Secure Bytes Insight IT by Edi Rimkus

  Black Basta Ransomware Exploits Microsoft Quick Assist – What You Need to Know Cybercriminals are finding new and unexpected ways to infiltrate organizations, and the latest tactic involves abusing Microsoft’s Quick Assist tool to deploy Black Basta ransomware . This attack method allows hackers to gain full control over targeted Windows machines , leading to data encryption, ransom demands, and severe operational disruptions. Understanding Black Basta’s Latest Attack Strategy Black Basta is one of the most aggressive ransomware variants , targeting organizations across industries with double-extortion tactics —stealing data before encrypting it, forcing victims to pay or risk public exposure. Recently, security researchers discovered that threat actors are exploiting Microsoft Quick Assist , a built-in Windows feature designed for remote assistance . By tricking users into accepting remote sessions , attackers can execute ransomware payloads without needing traditional ph...

  Urgent Security Alert: Google Chrome Vulnerability (CVE-2025-4664) Exposes User Data Google Chrome users, take note! A high-severity vulnerability (CVE-2025-4664) has been discovered, allowing attackers to leak cross-origin data and bypass Chrome’s security protections. This flaw affects millions of users worldwide and demands immediate action to stay safe. What is CVE-2025-4664? CVE-2025-4664 is a critical vulnerability in Google Chrome’s Loader component , which manages cross-origin resource sharing (CORS) and sandboxing mechanisms . Cybercriminals can exploit this flaw to: Bypass browser security controls and access sensitive information from other domains. Execute malicious JavaScript code within Chrome, leading to data theft or unauthorized actions. Hijack web sessions and extract credentials from unsuspecting users. Who is Affected? This vulnerability impacts: Google Chrome on Windows, macOS, and Linux (versions prior to Chrome v127.0.0.1 ). Websites rel...

CVE-2025-20188: Critical Cisco IOS XE Vulnerability Explained Introduction Cybersecurity vulnerabilities continue to pose serious risks to organizations worldwide, and recently, CVE-2025-20188 has been identified as a severe flaw impacting Cisco IOS XE Wireless Controllers . This vulnerability, rated 10.0 on the CVSS scale , allows unauthenticated remote attackers  to gain root-level  access to affected systems. Security teams and IT professionals need to understand the nature of this exploit, the affected devices, and the necessary steps to mitigate potential attacks. Vulnerability Details CVE-2025-20188 is caused by the presence of a hard-coded JSON Web Token (JWT)  within the affected software. Attackers can exploit this by sending crafted HTTPS requests  to the AP image download interface , bypassing authentication and executing malicious commands. The key risks associated with this vulnerability include: - Unauthorized file uploads - Path traversal attacks - Re...

AI-Powered Cyber Influence Campaigns: The New Digital Battlefield Published: May 2025 Artificial intelligence is reshaping cybersecurity in ways we never imagined. While AI-driven security tools help detect and prevent cyber threats, threat actors are now weaponizing AI to manipulate public opinion, spread misinformation, and automate cyberattacks . The Rise of AI-Driven Influence Campaigns Recent investigations reveal that AI-powered bots are engaging with real users on Facebook, X (Twitter), and LinkedIn , amplifying political narratives and misinformation. 🔍 How It Works: AI-generated fake personas interact with real accounts, liking, sharing, and commenting strategically. Some campaigns are state-sponsored , aiming to influence elections and policy decisions. AI-driven deepfake technology is being used to manipulate public perception. 💡 Why This Matters: Trust in digital platforms is at risk —users may unknowingly engage with AI-driven misinformation. Businesses...

Apple AirPlay Exploits – The "AirBorne" Vulnerabilities Introduction Apple's AirPlay protocol has revolutionized wireless streaming for billions of devices, connecting iPhones, Macs, and third-party products seamlessly. However, a critical series of vulnerabilities, dubbed "AirBorne," has been discovered, exposing devices to zero-click remote code execution (RCE) attacks. With interconnected devices at the core of modern life, these flaws highlight serious security concerns. The Vulnerabilities Explained The "AirBorne" vulnerabilities include multiple critical flaws, such as: CVE-2025-24252 : A use-after-free vulnerability enabling attackers to execute arbitrary code without user interaction. CVE-2025-24132 : A stack-based buffer overflow allowing wormable exploits to propagate automatically across devices. CVE-2025-24271 : An access control bypass permitting unauthenticated AirPlay commands, potentially leading to RCE. These vulnerabilities...

SAP NetWeaver Exploit: Critical Risk of Remote Code Execution via Unauthenticated File Uploads By Edi Rimkus Published: 28 April 2025 Introduction In today’s interconnected business landscape, enterprise software underpins global operations—and SAP NetWeaver is a cornerstone for countless organizations. However, a critical vulnerability (tracked as CVE-2025-31324) has recently surfaced, revealing a significant security gap. This exploit has raised alarms due to its potential for unauthorized access and remote code execution. The Vulnerability Explained The flaw lies within the Metadata Uploader component of SAP NetWeaver Visual Composer. A missing authorization check allows attackers to upload malicious files to the /developmentserver/metadatauploader endpoint. These files—often in the form of web shells—grant attackers the ability to execute arbitrary commands, effectively taking control of the system. Key technical aspects include: No Authentication Needed : Attackers can ...

WhatsApp for Windows Vulnerability: Critical Risk of Arbitrary Code Execution via Spoofed File Attachments By Edi Rimkus Published: April 2025 In today’s digital world, messaging platforms play a crucial role in our daily communications—and WhatsApp is one of the most popular among them. While most of its users rely on mobile devices, the desktop version (WhatsApp for Windows) offers added convenience and productivity. However, a critical security vulnerability (tracked as CVE-2025-30401 ) affecting WhatsApp for Windows has recently come to light, raising serious concerns about the application’s safety. The Vulnerability Explained The flaw stems from how WhatsApp for Windows processes file attachments. According to the official security advisory issued by Meta, the vulnerability exists because: Attachment Preview vs. File Handler Discrepancy: WhatsApp for Windows displays file attachments based on their MIME type (a label that indicates the nature of a file, such as “image/jpeg”...

Router Hacks on Legacy Infrastructure: The Hidden Risk in Outdated Network Devices By Edi Rimkus In today’s fast-evolving cybersecurity landscape, threats aren’t limited to flashy ransomware or sophisticated supply chain attacks. One persistent risk that often flies under the radar is the exploitation of legacy routers and network infrastructure. Many organizations unknowingly expose themselves to attack because critical devices—often running outdated software or unsupported operating systems—are ripe targets for hackers. The Problem with Legacy Infrastructure Outdated Hardware & Software: Routers and other network components that have reached the end-of-life or end-of-support stage tend to remain in service long after their security patches and updates are discontinued. Attackers know that these devices rarely receive the robust protection afforded to current systems. Their outdated firmware often contains vulnerabilities that are well known in the cybersecurity community, ye...

CVE-2025-24054: NTLM Exploit in the Wild – A Deep Look at the Latest NTLM Hash Disclosure Vulnerability By Edi Rimkus In our fast-evolving threat landscape, even long-trusted authentication protocols are coming under fire. The newly disclosed vulnerability, CVE-2025-24054, has been making headlines as it enables NTLM hash disclosure via spoofing, and its exploitation in the wild is raising alarms across both public and private sectors. Check Point Research has documented active abuse of this flaw, which poses severe risks to Windows environments worldwide. Understanding NTLM and Its Significance NTLM (New Technology LAN Manager) is a suite of authentication protocols developed by Microsoft to verify user identities during network logins. NTLM uses the challenge/response mechanism where a user's credentials are not transmitted in plain text but are instead hashed. With the introduction of NTLMv2, Microsoft improved security by incorporating both server and client challenges into...

New Gmail and Microsoft 2FA Security Warning: What You Need to Know By Edi Rimkus In today’s fast-evolving digital landscape, even our strongest security measures are constantly being challenged. The latest warning around Gmail and Microsoft 2FA (two-factor authentication) is a wake-up call: sophisticated attackers are now finding creative ways to bypass 2FA protections that many long believed were virtually unbreakable. The Rising Threat of 2FA Bypass Although two-factor authentication remains one of the best defenses against unauthorized account access, recent security reports have spotlighted a new breed of attack tools—most notably an updated version of the so-called “Tycoon 2FA” kit. Originally identified in 2023, this adversary-in-the-middle (AITM) attack kit has evolved dramatically. Cybercriminals are now using advanced obfuscation techniques to bypass security measures on Gmail and Microsoft 365 accounts. What’s New? Recent intelligence highlights several key development...

  Fortinet Devices Still Compromised: A Persistent Threat to Cybersecurity By Edi Rimkus In a concerning revelation, over 14,000 Fortinet VPN devices remain compromised despite patches being applied to address previous vulnerabilities. This persistent threat highlights the evolving tactics of cybercriminals and the critical need for thorough post-patch audits and proactive cybersecurity measures. The Issue at Hand Fortinet devices, specifically those running FortiOS with SSL-VPN functionality, have been targeted by attackers exploiting vulnerabilities dating back as early as 2023. Even after patches were applied, cybercriminals managed to maintain access through a post-exploitation technique involving symbolic links (symlinks). These symlinks act as shortcuts, connecting the user filesystem to the root filesystem, allowing attackers to retain read-only access to sensitive files. Key Vulnerabilities Exploited The attackers leveraged several known vulnerabilities, including: ...

  Windows Zero-Day Vulnerability: A Deep Dive into the Exploitation and Lessons Learned By Edi Rimkus Cybersecurity professionals worldwide are grappling with the implications of a critical Windows zero-day vulnerability in the Common Log File System (CLFS) driver. This flaw—tracked as CVE-2025-29824—has been actively exploited by ransomware groups, leaving organizations vulnerable to privilege escalation attacks and devastating ransomware campaigns. Let’s explore the details, real-world examples, and actionable lessons from this incident. Understanding the Vulnerability The CLFS driver is a core component of the Windows operating system, responsible for managing log files. The vulnerability allows attackers to escalate their privileges from low-level user access to SYSTEM-level control, enabling them to execute malicious code and compromise entire systems. What makes this vulnerability particularly dangerous is its exploitation by ransomware groups, who use it to deploy malw...

Cybercriminals Are Using YouTube to Spread Malware: What You Need to Know By Edi Rimkus In the ever-evolving world of cybersecurity, threats continue to emerge in places we least expect—like YouTube. This week, researchers uncovered a troubling campaign where hackers hijacked YouTube channels to distribute malware, targeting unsuspecting users with enticing offers of cracked software and game cheats. The Tactics: Hackers have refined their methods to reach millions of users. They embed malicious links in video descriptions or comments on hijacked channels, often masquerading as trustworthy downloads. To bypass antivirus systems, these links lead to legitimate file-hosting platforms like Mediafire or Mega.nz. By doing so, they evade detection while deploying the harmful payload directly to unsuspecting users. The Malware: At the heart of this attack is Lumma Stealer—a sophisticated info-stealing trojan. Once installed, Lumma Stealer harvests sensitive data such as passwords, crypt...

 🔐 Fortinet Urges Critical Updates for FortiSwitch 🚨 Fortinet has released patches for a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, rated with a CVSS score of 9.3. This flaw could allow unauthorized password changes via a specially crafted request, posing significant risks to administrative security. Key Details: Affected Versions : FortiSwitch 6.4.0 through 7.6.0. Mitigation : Upgrade to patched versions (6.4.15, 7.0.11, 7.2.9, 7.4.5, or 7.6.1). Workaround : Disable HTTP/HTTPS access from administrative interfaces and restrict access to trusted hosts. This vulnerability underscores the importance of proactive patch management and securing administrative interfaces. Let's stay vigilant and ensure our systems are protected against emerging threats.

 🌐 Microsoft's Cybersecurity Governance Council: A New Era in Cyber Defense 🛡️ Microsoft has taken a bold step in advancing cybersecurity with the launch of its Cybersecurity Governance Council. This initiative introduces Deputy CISOs who oversee critical areas such as AI-related security risks and identity-driven systems. Their mission? To ensure comprehensive oversight of cybersecurity risks, defense, and compliance across the company. Key Highlights: AI Security : Addressing the unique challenges posed by AI technologies. Identity-Driven Systems : Innovating in enterprise identity to enhance security. Collaboration : Working with product and engineering leaders to create accountability and advance protection for Microsoft, its customers, and the industry. This council represents a significant stride in fostering a security-first culture and tackling the evolving threat landscape. Let's celebrate and learn from these efforts to strengthen our own cybersecurity practices.

Synology Rushes to Patch Zero-Days Exploited at Pwn2Own In the fast-paced world of cybersecurity, staying ahead of threats is paramount. This was highlighted once again at the recent Pwn2Own hacking competition in Ireland, where researchers uncovered critical vulnerabilities in Synology's popular network-attached storage (NAS) devices. Here’s what you need to know: The Discovery During the competition, security researcher Rick de Jager from Midnight Blue discovered two zero-click vulnerabilities in Synology Photos and BeePhotos for BeeStation software. These vulnerabilities were particularly concerning because they allowed remote attackers to execute arbitrary code on vulnerable NAS appliances—without any user interaction. The Immediate Response Synology acted swiftly to address these vulnerabilities. Within days of their discovery, the company released patches to protect users from potential exploits. The affected versions were: Synology Photos 1.7 for DSM 7.2: Users should upgra...

New Cyber Attack Warning—Confirming You Are Not A Robot Can Be Dangerous Google's reCAPTCHA bot protection has been [-] weaponised getty In the ever-evolving landscape of cyber threats, a new and particularly insidious attack has been identified by researchers at Qualys. This attack takes advantage of a common and seemingly harmless security measure: CAPTCHA verification. Here's what you need to know to stay safe. The Anatomy of the Attack Cybercriminals have devised a method to use fake CAPTCHAs to trick users into running malicious code. Here’s how it works: Fake CAPTCHA Prompt: Users are redirected to a website that asks them to "Verify You Are Human" by performing a task. This might involve deleting a system file or running a command prompt. Malicious Script: The prompt copies a malicious script to the user's clipboard and instructs them to paste it into the terminal window. This makes the process appear as a standard verification step. Execution of Malware:...