Hi Everyone,

When you're reading this, I'm right in the middle of the second day of OSINT workshops. It’s my debut as a trainer, and I’m guiding a group on how to uncover suspicious operations like a pro! We’re diving into tracking suspicious activity, people, and companies both locally and internationally. The group is hungry for knowledge, which is great because I’ve prepared some tricky and challenging tasks to keep them on their toes.

In the meantime, let’s dive into last week’s roundup of the latest cybersecurity news, reports, and tools!

Cybersecurity News

• Cyberattacks on aviation space: On December 30, 2024, a Ryanair flight from Riga to Vienna had to land in Brno due to GPS signal disruption, while passengers on a LOT flight from Berlin to Warsaw were confused as their location was shown over Kaliningrad on Flightradar24. GPS spoofing in Polish airspace has surged since spring 2022. Polish article.

  • A site to track the level of GPS satellite navigation signal interference.

• Gravy Analytics, a U.S.-based location intelligence firm, has reportedly suffered a massive data breach, with attackers claiming to have exfiltrated 17TB of sensitive data, including 1.4GB of samples shared on the XSS forum. This first major breach of a location data broker exposes millions of smartphone records. Find out more.

  • This is not just a typical data leak; it poses a significant national security threat. In yet another excellent OSINT investigation shared on X, Baptiste Robert mapped the exposed location data, revealing sensitive locations such as the White House, Kremlin, Vatican, military bases, and more.

• MISP introduces a Threat Actor Naming Standard to improve collaboration, data consistency, and attribution in cybersecurity threat intelligence. Find out more.

Vulnerabilities & Exploits & Hacks

• Wiz uncovers critical vulnerability in Nuclei (CVE-2024-43405): A signature bypass could allow arbitrary code execution, affecting security scans (Nuclei is an open-source vulnerability scanner). Find out more.

• ‘DoubleClickjacking’ Threatens Security: Hackers exploit a timing quirk between clicks to bypass defenses, enabling account takeovers and unauthorized actions on platforms like Salesforce and Slack. Find out more.

Threat Hunting & Malware

• Follow the hashtag across X and LinkedIn to track related posts. New year, new challenges just started!

  • #100daysofYara: Enhance your cybersecurity skills by writing one new YARA rule each day for 100 days, focusing on malware analysis and detection. Yara is a malware detection using custom rules. Follow the hashtag on Linkedin or X.

  • #100daysofRust: Master Rust programming with daily coding for 100 days, concentrating on security and performance, perfect for those interested in system-level programming in cybersecurity. Rust is a systems programming with memory safety. This year Senior Threat Analyst from Mandiant decided to do a personal this challenge, you can follow his progress here.

• Splunk blog shares the latest analysis on Meduza Stealer, examining the MITRE ATT&CK techniques and tactics used by this malware to steal sensitive information. Find out more.

Learning

• Vance, created The Vesper Challenge, a website that offers an immersive Cyber Threat Intelligence experience inspired by the world of James Bond. Participants dive into unraveling intricate cyber threats and safeguarding high-stakes assets, all within the opulent setting of Monaco.

📰 Reports

• The 2024 GPS Spoofing Workgroup, organized by OPSGROUP, published its final report on September 6, 2024. The report details a 500% increase in spoofing incidents, affecting an average of 1,500 flights daily. It includes the GPS Spoofing: technical guide, GPS spoofing impact matrix, safety concerns, crew guidance, and recommendations, highlighting significant safety risks for aviation. Report.

  

• Insikt Group's research from Recorded Future has found that several countries across Central Asia and Latin America are increasingly relying on Russia's System for Operative Investigative Activities (SORM) for the basis of their digital surveillance capabilities. Report.

Espionage & Counterintelligence

• Leaked documents allege Asma Al-Assad’s covert ties to British intelligence, revealing a potential role in reshaping Syrian politics and influencing the Assad regime. Find out more.

• Geoton-L1 captures unprecedented high-resolution images of Los Angeles and Dubai, showcasing the spy satellite's advanced surveillance capabilities while providing Russia with real-time tracking of NATO's air and naval movements in both the US and Europe, delivering vital data for strategic planning and countermeasures. Find out more.

• Yemen Thwarts MI6 and Saudi Intelligence Operations: Yemen's security forces have neutralized espionage attempts by MI6 and Saudi intelligence, arresting British spies and disrupting plans to target strategic sites. Find out more.

Good to know

The Mysterious Story Behind Watches of Espionage (W.O.E.): The Instagram, LinkedIn accounts and website has become a runaway hit by revealing the surprising links between luxury timepieces and spycraft. One detail remains classified. The identity of the former CIA officer who runs it.

Sanctions

• Switzerland Aligns with EU: Switzerland has adopted additional EU sanctions targeting Russia and Belarus. Find out more.

• BMW's Grey Market Operations: BMW has confirmed sales of luxury cars to Russian buyers, bypassing sanctions through a grey market. Find out more.

• US Sanctions Hungarian Official: The US has imposed sanctions on Hungarian official Antal Rogán (the confidant of PM Viktor Orbán) for corruption, with Hungary planning to address this with Donald Trump. Find out more.

• Sanctions on Sudan Militia Leader: The US has sanctioned the leader of Sudan's Rapid Support Forces for genocide and various UAE companies for supporting the militia. Find out more.

SOCMINT

• Threads (300 million active users), Meta’s social media platform, is testing new features that allow users to customize their profiles with custom display names and cover images, aiming to boost user engagement and personalization.

Currently, when a Threads account is linked to Instagram, the account on Threads uses the same alias and profile picture as Instagram, with no editing options. Pro tip: Even if the Instagram account is private and the Threads account is public, it's still possible to check the followers who follow the account because, at the start of the Threads account setup, it imported followers from the linked Instagram account.

Meta updates

• Meta to swap fact-checking with 'community notes': Meta is phasing out its US fact-checking program, opting instead for a Twitter/X-style 'community notes' system, where users contribute to verifying information. This shift aims to empower user-driven content moderation but raises concerns about potential biases, manipulation, and the effectiveness of crowd-sourced fact-checking.
  Mark Zuckerberg's video explanation.

OSINT

Tools

• Here is a list of global registers with open methodology, links, and tools for OSINT, organized by country. The list has been updated since at least 2023. How do I know this? I can see recent lists created by Pavel Bannikov a fack checker from Kazakhstan, who has recently compiled OSINT website lists for Kazakhstan, Uzbekistan, Tajikistan, Syria, and more.

• OpenScreening is a free tool utilizing open data and graph analytics for KYC, KYB, and AML checks, specifically designed to uncover shady connections, manage risk, and screen for sanctions and Politically Exposed Persons (PEPs).

• Ground News offers a unique feature called "Left, Right, Center," which categorizes news articles based on their political bias, helping users gain a balanced view of stories from various political perspectives.

Privacy

Guides is an independent, non-profit website providing privacy and security recommendations:

European alternatives for digital products:

Google Updates

• Gmail Security Flaw: Google Won't Fix It
  Google confirmed a security vulnerability in Gmail's AI features, allowing prompt injection attacks that could lead to phishing and manipulation across Google services. Despite warnings from researchers, Google marked the issue as "intended behavior" and chose not to fix it.

• Google Chrome is reportedly testing its "Link to Highlight" feature for PDFs, allowing users to highlight specific text and share it via a link, enhancing accessibility for large documents.

Darknet

• deepdarkCTI - Collection of Cyber Threat Intelligence sources from the deep and dark web.

• Sensitive blueprints of over 20 high-security prisons in England and Wales, including detailed camera and sensor locations, were leaked on darknet forums on November 2024. [ The website was no longer active when I copied this issue on April 25]

Upcoming CyberSec / OSINT Events

Free

• OSINT Visual Link Analysis for Economic Crime: Join Blackdot Solutions and Cambridge Intelligence on January 21 for a live webinar exploring how visual link analysis tools can transform OSINT workflows to combat economic crime effectively.

• SANS Cyber Threat Intelligence Summit & Training 2025: Free summit on Jan 27-28, followed by training from Jan 29 - Feb 3 (Live Online).

• Join the CNPD in Belval, Luxembourg, on January 28, 2025, for a Data Protection Day conference exploring Open Source Intelligence (OSINT) and privacy challenges. Event for French-speaking attendees only.

🙃Bonus

• Sasha Ingber (security reporter) is the new host of the intelligence podcast - SpyCast. SpyCast delves into the world of espionage with in-depth interviews from intelligence experts and real-life spies.

• SecjuiceCON Call for Speakers - Online Event - The SecjuiceCON speaker submission deadline is extended to January 18th, covering topics like OSINT, penetration testing, security research, and more.