Secure Bytes Insight IT by Edi Rimkus

Apple AirPlay Exploits – The "AirBorne" Vulnerabilities Introduction Apple's AirPlay protocol has revolutionized wireless streaming for billions of devices, connecting iPhones, Macs, and third-party products seamlessly. However, a critical series of vulnerabilities, dubbed "AirBorne," has been discovered, exposing devices to zero-click remote code execution (RCE) attacks. With interconnected devices at the core of modern life, these flaws highlight serious security concerns. The Vulnerabilities Explained The "AirBorne" vulnerabilities include multiple critical flaws, such as: CVE-2025-24252 : A use-after-free vulnerability enabling attackers to execute arbitrary code without user interaction. CVE-2025-24132 : A stack-based buffer overflow allowing wormable exploits to propagate automatically across devices. CVE-2025-24271 : An access control bypass permitting unauthenticated AirPlay commands, potentially leading to RCE. These vulnerabilities...

SAP NetWeaver Exploit: Critical Risk of Remote Code Execution via Unauthenticated File Uploads By Edi Rimkus Published: 28 April 2025 Introduction In today’s interconnected business landscape, enterprise software underpins global operations—and SAP NetWeaver is a cornerstone for countless organizations. However, a critical vulnerability (tracked as CVE-2025-31324) has recently surfaced, revealing a significant security gap. This exploit has raised alarms due to its potential for unauthorized access and remote code execution. The Vulnerability Explained The flaw lies within the Metadata Uploader component of SAP NetWeaver Visual Composer. A missing authorization check allows attackers to upload malicious files to the /developmentserver/metadatauploader endpoint. These files—often in the form of web shells—grant attackers the ability to execute arbitrary commands, effectively taking control of the system. Key technical aspects include: No Authentication Needed : Attackers can ...

WhatsApp for Windows Vulnerability: Critical Risk of Arbitrary Code Execution via Spoofed File Attachments By Edi Rimkus Published: April 2025 In today’s digital world, messaging platforms play a crucial role in our daily communications—and WhatsApp is one of the most popular among them. While most of its users rely on mobile devices, the desktop version (WhatsApp for Windows) offers added convenience and productivity. However, a critical security vulnerability (tracked as CVE-2025-30401 ) affecting WhatsApp for Windows has recently come to light, raising serious concerns about the application’s safety. The Vulnerability Explained The flaw stems from how WhatsApp for Windows processes file attachments. According to the official security advisory issued by Meta, the vulnerability exists because: Attachment Preview vs. File Handler Discrepancy: WhatsApp for Windows displays file attachments based on their MIME type (a label that indicates the nature of a file, such as “image/jpeg”...

Router Hacks on Legacy Infrastructure: The Hidden Risk in Outdated Network Devices By Edi Rimkus In today’s fast-evolving cybersecurity landscape, threats aren’t limited to flashy ransomware or sophisticated supply chain attacks. One persistent risk that often flies under the radar is the exploitation of legacy routers and network infrastructure. Many organizations unknowingly expose themselves to attack because critical devices—often running outdated software or unsupported operating systems—are ripe targets for hackers. The Problem with Legacy Infrastructure Outdated Hardware & Software: Routers and other network components that have reached the end-of-life or end-of-support stage tend to remain in service long after their security patches and updates are discontinued. Attackers know that these devices rarely receive the robust protection afforded to current systems. Their outdated firmware often contains vulnerabilities that are well known in the cybersecurity community, ye...

CVE-2025-24054: NTLM Exploit in the Wild – A Deep Look at the Latest NTLM Hash Disclosure Vulnerability By Edi Rimkus In our fast-evolving threat landscape, even long-trusted authentication protocols are coming under fire. The newly disclosed vulnerability, CVE-2025-24054, has been making headlines as it enables NTLM hash disclosure via spoofing, and its exploitation in the wild is raising alarms across both public and private sectors. Check Point Research has documented active abuse of this flaw, which poses severe risks to Windows environments worldwide. Understanding NTLM and Its Significance NTLM (New Technology LAN Manager) is a suite of authentication protocols developed by Microsoft to verify user identities during network logins. NTLM uses the challenge/response mechanism where a user's credentials are not transmitted in plain text but are instead hashed. With the introduction of NTLMv2, Microsoft improved security by incorporating both server and client challenges into...

New Gmail and Microsoft 2FA Security Warning: What You Need to Know By Edi Rimkus In today’s fast-evolving digital landscape, even our strongest security measures are constantly being challenged. The latest warning around Gmail and Microsoft 2FA (two-factor authentication) is a wake-up call: sophisticated attackers are now finding creative ways to bypass 2FA protections that many long believed were virtually unbreakable. The Rising Threat of 2FA Bypass Although two-factor authentication remains one of the best defenses against unauthorized account access, recent security reports have spotlighted a new breed of attack tools—most notably an updated version of the so-called “Tycoon 2FA” kit. Originally identified in 2023, this adversary-in-the-middle (AITM) attack kit has evolved dramatically. Cybercriminals are now using advanced obfuscation techniques to bypass security measures on Gmail and Microsoft 365 accounts. What’s New? Recent intelligence highlights several key development...

  Fortinet Devices Still Compromised: A Persistent Threat to Cybersecurity By Edi Rimkus In a concerning revelation, over 14,000 Fortinet VPN devices remain compromised despite patches being applied to address previous vulnerabilities. This persistent threat highlights the evolving tactics of cybercriminals and the critical need for thorough post-patch audits and proactive cybersecurity measures. The Issue at Hand Fortinet devices, specifically those running FortiOS with SSL-VPN functionality, have been targeted by attackers exploiting vulnerabilities dating back as early as 2023. Even after patches were applied, cybercriminals managed to maintain access through a post-exploitation technique involving symbolic links (symlinks). These symlinks act as shortcuts, connecting the user filesystem to the root filesystem, allowing attackers to retain read-only access to sensitive files. Key Vulnerabilities Exploited The attackers leveraged several known vulnerabilities, including: ...

  Windows Zero-Day Vulnerability: A Deep Dive into the Exploitation and Lessons Learned By Edi Rimkus Cybersecurity professionals worldwide are grappling with the implications of a critical Windows zero-day vulnerability in the Common Log File System (CLFS) driver. This flaw—tracked as CVE-2025-29824—has been actively exploited by ransomware groups, leaving organizations vulnerable to privilege escalation attacks and devastating ransomware campaigns. Let’s explore the details, real-world examples, and actionable lessons from this incident. Understanding the Vulnerability The CLFS driver is a core component of the Windows operating system, responsible for managing log files. The vulnerability allows attackers to escalate their privileges from low-level user access to SYSTEM-level control, enabling them to execute malicious code and compromise entire systems. What makes this vulnerability particularly dangerous is its exploitation by ransomware groups, who use it to deploy malw...

Cybercriminals Are Using YouTube to Spread Malware: What You Need to Know By Edi Rimkus In the ever-evolving world of cybersecurity, threats continue to emerge in places we least expect—like YouTube. This week, researchers uncovered a troubling campaign where hackers hijacked YouTube channels to distribute malware, targeting unsuspecting users with enticing offers of cracked software and game cheats. The Tactics: Hackers have refined their methods to reach millions of users. They embed malicious links in video descriptions or comments on hijacked channels, often masquerading as trustworthy downloads. To bypass antivirus systems, these links lead to legitimate file-hosting platforms like Mediafire or Mega.nz. By doing so, they evade detection while deploying the harmful payload directly to unsuspecting users. The Malware: At the heart of this attack is Lumma Stealer—a sophisticated info-stealing trojan. Once installed, Lumma Stealer harvests sensitive data such as passwords, crypt...

 🔐 Fortinet Urges Critical Updates for FortiSwitch 🚨 Fortinet has released patches for a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, rated with a CVSS score of 9.3. This flaw could allow unauthorized password changes via a specially crafted request, posing significant risks to administrative security. Key Details: Affected Versions : FortiSwitch 6.4.0 through 7.6.0. Mitigation : Upgrade to patched versions (6.4.15, 7.0.11, 7.2.9, 7.4.5, or 7.6.1). Workaround : Disable HTTP/HTTPS access from administrative interfaces and restrict access to trusted hosts. This vulnerability underscores the importance of proactive patch management and securing administrative interfaces. Let's stay vigilant and ensure our systems are protected against emerging threats.

 🌐 Microsoft's Cybersecurity Governance Council: A New Era in Cyber Defense 🛡️ Microsoft has taken a bold step in advancing cybersecurity with the launch of its Cybersecurity Governance Council. This initiative introduces Deputy CISOs who oversee critical areas such as AI-related security risks and identity-driven systems. Their mission? To ensure comprehensive oversight of cybersecurity risks, defense, and compliance across the company. Key Highlights: AI Security : Addressing the unique challenges posed by AI technologies. Identity-Driven Systems : Innovating in enterprise identity to enhance security. Collaboration : Working with product and engineering leaders to create accountability and advance protection for Microsoft, its customers, and the industry. This council represents a significant stride in fostering a security-first culture and tackling the evolving threat landscape. Let's celebrate and learn from these efforts to strengthen our own cybersecurity practices.