Author: iocOne

Overview of the Security of the Mercedes-Benz Infotainment System
This report presents the findings of a study on the Mercedes-Benz User Experience (MBUX) infotainment system, focusing on vulnerabilities and diagnostic subsystems that were not previously addressed. The research highlights various attack vectors, including USB and inter-process communication protocols, and identifies several critical vulnerabilities. Affected: Mercedes-Benz MBUX, automotive sector

Keypoints :

The study analyzes the first-generation MBUX system, emphasizing its architecture and diagnostic capabilities.…
Read More
Threat Bulletin: Weaponized Software Targets Chinese-Speaking Organizations
A series of sophisticated cyberattacks targeting organizations in Chinese-speaking regions have been identified, utilizing a multi-stage loader called PNGPlug to deliver the ValleyRAT malware. The attacks begin with phishing tactics, leading to the installation of a malicious MSI package that deploys the malware while maintaining a facade of legitimacy.…
Read More
Recent FBI alerts confirm that threat actors are increasingly utilizing GenAI to enhance financial fraud and extortion tactics, making traditional methods like phishing more effective. AI-generated content aids in creating convincing spear-phishing emails and realistic fake social media profiles. As these attacks become more accessible, organizations must prepare for a growing trend in cyber threats.…
Read More
Evading Endpoint Detection and Response EDR
Endpoint Detection and Response (EDR) solutions are crucial for modern cybersecurity, enabling quick threat detection and response through extensive telemetry. However, attackers utilize various evasion techniques to bypass these systems, exploiting vulnerabilities in EDR architecture and Windows core files. This guide provides insights into EDR monitoring, evasion methods, and defensive strategies.…
Read More
Microsoft January Security Update for High-Risk Vulnerabilities in Multiple Products
Microsoft has released a security update patch addressing 159 vulnerabilities across various products, including critical remote code execution and privilege escalation vulnerabilities. Users are urged to apply these patches promptly to mitigate risks. Affected: Windows, Microsoft Office, Microsoft Visual Studio, Azure, Microsoft Dynamics, Microsoft Edge

Keypoints :

Microsoft released a security update on January 14, fixing 159 vulnerabilities.…
Read More
Windows 10 KB5049981, Windows 11 KB5050009 & KB5050021 Security Updates
Microsoft has released security updates for Windows 10 and Windows 11, which include new features and address various vulnerabilities. Notably, the updates introduce a blocklist for vulnerable kernel drivers and highlight known issues affecting SSH connections and Citrix configurations. Affected: Windows 10, Windows 11, Citrix

Keypoints :

Microsoft has provided security updates for Windows 10 (KB5049981) and Windows 11 (KB5050009, KB5050021).…
Read More
On January 14, 2025, Green Alliance Technology CERT reported that Microsoft released a security update addressing 159 vulnerabilities across various products, including Windows, Microsoft Office, and Azure. Among these, 12 critical vulnerabilities were identified, including remote code execution and privilege escalation flaws. Users are urged to apply the patches promptly to mitigate risks.…
Read More
FBI Removes PlugX Malware from 4200 US Computers in PRC Linked Cyber Operation
The U.S. Department of Justice and FBI successfully removed PlugX malware from over 4,200 computers in a coordinated operation targeting a hacking group linked to the People’s Republic of China. This operation highlights the importance of international collaboration in combating cyber threats. Affected: U.S. businesses, European and Asian governments, Chinese dissident groups

Keypoints :

The DOJ and FBI conducted a multi-month operation to remove PlugX malware.…
Read More
Microsoft Patch Tuesday January 2025 Security Update Review Qualys ThreatPROTECT
January 2025 marks the release of Microsoft’s first Patch Tuesday, addressing 159 vulnerabilities, including 10 critical and 149 important. Among these, eight zero-day vulnerabilities have been patched, with three actively exploited. Key updates include fixes for various Microsoft products, notably in Windows and Microsoft Office. Affected: Microsoft Windows, Microsoft Office, .NET,…
Read More
Zombies Never Die: Analysis of the Current Situation of the Large Zombie Network AIRASHI
A large-scale DDoS attack targeted the Chinese game “Black Myth: Wukong” on the Steam and Perfect World platforms in August 2024. The attackers, using a botnet called AISURU, executed multiple waves of attacks during peak online gaming hours across 13 global regions. The botnet was later updated and renamed AIRASHI, which exhibited advanced capabilities, including exploiting a 0DAY vulnerability in Cambium Networks routers.…
Read More
Kimsuky Hacking Group’s Malware Attack on the Korean Defense Industry Association – Defense Industry Digital Innovation Seminar (Planned) (2025.1.12)
This article discusses the malicious activities of the North Korean hacking group Kimsuky, which targets the Korea Association of Defense Industry Studies. The group is known for its various espionage missions, including the distribution of malware disguised as a seminar invitation. The malware is delivered via email and executes harmful scripts upon opening an attached document.…
Read More
Volt Typhoon: Analyzing Espionage Campaigns Against Critical Infrastructure
Volt Typhoon, a Chinese state-sponsored APT group, is known for targeting critical infrastructure in the US, UK, Canada, and Australia by exploiting vulnerabilities in outdated SOHO devices. Their stealthy tactics involve using legitimate tools to blend malicious activities with normal network traffic, making detection difficult. Affected: United States, United Kingdom, Canada, Australia

Keypoints :

Volt Typhoon is linked to espionage and information gathering targeting critical infrastructure.…
Read More
VMware ESXi Logging and Detection Opportunities
This article discusses the unique challenges faced by Detection Engineers in securing ESXi environments, which often lack adequate security controls. It highlights the importance of effective log sources, common adversary techniques, and provides a Python-based CLI tool for automating detection tasks. Affected: ESXi

Keypoints :

ESXi environments are often considered legacy and may lack effective maintenance and security controls.…
Read More
Fortinet Warns of Auth Bypass Zero-Day Exploited to Hijack Firewalls
A new zero-day vulnerability (CVE-2024-55591) in FortiOS and FortiProxy allows attackers to hijack Fortinet firewalls, gaining super-admin privileges and compromising enterprise networks. The exploitation involves creating unauthorized admin accounts and modifying firewall settings. Organizations are urged to disable public management access. Affected: FortiOS, FortiProxy

Keypoints :

A zero-day vulnerability (CVE-2024-55591) affects FortiOS and FortiProxy versions.…
Read More