09.11.25 Security News Bites
09.11.25 Security News Bites
45 New Domains Linked to China’s Salt Typhoon
Salt Typhoon is the group that hacked all the big telephone companies including the FBI’s wiretap portal. Recently the FBI says that the group hacked over 200 US companies. Now researchers have identified more domains being used by Salt Typhoon and another Chinese hacking group, UNC4841. These domains are used to control compromised systems and give them instructions. This Chinese attack group just keeps on growing – not good. Credit: Dark Reading
This Genie Cannot be Put back in the Bottle – Expedia Tells How to Make Molotov Cocktails
Expedia is a travel site. No, it is a bomb making site. No it is, well, I am not sure. It’s large language model bot helps plan your travel. Or teach you how to fire bomb something you don’t like. At this point it is a genie out of control and likely, it will not be controllable in the near future. This is not an Expedia problem, it is WAY bigger. And the criminals know it. Sorry. Credit: Cybernews
Nearly 500 Researchers Urge EU to Come Up With A Real Plan to Combat CSAM
The EU has a new proposal in the works for combatting CSAM or kiddie porn. It works on the assumption that on-device scanning can identify and correctly distinguish legal from illegal content. Nearly 500 scientists and researchers disagree and Signal has already said they will leave the EU and block access if this becomes law. What will be left is the software from China and Russia that will ignore the law. The researchers say that the bill will not work at scale and will produce massive false positives and false negatives. Obviously, this will eliminate any semblance of privacy in the EU. Other than that, it is perfect. Credit: Helpnet Security
Senator Urges FTC to Investigate Microsoft Over Security Defaults
Microsoft caters to the corporate market. Google caters to the consumer market. Microsoft makes most of its money from subscriptions and has about 500 million paying users. Google mostly has free users (“you are the product”) with about 11 million paying customers. This likely explains Microsoft’s reluctance to fix (AKA break) things. As a result, backward compatibility is their thing, even if it means a less secure product, but one that does not break systems that you use. I am not suggesting that is good, just Microsoft’s take on things. Senator Ron Wyden does not seem to be a fan of that strategy and is asking the FTC to investigate Microsoft over the ransomware attack last year that compromised data on over 5 million patients, likely due to their decision to leave a really old and not secure crypto algorithm as the default, likely for backward compatibility reasons. Microsoft still has not fixed the root cause of this breach. You go Senator Ron. Credit: Hackread
Scammers Use Grok to Spread Malware on Twitter
This is an interesting attack. Attackers use Twitter’s own AI to attack millions of Twitter users at the same time. And, the attacks are active today. The details are a bit complicated so if you are interested, go to the link, but basically Twitter prohibits links in paid promotions to reduce the likelihood of just what the scammers are doing – spreading malware. Instead, the scammers post videos, which have tags indicating the original Twitter handle of the video’s first poster. But, this handle can be a link. The scammers ask Grok where does the video they posted come from and Grok obliges and posts the full link – a malicious link. Researchers say that Grok is a lot less secure than its competitors, counting on system prompts to protect you. Without those, it was compromised 99 percent of the time. Credit: Dark Reading
by 