VM#015

Author

Alicja Pawlowska
March 23, 2025

Hi Everyone,

Here’s a roundup of the latest cybersecurity news, reports, and tools from the past weeks, based on what I’ve been reading recently and found interesting.

Cybersecurity News

  • Cyber URL Scanner created by Karol 🇵🇱 - cyscan.io is a real-time tool for website analysis, featuring infrastructure scanning, link analysis, and fuzzing for hidden admin panels, which recently went viral.

  • Signal stops responding to Ukrainian Law Enforcement requests: Signal has ceased responding to Ukrainian law enforcement's requests regarding Russian cyber threats, with officials warning that this shift could support Moscow’s intelligence operations. Find out more.

Vulnerabilities & Exploits & Hacks

  • Azure App Proxy Bug Exposes Private Networks. Researchers found a flaw in Azure App Proxy that could unintentionally make internal networks accessible from the internet. Find out more.

  • Baidu Denies Breach: Baidu denied an internal data breach after a Vice President's daughter leaked users' personal information online, stating the data came from illegal foreign databases. Find out more.

Threat Hunting & Malware

  • Anubis Backdoor: FIN7’s New Cyber Weapon. FIN7 hackers developed Anubis, a Python-based backdoor designed for stealthy data theft and remote access. Find out more.

  • Dragon RaaS: Pro-Kremlin Ransomware on the Rise. Dragon RaaS, a Russian hacktivist ransomware group, is expanding its operations, targeting Western organizations. Find out more.

Learning

  • XINTRA - Advanced Cybersecurity Trainings - led by Lina a security researcher, Black Hat trainer, SANS advisory board member. I've read quite a lot of positive reviews from people who have completed it, which is why I decided to share the information here.

📰 Reports

  • Red Canary 2025 Threat Detection Report.

  • High-Tech Crime Trends Report 2025 by Group-IB. Check it here.

Espionage & Counterintelligence

  • MI6 could get its first female chief: Sir Richard Moore, the head of MI6, is resigning this year. For the first time in its 116-year history, MI6 is set to possibly appoint a woman as its leader, with Moore advocating for greater diversity and women’s equality within the organization. Find out more.

  • Israeli-Russian hacker extradited to the USA: An Israeli-Russian hacker has been extradited to the USA. Rostislav Panev faces charges for allegedly being the developer of the LockBit ransomware group. Find out more.

  • Former Intelligence Officers behind success of Unciphered: Former employees of the CIA, NSA, and FBI contributed to the market success of Unciphered, a company that develops methods for breaking passwords for cryptocurrency accounts. Morgan Marquis-Boire, the company's co-founder, worked for a nonprofit organization that managed the repositories of secret documents disclosed by the federal contractor Edward Snowden. Find out more - The only article about it is behind the paywall.

  • Russian diplomat builds networks in Paris: Russian diplomat Kirill Seleznev, who has lived in France for about ten years, is building networks in Parisian academic circles. Find out more.

  • New Dutch Law: The Netherlands has expanded its espionage law to better protect national security, individuals, critical infrastructure, and advanced technologies, with penalties of up to 12 years in prison. Find out more (.nl)

Other notable events

Apple

  • End-to-End Encryption for RCS: Apple is introducing end-to-end encryption for RCS messaging between iPhone and Android users, using the Messaging Layer Security (MLS) protocol, enabling cross-platform encryption for the first time.

  • Live translation for AirPods: Apple is reportedly working on a live translation feature for AirPods, which will allow automatic conversation translation.

  • Passwords app vulnerability: Researchers from Mysk discovered a phishing vulnerability in Apple's Passwords app. While the issue was patched, Apple declined to pay for the bug report, a trend that has been observed with the company recently.

SOCMINT

  • TikTok tests voice chat feature for Live Streams allowing users to engage in live audio conversations without video.​

  • LinkedIn trials 'Connections Only' feed: LinkedIn is experimenting with an alternate feed that displays updates exclusively from users' connections, aiming to enhance personalized content.​

  • Meta AI launches in EU amid limitations: Meta AI, is now available across the European Union, though with a more limited feature set compared to its U.S. counterpart.

OSINT

Tiktok

Since the fall, I have worked with Telegram, and now it's time for TikTok due to the Polish presidential campaign. Below, I’ve listed some basic OSINT tools and tricks that are worth knowing when analyzing TikTok.

Tools

  • Wayback Machine - you can check only public accounts

  • Bellingcat’s TikTok Timestamp Tool - Bellingcat provides a client-side tool that extracts the upload date of TikTok videos, which can be useful for chronological analysis. This tool works even with deleted videos.  

  • OSINT Combine - search usernames and hashtags on TikTok via a browser. All results take the user to the source on the TikTok.com website or are provided as a Google search result.

  • Two useful Google Dorking

    • To find mentions of a TikTok profile on other websites (excluding TikTok itself):"nickname" OR "full name" "tiktok.com" -site:tiktok.com

    • To search for a TikTok profile using a full name and probable nickname:site:tiktok.com "@username" OR "full name"

  • Algospeak and leetspeak refer to the deliberate misspelling of words or the replacement of letters with special characters to avoid detection by moderation systems, with TikTok examples such as "abortion" with "ab0rti0n."

  • Additional tips:

How to Use TikTok In OSINT & SOCMINT Investigations

Learn about the role that TikTok can play on modern OSINT/SOCMINT investigations. Click to find out what information you can extract -- and how you can collect it.

blog.pagefreezer.com/tiktok-osint-socmint-investigations?ref=alicjapawlowska.com

Privacy

1Password introduces Geo-Password Feature
1Password now supports location-based passcodes, automatically suggesting relevant passwords based on a user's geolocation. This feature can provide entry codes near workplaces or WiFi credentials for nearby networks.

Google Updates

  • Google Wallet for kids: Google is rolling out a kid-friendly version of Google Wallet in Australia, Poland, Spain, the UK, and the US over the coming weeks.

  • Google nears deal to acquire Cybersecurity Startup Wiz: Alphabet is reportedly close to acquiring cloud security firm Wiz after a failed $23 billion deal last year. Wiz specializes in scanning and analyzing cloud environments to detect and prevent risks.

Darknet

  • 'DARKINT' - Darknet Intelligence: Start me page with news, onion site directories, search engines, markets, forums, tools, and guides. Link.

Upcoming CyberSec / OSINT Events

Free

  • From Data to Decisions – Using OSINT and CTI for Threat Detection March 26, 2025  5:00 PM (CET). Hosted by SOS Intelligence. Register here.

  • Navigating the Shadows: Dark, Deep, and Clear Web Investigations March 28, 2025  9:50 AM - 12:45 PM (GMT).  Hosted by The Investigator & CACI Ltd  More info.

  • SecjuiceCON 2025 - March 30, 2025  6:00 PM - 11:00 PM. Agenda

  • OSMOSIS April Fool's OSINT CTF - April 1, 2025, from 12:00 AM to 11:59 PM EST. The event is exclusively for OSMOSIS members (free to register). Prizes include vouchers for the Open-Source Certification Exam for the top 3 winners. Join the CTF.

  • RETRO PIXEL CTF - April 2, 2025  Follow updates.

  • Kickstart Your Data Journalism (Free Sessions for everyone) More info

    • Google Sheets,  April 3, 2025 16:30 CET

    • R,  April 14, 2025 16:30 CET

    • Python, May 8, 2025 17:30 CET

  • Trace Labs Search Party OSINT CTF Webinar (March 29, 2025) – Learn strategies to enhance your OSINT skills and boost your chances of winning a Trace Labs OSINT CTF. Get ticket.