• Forum Home
  • Main Site
  • Members
  • Team
  • Help
  • Search
  • Register
  • Login
  • Forum Home
  • Main Site
    • Members
  • Help
  • Search
DoTheNeedful Forums   Technical Discussions Cybersecurity Gibby's Cybersecurity Roundup 4/4/2025

 
  • 0 Vote(s) - 0 Average
Gibby's Cybersecurity Roundup 4/4/2025
gibby
Offline

Resident Hacker
Posts: 22
Threads: 7
Joined: Mar 2025
Reputation: 2
#1
04-04-2025, 06:26 PM (This post was last modified: 04-04-2025, 06:28 PM by gibby.)
[Image: O0zT3Ar.png]

Hi everyone and welcome to the third edition of Gibby’s cybersecurity roundup. Each week, I’ll try to compile items I’ve found unique or interesting as I came across them in the cybersecurity world. I’ll try to keep things succinct and to the point, but if there is something I find particularly interesting I may deep dive into a topic a bit more.

I'm using some industry terminology here that might not be clear to everyone. If you have questions let me know but in the meantime here's my attempt to make it digestible for everyone:
  • TLP: Traffic Light Protocol - a method to classify information from no restrictions (CLEAR) to only shareable between certain people (RED). You can find more information about TLP, and its classification levels, here
  • Blue Team - The Security Team focused on Defense and Detection
  • Red team - The Security Team focused on Attacks and Evasion 

If you want to see something added here let me know!


[Image: plvm6YX.png]

Well, look at that! The usual suspects in the software world apparently took a collective "no new critical flaws this week" vacation. So, instead of our regularly scheduled panic, let's dive into the KEV list – the Hall of Shame for bugs already being used to cause trouble. And wouldn't you know it, this week's inductees are all bringing the high-stakes drama!

High Risk: Google Chrome Zero-day Vulnerability Exploited in the Wild (CVE-2025-2783)
https://threatprotect.qualys.com/2025/03...2025-2783/

High Risk: Cisco Smart Licensing Utility Vulnerabilities
https://sec.cloudapps.cisco.com/security...u-7gHMzWmw

High Risk: Apache Tomcat CVE-2025-24813
https://www.rapid7.com/blog/post/2025/03...d-to-know/

 
 
[Image: TVVm7lW.png]

Google's Kyle Chrzanowski says big companies need robot overlords for their digital who's-who, automating everything from birth (account creation) to death (access revocation) of employee identities. Apparently, tackling the messy middle of governance before a massive single sign-on migration is the smart way to avoid a chaotic digital identity crisis.
https://www.googlecloudcommunity.com/gc/...a-p/882952

Sophos detailed this week that evilnginx is still remarkably effective in grabbing credentials and MFA codes
https://news.sophos.com/en-us/2025/03/28...-evilginx/

Checkpoint reassures its customers that the bad guys are "totally lying" about what they were able to get into and steal and to trust them instead: 
https://support.checkpoint.com/results/sk/sk183307

China hackers are *still* exploiting buffer overflow flaw in Ivanti's Connect Secure, Policy Secure, and ZTA gateway products. CVE-2025-22457, released in February was originally marked as "low severity" and now that bad guys are kicking in the door reliably, they reconsidered and have classified the flaw as "critical." Idiots.
https://forums.ivanti.com/s/article/Apri...2025-22457

Don't use DMARC? Don't expect Outlook, Live, and Hotmail accounts to get your messages then. After May 5, DMARC is mandatory to get messages to inboxes. 
https://techcommunity.microsoft.com/blog...rs/4399730

After *WEEKS* of denying it, Oracle finally acknowledged a breach occurred, surprising absolutely no one
https://www.bloomberg.com/news/articles/...ata-stolen

 
 
[Image: EEG6FZS.png]

Stratus Red Team is a tool by Datadog that can “detonate” offensive attack techniques against a live cloud environment so you can validate that your detections work as expected. I’m highlighting here that the docs now provide coverage matrices of MITRE ATT&CK tactics and techniques currently covered for different cloud platforms: AWS, Azure, GCP, Kubernetes, Entra ID, and EKS.
https://stratus-red-team.cloud/attack-te...e-matrices

Wiz has launched a new site for security teams to track critical cloud vulnerabilities, offering handy filters like technology and exploit status. Now you can finally stop manually sifting through endless CVEs and let Wiz be your cloud's most wanted poster.
https://www.wiz.io/vulnerability-database


[Image: JkUpDIt.png]

By Thalium comes a Rust-powered digital bloodhound for Linux, sniffing out sneaky kernel-level rootkits with its fancy integrity checks. It's like giving your kernel a superhero sidekick, but instead of a cape, it wields the Linux Rust API.
https://github.com/thalium/rkchk

This tool sniffs out Google Workspace Domain-Wide Delegation slip-ups in Google Cloud, essentially showing you where you left the keys to the digital kingdom under the doormat. Consider it your auditor for those "oops, did I leave that open?" moments in your GCP setup.
https://github.com/n0tspam/delepwn

ServiceNow, the cloud platform that promised IT zen, turns out to have some hidden ninja stars, according to MDSec's Tim Carrington. Apparently, you can weaponize its own features like custom actions and discovery scripts to run rogue code and generally cause digital mayhem.
https://www.mdsec.co.uk/2025/03/red-team...servicenow
 
[Image: p227pSB.png]

Here is a spot where I’ll just generally soapbox when I want to.
 
I sure hope you have a wonderful rest of your week.



That's it for this week. Thanks for reading, y'all. See you next week.

[Image: hacker.gif] 
Join #reddit-sysadmin on IRC
« Next Oldest | Next Newest »

Users browsing this thread: 1 Guest(s)



  • View a Printable Version
  • Subscribe to this thread
Forum Jump:

© 2025 DoTheNeedful.online - All Rights Reserved. Website Protected by CYPHN.io

Linear Mode
Threaded Mode