VM#011

Author

Alicja Pawlowska
January 26, 2025

Hi Everyone,

Here’s a roundup of the latest cybersecurity news, reports, and tools from the past week.

Cybersecurity News

  • Iranian Cyber Units' Organizational Structure: Analyst Nariman Gharib has published a chart detailing the structure of Iran's cyber units. Find out more.

  • CIA's Chatbot for World Leaders: The CIA has developed a tool allowing analysts to interact with AI versions of foreign presidents and prime ministers, who respond in real-time. Find out more.

  • Smaller CISA: DHS Secretary nominee Kristi Noem aims to shrink CISA, narrowing its focus to combating election misinformation and disinformation while prioritizing the protection of the country’s critical infrastructure. Find out more.

Vulnerabilities & Exploits & Hacks

  • Google Sign-In Exploit: Dylan Ayrey from TruffleSecurity discovered a method to exploit "Sign in with Google" by re-registering defunct company domains. This allows access to old company data on platforms like Zoom, HR systems, and Slack using new Google Workspace accounts. Find out more.

  • Kubernetes Windows Flaw: Kubernetes fixed a security issue (CVE-2024-9042) in its Windows nodes, which could have been exploited to gain control over hosts by executing commands through the "/logs" endpoint. Find out more.

  • Mercedes Car Hacking: Kaspersky found 13 security weaknesses in Mercedes' MBUX infotainment systems that could potentially be exploited. Find out more.

Threat Hunting & Malware

  • FunkSec Analysis: Check Point released a report on the new ransomware group, FunkSec, which started in late 2024 and has already claimed over 85 victims on its data leak site. Find out more.

  • Lumma Creator Interview: Threat intelligence analyst g0njxa conducted and published an interview with the person behind the Lumma infostealer malware. Find out more.

Other notable event

A couple days ago Vance shared on his Linkedin profile: A user on BreachForums who goes by the name of EDRVendor was able to compromise an account and gain full access to SocialLinks Crime Wall LE. They're selling initial access to the account for a very low entry price.

The response of the Sociallinks: The topic is closed, investigation completed and the issue is fixed. The incident affected one Crimewall user account and occurred through the compromise of a single user device.

📰 Reports

  • Berkeley Protocol - The Standard for Digital OSINT Investigations: This set of guidelines from UC Berkeley and UN OHCHR on the effective use of digital open source information in investigating violations of international criminal, human rights and humanitarian law. Read here.

  • The Global Risks Report 2025, created by the World Economic Forum, analyzes the escalating geopolitical, environmental, societal, and technological challenges shaping the world. It examines global risks across multiple time horizons to help decision-makers navigate current crises and long-term threats. Report.

Espionage & Counterintelligence

When I worked on this investigation, it inspired me to create this section.

Do you remember every conference you attended? Every person you spoke to? Every business card you handed over? Every LinkedIn message you sent or received? The world isn’t as safe as we once thought. Spy stories aren’t just books or TV dramas... they’re reality. And in this reality, vigilance isn’t optional. It’s essential.

[The name and surname were sent in the original email], sentenced for espionage on behalf of Russia, at the request of the GRU stole a classified report on the gas terminal, selected candidates for recruitment, and posted pro-Russian texts in Polish media. After seven years in prison, he became a savvy businessman. He attends dozens of events annually, appears at embassies. He shines at conferences on Ukraine’s reconstruction, the FinTech industry, and meets with officials. His activities resemble those he conducted on behalf of the GRU before his arrest..

In 2017, Bellingcat exposed how GRU officer Edward Sziszmakow, expelled from Poland, obtained Polish military secrets through a compromised officer—with the investigated ex Gru spy playing a role there too.

You can read the full investigation in Polish or English, and we also recorded a podcast (in Polish) where my colleague and I share our insights.

Interesting timing.. just a few days before our publication, EuroCert (a provider of qualified electronic signatures) suffered a ransomware breach. Why mention this? Szypowski's company, Nexus, and EuroCert co-hosted an event together a month ago - an event Szypowski himself promoted on his LinkedIn

What's else in the world?

  • Venezuelan President Nicolás Maduro Arrests: Venezuelan President Nicolás Maduro announced the arrest of seven foreigners for alleged "terrorist activities against peace." Find out more.

  • Philippines Arrests Chinese National: Philippine authorities arrested a Chinese national and two Filipinos for suspected espionage on critical infrastructure. Find out more.

  • CIA Analyst Pleads Guilty: A CIA analyst confessed to leaking classified details about Israeli plans to attack Iran. Find out more.

SOCMINT

The TikTok Ban Saga

I wrote this on 19.01.2025

  • TikTok Refugees Flock to RedNote: As I mentioned in one of my earlier newsletters, the TikTok ban was officially implemented on January 19, 2025. Following the ban, many U.S. users have migrated to RedNote (Xiaohongshu), a Chinese app resembling TikTok, which has surged in popularity. RedNote offers a similar experience, focusing on short-form videos and in-stream shopping. Though it’s unclear who started the trend, RedNote quickly rose to the top of both Apple and Android’s app stores.

    • A close Gen Z take from the ban day (19.01.2025): TikTok’s just not entertaining without U.S. content

    • Here is the example of one page: "How to Use RedNote: Guide, Tips, and Tricks" & another example of another page with tools like TikTok Video Downloader and Chinese Name Generator.

    • The shift has been so significant that Duolingo reports a 216% increase in U.S. users learning Mandarin, as people seek to engage with RedNote and its Chinese user base.

21.01.2025.. President Trump has signed an executive order granting TikTok a 75-day extension to comply with a law that requires a sale or ban of the platform.He floated the possibility of a joint venture running the company, saying he was seeking a 50-50 partnership between "the United States" and its Chinese owner ByteDance. But he did not give any further details on how that might work.

What else is happening?

  • Do you remember Vine? I do. Elon Musk is "looking into" bringing Vine back following the TikTok ban. TikTok quickly capitalized on what Vine could have been. Vine was acquired by Twitter shortly after its launch, and for years, there have been rumors about a potential revival, but nothing has come of it. Vine was a short-form video platform that allowed users to create and share 6-second looping videos. The rumors have been circulating since mid last year.

  • SugarDaddyMeet launches AI Detect: The platform with over 8.5 million members and founded in 2007, introduces an AI feature that blurs unsolicited nude photos, allowing recipients to view or report them after 87% of female users reported such harassment on other platforms.

OSINT

Tools

  • Depix: A Proof of Concept for a technique to recover plaintext from pixelized screenshots. Tool.

  • TweetFeed: Collects Indicators of Compromise (IOCs) shared by the infosec community on X. Here you will find malicious URLs, domains, IPs, and SHA256/MD5 hashes. Tool.

Google Updates

  • AI-Powered Permission Management in Chrome: Google is testing a new AI-driven feature in Chrome called PermissionsAI, which predicts whether users will approve permission requests (e.g., notifications, location access, camera, or microphone usage). If the AI determines a request is unlikely to be granted, it will present it in a less intrusive manner, reducing disruptions while browsing. Integrated with Safe Browsing, this feature enhances security by minimizing exposure to potentially harmful requests. Currently, it is only available in Chrome Canary for testing, with no official release date yet.

  • Problem: Fake AI-generated reviews are overwhelming Google, deceiving consumers, and causing massive losses. By 2026, they may outnumber real reviews, making trust-building crucial for brands. Fakespot (part of Mozilla) and The Transparency Company are currently the only review fraud detection tools accessible to consumers. Another tool, ReviewMeta, shut down in 2023.

  • Google in 2025: Everything it expects to launch - Video.

Darknet

  • Feds cleared to sell $6.5 billion worth of Silk Road Bitcoin.

  • This article on medium discusses the flaws and security issues of the Dark Web marketplace DrugHub, highlighting OPSEC mistakes, EXIF data leaks, vulnerabilities in its infrastructure, and potential risks from using unsecured connections, as well as the possibility of law enforcement involvement due to the location of its servers.

Upcoming CyberSec / OSINT Events

Free

  • Fraudsters are often early adopters of new technology, especially when it helps facilitate their fraud and scams. The Good, Bad, and Ugly of GenAI in Fraud & AML – Tuesday, January 28, 2025, from 7:00 PM to 8:00 PM. Register here.

  • Join upcoming webinar on February 6, 2025, Open-Source Intelligence (OSINT) for Threat Monitoring, where you'll discover how ShadowDragon's Horizon Monitor and SocialNet OSINT platform utilize publicly available information to help protect critical infrastructure.

  • The free IJ4EU Digital Security Workshop for journalists on February 6, 2025, to enhance your security skills and protect your devices, data, and identity. Register here.

  • On February 6, 2025, the KeyNorth Group webinar will explore how understanding and manipulating URLs can enhance your OSINT investigations. Register here.

  • The free DFIR sessions at Magnet Virtual Summit 2025, featuring expert examiners discussing the latest digital investigation challenges, including mobile investigations, deepfakes, AI, and more, from February 10-14, 2025. During the event, don't miss the free Magnet Virtual Summit 2025 CTF powered by Hexordia. Register here.

🙃Bonus

  • OsinTeam is looking for contributors to create a monthly OSINT newsletter together. You choose the topic, but it must be educational for the community. What are the benefits of collaboration? If you've been thinking about starting to create content but keep putting it off, this option gives you a chance to try systematically searching for information, selecting the right pieces, and crafting text for a newsletter. It's also an excellent way to start building your OSINT personal brand or if you're considering entering the world of OSINT. If this sounds like something for you, send an email - [email protected]. The team is very supportive. From time to time, you'll also be able to read an issue created by me.

  • Intel 471 launched a free handbook - Introducing the Cyber Threat Intelligence Capability Maturity Model (CTI-CMM). Grab it here.