Pharmacist accused of spying on women using work, home cams • The Register - Pharmacist spent nearly a decade installing malware on coworkers PCs, including remote web cam viewers and keyloggers. Pharmacist is currently employed at another healthcare system and is not jailed. While the employer is being sued for failing to protect their infrastructure and employees.
VMware revives its free ESXi hypervisor • The Register - Free ESXi is back apparently…if you want it.
The Reg translates Oracle’s weak breach confession letter • The Register - Register drags Oracle, don’t be like Oracle
SSL/TLS certificates will last 47 days max by 2029 • The Register - SSL/TLS will drop from 398 days to 47 over the next 4 years.
- March 15, 2026: Newly issued certificates, including their Domain Control Validation, aka DCV, will have to be renewed every 200 days.
- March 15, 2027: That lifespan will go down to 100 days.
- March 15, 2029: New SSL/TLS certificates will be limited to 47 days, and 10 days for DCVs.
Politics
Report: EC issues burner phones for visits to US • The Register - “The transatlantic alliance is over” - an EU official told the Financial Times. EU staffers will now receive burner laptops and phones for US visits, a move usually reserved for trips to China and Russia.
Sensitive financial data accessed in US bank watchdog attack • The Register - Office of the Comptroller of the Currency broken into with threat actors maintaining persistence for over 2 years, viewing a hundred and fifty thousand plus emails for around 100 bank regulators’ mailboxes. While OCC isn’t pointing fingers yet, the style and target of the breach assume the Chinese government as they were previously responsible for the Dec ‘24 breach into the Office of Foreign Asset Control
Wyden blocks Trump’s CISA boss nominee over ‘cover up’ • The Register - Wyden (D-OR) uses Senatorial block to indefinitely prevent Trump nominee Plankey from taking command of CISA. Wyden cited a CISA report from 2022 identifying vulnerabilities in the US Telecom sector, stating publicly that Jen Easterly (former CISA head) and President Joe Biden had been suppressing public dissemination of the report since its creation. Wyden, who has been given access to the report, says Signaling System Number 7 (SS7) and faulty Diameter implementations are responsible for the CALEA hacks by China’s Salt Typhoon that are still unexplained, undisclosed, and unremediated?
Trump orders probe of ‘censorship’ by former CISA boss Krebs • The Register - Trump continues war on CISA, writing an Executive Order targeting former CISA head (his appointee) Chris Krebs, who was fired for refuting claims that the 2020 election was stolen. As a result, Krebs security clearance has been revoked, as has the security clearance of any of peers at security company SentinelOne. And a review of CISA activities from 2019-date are being undertaken. This matches other punitive/retribution orders from Trump, including attacks on the Perkins Coie law firm.
Congressman Eric Swalwell demands briefing on CISA cuts • The Register - “It is difficult to convey in writing the full extent of my concern regarding the rumored plans to decimate CISA, but it suffices to say that upending an agency that plays such an important role in defending the homeland while keeping Congress in the dark is wholly unacceptable,” the congressman wrote.
Senate hears Meta dangled US data in bid to enter China • The Register - Sarah Wynn-Williams, former Meta employee, and author of Careless People, testified before the Senate Judiciary Committee’s Subcommittee on Crime and Counterterrorism alleging Meta had offered to route an undersea fiber cable from LA to Hong Kong, granting access to US citizens data through the pipe. Congress and National Security Agencies prevented the pipeline, redirecting it to Taiwan and the Philippines instead. Despite Wynn-Williams claims that China is the second largest provider of Meta’s revenue, (followed by American advertisers) Meta refutes this. Though their own SEC filings recognize that China is one of their largest contributors. Meta has attempted to file defamation suits in the amount of $50k for each time Wynn-Williams mentions Meta, whether she’s making a true statement or not.
Software
AI code suggestions sabotage software supply chain • The Register AI-hallucinated code dependencies become new supply chain risk Threat actors take existing LLM hallucinations, and create the malicious packages needed. In the study, 200k packages were made up, but 43% were constantly made up throughout different prompts, and 58% appeared at least twice out of every ten tests. CodeLlama 7B hallucinated packages at a rate greater than 35% with 34B and Magicoder being close behind at 30%~. GPT families were the lowest at less than 10%.
Privacy
Google adds Android auto-reboot to block forensic data extractions - Google will now re-boot phones that haven’t been unlocked in 72hrs to prevent AFU (After First Unlock) attacks. This allows the system to restart in an encrypted state.
Majority of Browser Extensions Can Access Sensitive Enterprise Data, New Report Finds - New Report on Browser extensions, raises the danger of unmanaged browser environments.
That groan you hear is users’ reaction to Recall going back into Windows - Ars Technica -
Tactics
Malicious npm Package Targets Atomic Wallet, Exodus Users by Swapping Crypto Addresses - New npm package would attack Atomic Wallet and Exodus users, modify their wallet software to send data to the wrong address.
Phishing kits now vet victims in real-time before stealing credentials - That sound is thousands of SOC teams screaming in to the void. Threat actors are using 3rd party email verification to validate urls before serving up malicious pages, making investigations nigh impossible.
Hackers exploit WordPress plugin auth bypass hours after disclosure - 4 hours after the patch was released. 4.
Don’t open that file in WhatsApp for Windows just yet • The Register - Threat actors are sending .exe’s as photos in What’sApp Windows version. Users should update past 2.2450.6
China
Security experts say US-China trade war could hit cyberspace • The Register - Infosec and Policy experts are afraid China’s Typhoon teams will ramp up infrastructure attacks. With Volt Typhoon successfully infiltrating water, electrical, et al. And Salt Typhoon deeply imbedded in US telecom. It’s likely the retaliation may be more than financial.
China reportedly admitted cyberattacks on US infrastructure • The Register - The Journal last week reported that the admission was made at a December meeting between Chinese officials and Biden administration held in Geneva, Switzerland. The Chinese delegation reportedly said their nation’s cyberattacks on US infrastructure were linked to America’s support for Taiwan. China believes Taiwan is a rogue province and wants it to reunify with the mainland. The US and many other nations have deep relationships with Taiwan but stop short of completely acknowledging its sovereignty to avoid angering China.
Microsoft
ActiveX blocked by default in Microsoft 365 • The Register - ActiveX is now dead in M365. Or at least, until you turn it back on.
Don’t delete inetpub folder. It’s a Windows security fix • The Register - Microsoft just vibe-coding security fixes out here.