Secure Bytes Insight IT by Edi Rimkus

Router Hacks on Legacy Infrastructure: The Hidden Risk in Outdated Network Devices By Edi Rimkus In today’s fast-evolving cybersecurity landscape, threats aren’t limited to flashy ransomware or sophisticated supply chain attacks. One persistent risk that often flies under the radar is the exploitation of legacy routers and network infrastructure. Many organizations unknowingly expose themselves to attack because critical devices—often running outdated software or unsupported operating systems—are ripe targets for hackers. The Problem with Legacy Infrastructure Outdated Hardware & Software: Routers and other network components that have reached the end-of-life or end-of-support stage tend to remain in service long after their security patches and updates are discontinued. Attackers know that these devices rarely receive the robust protection afforded to current systems. Their outdated firmware often contains vulnerabilities that are well known in the cybersecurity community, ye...

CVE-2025-24054: NTLM Exploit in the Wild – A Deep Look at the Latest NTLM Hash Disclosure Vulnerability By Edi Rimkus In our fast-evolving threat landscape, even long-trusted authentication protocols are coming under fire. The newly disclosed vulnerability, CVE-2025-24054, has been making headlines as it enables NTLM hash disclosure via spoofing, and its exploitation in the wild is raising alarms across both public and private sectors. Check Point Research has documented active abuse of this flaw, which poses severe risks to Windows environments worldwide. Understanding NTLM and Its Significance NTLM (New Technology LAN Manager) is a suite of authentication protocols developed by Microsoft to verify user identities during network logins. NTLM uses the challenge/response mechanism where a user's credentials are not transmitted in plain text but are instead hashed. With the introduction of NTLMv2, Microsoft improved security by incorporating both server and client challenges into...

New Gmail and Microsoft 2FA Security Warning: What You Need to Know By Edi Rimkus In today’s fast-evolving digital landscape, even our strongest security measures are constantly being challenged. The latest warning around Gmail and Microsoft 2FA (two-factor authentication) is a wake-up call: sophisticated attackers are now finding creative ways to bypass 2FA protections that many long believed were virtually unbreakable. The Rising Threat of 2FA Bypass Although two-factor authentication remains one of the best defenses against unauthorized account access, recent security reports have spotlighted a new breed of attack tools—most notably an updated version of the so-called “Tycoon 2FA” kit. Originally identified in 2023, this adversary-in-the-middle (AITM) attack kit has evolved dramatically. Cybercriminals are now using advanced obfuscation techniques to bypass security measures on Gmail and Microsoft 365 accounts. What’s New? Recent intelligence highlights several key development...

  Fortinet Devices Still Compromised: A Persistent Threat to Cybersecurity By Edi Rimkus In a concerning revelation, over 14,000 Fortinet VPN devices remain compromised despite patches being applied to address previous vulnerabilities. This persistent threat highlights the evolving tactics of cybercriminals and the critical need for thorough post-patch audits and proactive cybersecurity measures. The Issue at Hand Fortinet devices, specifically those running FortiOS with SSL-VPN functionality, have been targeted by attackers exploiting vulnerabilities dating back as early as 2023. Even after patches were applied, cybercriminals managed to maintain access through a post-exploitation technique involving symbolic links (symlinks). These symlinks act as shortcuts, connecting the user filesystem to the root filesystem, allowing attackers to retain read-only access to sensitive files. Key Vulnerabilities Exploited The attackers leveraged several known vulnerabilities, including: ...

  Windows Zero-Day Vulnerability: A Deep Dive into the Exploitation and Lessons Learned By Edi Rimkus Cybersecurity professionals worldwide are grappling with the implications of a critical Windows zero-day vulnerability in the Common Log File System (CLFS) driver. This flaw—tracked as CVE-2025-29824—has been actively exploited by ransomware groups, leaving organizations vulnerable to privilege escalation attacks and devastating ransomware campaigns. Let’s explore the details, real-world examples, and actionable lessons from this incident. Understanding the Vulnerability The CLFS driver is a core component of the Windows operating system, responsible for managing log files. The vulnerability allows attackers to escalate their privileges from low-level user access to SYSTEM-level control, enabling them to execute malicious code and compromise entire systems. What makes this vulnerability particularly dangerous is its exploitation by ransomware groups, who use it to deploy malw...

Cybercriminals Are Using YouTube to Spread Malware: What You Need to Know By Edi Rimkus In the ever-evolving world of cybersecurity, threats continue to emerge in places we least expect—like YouTube. This week, researchers uncovered a troubling campaign where hackers hijacked YouTube channels to distribute malware, targeting unsuspecting users with enticing offers of cracked software and game cheats. The Tactics: Hackers have refined their methods to reach millions of users. They embed malicious links in video descriptions or comments on hijacked channels, often masquerading as trustworthy downloads. To bypass antivirus systems, these links lead to legitimate file-hosting platforms like Mediafire or Mega.nz. By doing so, they evade detection while deploying the harmful payload directly to unsuspecting users. The Malware: At the heart of this attack is Lumma Stealer—a sophisticated info-stealing trojan. Once installed, Lumma Stealer harvests sensitive data such as passwords, crypt...

 🔐 Fortinet Urges Critical Updates for FortiSwitch 🚨 Fortinet has released patches for a critical vulnerability (CVE-2024-48887) in FortiSwitch devices, rated with a CVSS score of 9.3. This flaw could allow unauthorized password changes via a specially crafted request, posing significant risks to administrative security. Key Details: Affected Versions : FortiSwitch 6.4.0 through 7.6.0. Mitigation : Upgrade to patched versions (6.4.15, 7.0.11, 7.2.9, 7.4.5, or 7.6.1). Workaround : Disable HTTP/HTTPS access from administrative interfaces and restrict access to trusted hosts. This vulnerability underscores the importance of proactive patch management and securing administrative interfaces. Let's stay vigilant and ensure our systems are protected against emerging threats.