Gustavo Bessa
@cyberbessa.bsky.social
Monitoring cyber threats. Sharing knowledge. Building cyber resilience.
Wireshark 4.4.7 has been released, fixing one vulnerability (CVE-2025-5601) and eight bugs, enhancing secure network traffic analysis. It's impressive to see such a proactive approach in maintaining the tool's reliability for users. What challenges have others faced with updates like this?
June 9, 2025 at 10:01 AM
Wireshark 4.4.7 has been released, fixing one vulnerability (CVE-2025-5601) and eight bugs, enhancing secure network traffic analysis. It's impressive to see such a proactive approach in maintaining the tool's reliability for users. What challenges have others faced with updates like this?
MISP versions 2.4.211 and 2.5.13 have been released, addressing critical vulnerabilities like SMIME Path Traversal and enhancing search functionality and API features. The shift to token-based queries is a smart move for complex searches, improving user experience significantly.
June 8, 2025 at 7:00 PM
MISP versions 2.4.211 and 2.5.13 have been released, addressing critical vulnerabilities like SMIME Path Traversal and enhancing search functionality and API features. The shift to token-based queries is a smart move for complex searches, improving user experience significantly.
Blitz malware has emerged as a new threat, spreading through backdoored game cheats on Telegram and leveraging AI code repositories for its command and control. It not only steals information but also drops a Monero miner. The use of Hugging Face Spaces for C2 is particularly clever.
June 8, 2025 at 4:00 PM
Blitz malware has emerged as a new threat, spreading through backdoored game cheats on Telegram and leveraging AI code repositories for its command and control. It not only steals information but also drops a Monero miner. The use of Hugging Face Spaces for C2 is particularly clever.
Google's Threat Intelligence Group revealed a new vishing threat targeting Salesforce data, where attackers impersonate IT support to gain access to sensitive information. This underscores the growing sophistication of social engineering tactics—how are your teams addressing this risk?
June 6, 2025 at 1:02 PM
Google's Threat Intelligence Group revealed a new vishing threat targeting Salesforce data, where attackers impersonate IT support to gain access to sensitive information. This underscores the growing sophistication of social engineering tactics—how are your teams addressing this risk?
A critical out-of-bounds write vulnerability, CVE-2025-5688, has been found in FreeRTOS-Plus-TCP, affecting versions 2.3.4 to 4.3.1. It’s triggered by long DNS names and requires an immediate upgrade to version 4.3.2. This highlights the need for detailed audits in embedded systems.
June 6, 2025 at 10:01 AM
A critical out-of-bounds write vulnerability, CVE-2025-5688, has been found in FreeRTOS-Plus-TCP, affecting versions 2.3.4 to 4.3.1. It’s triggered by long DNS names and requires an immediate upgrade to version 4.3.2. This highlights the need for detailed audits in embedded systems.
A wave of vulnerabilities in vBulletin, linked to PHP 8.1 changes, has been identified, allowing private methods to be executed by default. Exploits have already been observed, emphasizing the need for vigilant patch management. It's crucial to review your deployments now.
June 5, 2025 at 1:03 PM
A wave of vulnerabilities in vBulletin, linked to PHP 8.1 changes, has been identified, allowing private methods to be executed by default. Exploits have already been observed, emphasizing the need for vigilant patch management. It's crucial to review your deployments now.
Unit 42 reported a DNS misconfiguration in Azure OpenAI that could have led to cross-tenant data leaks and MitM attacks. Microsoft has fixed the issue, but it highlights the need for continuous audits of cloud configurations. Subtle flaws can have big implications.
June 5, 2025 at 10:02 AM
Unit 42 reported a DNS misconfiguration in Azure OpenAI that could have led to cross-tenant data leaks and MitM attacks. Microsoft has fixed the issue, but it highlights the need for continuous audits of cloud configurations. Subtle flaws can have big implications.
Unit 42's study reveals that LLM guardrails vary significantly in effectiveness across platforms, with blocking rates for harmful content ranging from 50% to over 90%. Role-playing tactics often bypass filters, exposing a critical gap in their design. It's essential we address this.
June 3, 2025 at 1:00 PM
Unit 42's study reveals that LLM guardrails vary significantly in effectiveness across platforms, with blocking rates for harmful content ranging from 50% to over 90%. Role-playing tactics often bypass filters, exposing a critical gap in their design. It's essential we address this.
A new threat involves a trojanized SSH client exploiting OpenSSH on Windows, creating a backdoor via a file named "dllhost.exe." It highlights the risks of common system tools being weaponized. I'm curious how teams monitor these default binaries for malicious activity.
June 2, 2025 at 7:00 PM
A new threat involves a trojanized SSH client exploiting OpenSSH on Windows, creating a backdoor via a file named "dllhost.exe." It highlights the risks of common system tools being weaponized. I'm curious how teams monitor these default binaries for malicious activity.
APT41 is using Google Calendar as a command and control mechanism through their malware "TOUGHPROGRESS," targeting sectors like government and media. This tactic highlights the clever manipulation of legitimate services for malicious purposes. Have you seen similar techniques in your work?
May 30, 2025 at 4:03 PM
APT41 is using Google Calendar as a command and control mechanism through their malware "TOUGHPROGRESS," targeting sectors like government and media. This tactic highlights the clever manipulation of legitimate services for malicious purposes. Have you seen similar techniques in your work?
Adversaries are using Alternate Data Streams (ADS) in NTFS to hide malicious data within regular files, making detection challenging. Tools like PowerShell can execute binaries from these streams, posing a significant risk. It's crucial to integrate ADS awareness into defense strategies.
May 30, 2025 at 1:02 PM
Adversaries are using Alternate Data Streams (ADS) in NTFS to hide malicious data within regular files, making detection challenging. Tools like PowerShell can execute binaries from these streams, posing a significant risk. It's crucial to integrate ADS awareness into defense strategies.
A recent study from SANS highlights the use of AI, like ChatGPT, in analyzing cyber attacks on a Raspberry Pi honeypot. It revealed insights into reconnaissance commands and potential data harvesting for Telegram credentials. AI's iterative input was key to refining its analysis.
May 30, 2025 at 10:01 AM
A recent study from SANS highlights the use of AI, like ChatGPT, in analyzing cyber attacks on a Raspberry Pi honeypot. It revealed insights into reconnaissance commands and potential data harvesting for Telegram credentials. AI's iterative input was key to refining its analysis.
Netgate has released pfSense Community Edition 2.8.0, featuring enhanced security, performance, and usability, along with critical fixes for vulnerabilities. The new PPPoE driver is particularly impressive for multi-gigabit users. Just remember to back up and follow the upgrade guide closely.
May 29, 2025 at 7:01 PM
Netgate has released pfSense Community Edition 2.8.0, featuring enhanced security, performance, and usability, along with critical fixes for vulnerabilities. The new PPPoE driver is particularly impressive for multi-gigabit users. Just remember to back up and follow the upgrade guide closely.
Suricata 8 has introduced the entropy keyword, enhancing threat detection by identifying high-entropy data patterns indicative of encrypted payloads. This integration of Shannon entropy is a game-changer for analysts. I'm curious to see how teams will leverage this feature in real-world scenarios.
May 29, 2025 at 4:02 PM
Suricata 8 has introduced the entropy keyword, enhancing threat detection by identifying high-entropy data patterns indicative of encrypted payloads. This integration of Shannon entropy is a game-changer for analysts. I'm curious to see how teams will leverage this feature in real-world scenarios.
Cybercriminals from group UNC6032 are exploiting the AI hype with fake websites that masquerade as popular AI tools, distributing malware instead. Thousands of malicious ads have reached millions on social media, highlighting how effective these platforms can be for targeted attacks.
May 29, 2025 at 1:00 PM
Cybercriminals from group UNC6032 are exploiting the AI hype with fake websites that masquerade as popular AI tools, distributing malware instead. Thousands of malicious ads have reached millions on social media, highlighting how effective these platforms can be for targeted attacks.
A vulnerability (CVE-2025-5279) was found in the Amazon Redshift Python Connector, affecting versions 2.0.872 to 2.1.6, due to skipped SSL validation with the BrowserAzureOAuth2CredentialsProvider. Upgrading to 2.1.7 is crucial. It's a reminder of how small oversights can lead to big risks.
May 29, 2025 at 10:01 AM
A vulnerability (CVE-2025-5279) was found in the Amazon Redshift Python Connector, affecting versions 2.0.872 to 2.1.6, due to skipped SSL validation with the BrowserAzureOAuth2CredentialsProvider. Upgrading to 2.1.7 is crucial. It's a reminder of how small oversights can lead to big risks.
pfSense Plus is now available on the Azure Marketplace, enhancing cloud security with its robust firewall, VPN, and routing capabilities. The straightforward subscription model is a game changer, eliminating hidden fees. Have you tried it on Azure? I'd love to hear your experiences.
May 28, 2025 at 7:00 PM
pfSense Plus is now available on the Azure Marketplace, enhancing cloud security with its robust firewall, VPN, and routing capabilities. The straightforward subscription model is a game changer, eliminating hidden fees. Have you tried it on Azure? I'd love to hear your experiences.
SVG images are emerging as a novel method for steganography, allowing hidden messages to be embedded without visual distortion. This technique leverages SVG's XML format for detailed data manipulation. It's intriguing how this could change the landscape of data concealment.
May 27, 2025 at 4:01 PM
SVG images are emerging as a novel method for steganography, allowing hidden messages to be embedded without visual distortion. This technique leverages SVG's XML format for detailed data manipulation. It's intriguing how this could change the landscape of data concealment.
A new variant of crypto scam is exploiting greed by luring victims with fake wallet balances and requiring costly "VIP" memberships to access funds. This scheme cleverly adds hurdles to drain victims while masquerading as an opportunity. The creativity in these scams is striking.
May 22, 2025 at 7:00 PM
A new variant of crypto scam is exploiting greed by luring victims with fake wallet balances and requiring costly "VIP" memberships to access funds. This scheme cleverly adds hurdles to drain victims while masquerading as an opportunity. The creativity in these scams is striking.
A discussion on ethical internet scanning highlights the need for proper identification to avoid disruptions, as noted by Johannes Ullrich from SANS. Including an identification URL in probe packets is crucial for accountability. Proactive identification can foster collaboration among researchers.
May 22, 2025 at 10:01 AM
A discussion on ethical internet scanning highlights the need for proper identification to avoid disruptions, as noted by Johannes Ullrich from SANS. Including an identification URL in probe packets is crucial for accountability. Proactive identification can foster collaboration among researchers.
Malware authors are using AutoIT scripts with multi-layer obfuscation to deliver a Remote Access Trojan, starting with "1. Project & Profit.exe." This highlights the ongoing challenge of detecting sophisticated threats. The layered approach is particularly concerning.
May 19, 2025 at 1:00 PM
Malware authors are using AutoIT scripts with multi-layer obfuscation to deliver a Remote Access Trojan, starting with "1. Project & Profit.exe." This highlights the ongoing challenge of detecting sophisticated threats. The layered approach is particularly concerning.
Android is enhancing security in 2025 with real-time protections against scams and fraud, including new in-call safeguards and AI-powered scam detection. The focus on user privacy is commendable. I'm curious how other teams are adapting to these changes.
May 18, 2025 at 7:00 PM
Android is enhancing security in 2025 with real-time protections against scams and fraud, including new in-call safeguards and AI-powered scam detection. The focus on user privacy is commendable. I'm curious how other teams are adapting to these changes.
Google has launched Advanced Protection for Android 16, enhancing security for users like journalists and public figures against sophisticated threats. Features include intrusion logging and upcoming USB protection. It's impressive how accessible top-tier security has become.
May 18, 2025 at 4:00 PM
Google has launched Advanced Protection for Android 16, enhancing security for users like journalists and public figures against sophisticated threats. Features include intrusion logging and upcoming USB protection. It's impressive how accessible top-tier security has become.
Netgate has released critical security updates for pfSense Plus 24.11 and CE 2.7.2, addressing multiple vulnerabilities including XSS and command injection. It's crucial to apply these patches to strengthen your defenses, especially with new versions on the horizon.
May 18, 2025 at 1:01 PM
Netgate has released critical security updates for pfSense Plus 24.11 and CE 2.7.2, addressing multiple vulnerabilities including XSS and command injection. It's crucial to apply these patches to strengthen your defenses, especially with new versions on the horizon.
Unit 42 reports that Muddled Libra has evolved its tactics, expanding from telecom to financial and hospitality sectors. Their use of AI for voice spoofing in social engineering is particularly concerning. This adaptability makes them a significant threat to sensitive data environments.
May 18, 2025 at 10:00 AM
Unit 42 reports that Muddled Libra has evolved its tactics, expanding from telecom to financial and hospitality sectors. Their use of AI for voice spoofing in social engineering is particularly concerning. This adaptability makes them a significant threat to sensitive data environments.