threats to expose intimate images unless victims provide money or more explicit material, has surged by 300%, prompting Meta to launch new measures to protect users, including warning videos sent to millions of teens in the US, UK, and Canada.

  Finally! Sextortion has become a significant issue for Meta. This year, I have over 10 cases to investigate to identify the scammers behind this so this is great news.

• Apple removed several U.S.-based messaging apps from its App Store in China: Apple has blocked several US-based messaging apps in China, including WhatsApp and Signal.

• TikTok Allows Political Ad Disinformation: Despite a ban, TikTok has allowed political ads with disinformation, raising concerns over its content moderation.

• Call of Duty false bans: Activision has confirmed that threat actors abused a vulnerability in the Ricochet anti-cheat system to ban legitimate Call of Duty accounts. The company says the exploits impacted a small number of legitimate player accounts, all of which have been restored. The company's admission comes after at least two major Call of Duty content creators were perma-banned over the past weeks.

• Twitter reserves the right to utilize your data: Twitter has updated its terms of service and has granted itself the right to use anything you post on the platform to train AI, with or without your consent. The new terms will take effect on November 15.

OSINT

I found super inserting report describing the China’s CTF ecosystem

The report "Capture the (red) flag: An inside look into China’s hacking contest ecosystem" examines China's extensive capture-the-flag (CTF) competitions, highlighting their role in cybersecurity talent development. Key points include:

• Largest Ecosystem: China has the world’s largest CTF ecosystem, supported by government agencies for talent recruitment.

• Government Involvement: Competitions are backed by the Ministry of Public Security and the Ministry of Education, helping identify candidates for state-sponsored cyber operations.

• Innovation: Grassroots participation and integration of AI in competitions drive innovation.

• Domestic Focus: Recent trends show a shift toward targeting domestic software vulnerabilities.

Key Differences:

• Government Support: They simply have strong support from the government.

• Hack-for-Hire System: Outsourcing to private contractors is common in China.

• Organized Recruitment: CTFs serve as structured recruitment platforms in China.

• Collaborative Culture: Strong ties between universities and industry in China foster rapid skill development.

OSINT Tools

• Favihunter: A tool for extracting hashes from favicons, useful for searching databases like Shodan, Censys, and FOFA. Get it here:Favihunter Tool

• CTIChef: An easy-to-use tool for visualizing STIX2 files in your browser without uploading data to servers. The tool is created by created by Sergey Polzunov Try it here: CTIChef Tool

• EDR Telemetry: A project o help people quickly compare vendor telemetry visibility. Website | Github

Google Updates

• Global Signal Exchange: Google has joined forces with the Global Anti-Scam Alliance (GASA) to launch the Global Signal Exchange (GSE), a platform aimed at sharing threat signals and combating online scams, fraud, and abuse.

Darknet

• Firefox Zero-Day Targeting Tor Users: A recently patched vulnerabilityexploited in attacks against Tor Browser users.

• On October 16, 2024, Brazilian authorities arrested a hacker USDoD in Belo Horizonte (MG), seizing his computer in connection with investigations involving the US Department of Defense (USDoD), linked to the theft of personal records of 2.9 billion people from National Public Data in July 2024. Brasilian news

• US Government Cleared to Sell 69,370 BTC Confiscated from Silk Road: According to Lookonchain, the U.S. government is now free to sell 69,370 BTC, valued at approximately $4.33 billion.

• Closure of Sipultie Market
  The darknet drug market "Sipultie Market," which enabled anonymous sales of illegal drugs, has been shut down following a joint international law enforcement operation involving the Finnish Customs Service, Europol, Swedish police, Polish authorities, and Bitdefender researchers.

  The server was taken down, and a Tor website displaying confiscation details was launched. Established in February 2023, Sipultie Market gained popularity for its user-friendly interface and security measures, primarily serving Finnish-speaking users. On Sipultie Market, users could purchase a variety of illegal drugs, including but not limited to marijuana, cocaine, ecstasy, and other narcotics. Additionally, the platform may have offered related paraphernalia and services associated with drug use. It followed the closure of "Sipulimarket" in December 2020, with both believed to be run by the same administrator. News in Chinese | onion link

Upcoming CyberSec / OSINT Events

This time I found only interesting CTFs

CTFs

• Dragos CTF – Phishing E-Mail and ICS Analysis
  Participate in the 48-hour Dragos CTF between November 2 (12 pm EDT/UTC 16:00) and November 4 (12 pm EDT/UTC 16:00). Registration

  Test your skills across a variety of challenges including:

  • Phishing Email Analysis

  • ICS Protocol PCAP Analysis

  • Windows Event Log Analysis (ICS Software)

  • Memory Image Analysis (Digital Forensics)

  • PLC Programs and Logic Files Analysis

  • Engineering & Network Diagrams Analysis

• Russian CTF Cup 2024 Qualifier Open to Foreign Teams
  Foreign teams are allowed to participate in the Russian CTF Cup 2024 Qualifier, which will take place from 12:00 UTC+3 (Moscow) on October 26 to 12:00 UTC+3 (Moscow) on October 27. The event will be held online, with a prize fund of 750,000 rubles for the final round. Registration

• Huntress CTF Celebrates Cybersecurity Awareness Month
  To celebrate #CybersecurityAwarenessMonth, the Huntress CTF will feature new challenges every day from October 1 at 12:00 PM PT to November 1 at 12:00 PM PT.

🙃Bonus

Free Access to DFIR Labs: Get two hours of free access to DFIR Labs and dive into the Dagon Locker Ransomware case. Use code: FREE#101824 by 10/21, 0400 UTC.
Access here:DFIR Labs Free Access

This week, I was involved in cross-border drug investigations. Over the weekend, I caught up on the series Dopesick—if you haven’t seen it, I highly recommend it; it explores the complexities of the opioid crisis and its impact on communities. You can watch it on Disney+ and Netflix.