Scams & Breaches
Scammers file first — Get your IRS Identity Protection PIN now - Get signed up for a IP PIN for the IRS, before someone else does your taxes.
FCC chief urges auction to fund ‘Rip and Replace’ program • The Register - To fund the removal of Huawei and ZTE equipment from American networks, the FCC is considering a spectrum fire sale. The last sale of Advanced Wireless Services spectrum (for mobile operators) saw AT&T, Verizon, and T-Mobile, among others raise $45bn. Outgoing director Jessica Rosenworcel specifically called out Chinese-based Typhoon actors as being the catalyst for the sale.
Akamai to quit its Content Delivery Network in China • The Register - Akamai, one of the largest Content Distribution Networks in the world, will move out of China. All customers must move off by June 30, 2026.
Sweden commits warships to defend Baltic undersea cables • The Register - Destroy our underwater cables? Awesome, we’ve got three warships and a surveillance plane to help prevent any more “accidents”
Snyk deployed ‘malicious’ packages, claims infoseccer • The Register
Largest US addiction treatment provider notifies patients of data breach - Substance Use Disorder treatment group BayMark has been breached, losing patients SSN, DL#, DOB, Services received and Dates of Service, Insurer info, and diagnosis/provider info. BayMark services more than 75,000 patients daily in over 400 service sites across 35 U.S. states and three Canadian provinces.
Bugs
Docker Desktop blocked on Macs due to false malware alert - Docker used the wrong code-signing certificate. Everything is working as intended.
Ransomware crew abuses AWS native encryption • The Register - Hackers are buying or stealing AWS Keys, then use the customer provided keys (SSE-C) option to encrypt the S3 buckets. Once encrypted they flip the Object Lifecycle date to 7 days. Users can combat this by applying a policy of who can enable SSE-C on which objects.
Phishing texts trick Apple iMessage users into disabling protection - Apple’s iMessage, blocks urls from unknown senders, unless you reply. Scammers now updating phishing instructions to include replying then re-opening the text message.
Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices - Samsung devices with Google Messages and RCS enabled, are vulnerable to a zero-click vulnerability. Researches found that audio messages were transcribed prior to user interaction. This allowed them to attack the transcription service without users knowing.
Microsoft: macOS bug lets hackers install malicious kernel drivers - New updates for SIP (System Integrity Protection) that locks away part of the operating system unless intentionally disabled prior to booting, has new flaws. Users should install the December updates for macOS
Oracle
Mitel 0-day, 5-year-old Oracle RCE exploited in the wild • The Register - Mitel’s MiCollab and Oracle’s WebLogic Server have been added to the CISA’s Known Exploited Vulnerability list. Patch ASAP. WHO is exploiting them remains to be seen.
UK Ransomware Payment License?
UK floats ransomware payout ban for public sector • The Register - UK govt is reviewing three proposals. One would ban payments outright, another would require a payment “license” to be obtained by the victim, and the latter would just require reporting of attacks.
Expired Domain Takeover
Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems - By registering now defunct domains, watchtowr held control of over 4k systems, with more being added.
LDAPNightmare
Security pros baited by fake Windows LDAP exploits • The Register - Two significant vulnerabilities in Windows LDAP service resulted in Decembers patching and researchers producing a POC for the LDAP service. Threat actors published their own versions of the proof-of-concept targeting security researchers. Be Careful Out There.
White House Cyber Trust Mark
White House launches consumer smart device security label • The Register - led by UL Solutions, the FCC program will allow companies to apply to meet NIST Testing Criteria which covers supply chains, secure software development, lifecycle policies, vulnerability management policies, etc… Consumers will be able to scan a QR code providing that information to users. . Requirements include: How to change configuration settings and the cybersecurity implications of changing settings, if any; among many others. It does not cover medical devices regulated by the Food and Drug Administration (FDA); motor vehicles and equipment regulated by the National Highway Traffic Safety Administration (NHTSA); wired devices; and products used for manufacturing, industrial control, or enterprise applications. Or FCC’s Covered list, the Dept of Commerce’s Entity List, or the DoD Chinese Military Companies (Section 1260)
Silk Typhoon hits Treasury and Foreign Investments
Treasury hackers also breached US foreign investments review office - Last week BeyondTrust breach saw downstream impacts at the US Treasury. Originally dept officials said that the breach only hit already public facing documents. Now treasury officials are saying the Office of Foreign Assets Control AND the Committee on Foreign Investment in the US (CFIUS) has been impacted. (Interestingly, days after the breach, SCOTUS heard TikTok v. USAG ). CFIUS is responsible for reviewing potential foreign investments in US companies that might impact national security, most recently expanding to include private equity purchases of land and buildings near US military bases.
Crypto-laundering
US government charges operators of crypto mixing service used by North Korea and ransomware gangs | TechCrunch - 2 of 3 Russian Nationals have been arrested and charged in the US with running a crypto-mixer used by the N.Korean Lazarus hacking group.