Notices by Metacurity (metacurity@infosec.exchange)

Dozens of mobile providers across 35 countries are routing mobile traffic through major Chinese interconnect providers such as China Mobile International, China Telecom Global and China Unicom Global, allowing the Chinese telcos to conduct MITM attacks, track device locations in real time, intercept SMS and voice communications and "silently push spyware or malware onto target devices using signaling-level attacks."

https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/iverify-abusing-data-in-the-middle.pdf

Oh wow. This just in from a CISA spokesperson:

“The CVE Program is invaluable to cyber community and a priority of CISA. Last night, CISA executed the option period on the contract to ensure there will be no lapse in critical CVE services. We appreciate our partners’ and stakeholders’ patience.”

Chris Krebs and SentinelOne face a long slog to redress Trump's EO stripping them of their security clearances.

This is the latest in a string of similar punitive actions against a host of Trump "enemies." As one legal expert told me, “We might as well live in Stalin’s Soviet Union.”

Check out my latest piece in CSO.

Trump revokes security clearances for Chris Krebs, SentinelOne in problematic precedent for security vendors

https://www.csoonline.com/article/3958808/trump-revokes-security-clearances-for-chris-krebs-sentinelone-in-problematic-precedent-for-security-vendors.html

Hackers Breach Berkshire Hathaway’s NetJets, Steal Client Data
https://www.bloomberg.com/news/articles/2025-04-09/hackers-breach-berkshire-hathaway-s-netjets-steal-client-data?utm_medium=email&utm_source=author_alert&utm_term=250409&utm_campaign=author_22719966

Exclusive: DOGE staffer, 'Big Balls', provided tech support to cybercrime ring, records show
https://www.reuters.com/world/us/doge-staffer-big-balls-provided-tech-support-cybercrime-ring-records-show-2025-03-26/

The greatest thing of the day - when Microsoft needlessly demanded a PoC video for a vulnerability that analyst Will Dormann discovered and was well-documented, he submitted a 15-minute video that contained a clip from Zoolander, in which the protagonist unveils the "Center for Kids Who Can't Read Good," as well as a punchy techno backing track while wasting the reviewer's time with approximately 14 minutes of inactivity.
https://www.theregister.com/2025/03/17/microsoft_bug_report_troll/

Exclusive: Fired US government workers with top security clearances were not given exit briefings, sources say
https://www.reuters.com/world/us/fired-us-government-workers-with-top-security-clearances-were-not-given-exit-2025-03-04/

It's all over but the shouting my friends.

"Within the White House complex, the WiFi permissions — meant to bolster security by prompting users to log in frequently — were recently changed to allow guests to remain logged in for a year, up from seven days, because so many personal devices are newly in use."
https://www.washingtonpost.com/business/2025/02/25/elon-musk-doge-data-privacy-security/

https://www.wired.com/story/doge-hr-elon-musk-resignation-fork-road-leaked-staff-meeting/

“One employee expressed concerns that outside actors could send resignation emails on staffers’ behalf by spoofing their email addresses.”

Musk has locked OPM workers out of their computer systems.

Exclusive: Musk aides lock government workers out of computer systems at US agency, sources say
https://www.reuters.com/world/us/musk-aides-lock-government-workers-out-computer-systems-us-agency-sources-say-2025-01-31/

"Norway is sounding the alarm after discovering that Russia is no longer only disrupting the Global Navigation Satellite Systems (GNSS) across the border, but also spoofing GPS signals, an attack that can cause significant disruption to commercial aviation."

"We were spoofed on approaching Kirkenes today”
https://www.thebarentsobserver.com/news/we-were-spoofed-on-approaching-kirkenes-today/423323

Violent Hackers Are Using U-Haul To Dox Targets
https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/

Even though the HOPE (Hackers on Planet Earth) conference is usually slated for every other year, given the success of the 2024 conference, HOPE will take place again next year.

I just got an email saying HOPE_16 will occur August 15-17, 2025, at St. John's University in Queens, New York City.

I'm definitely going this time.

This is kind of upsetting. Wikipedia has $400 million in cash reserves and the foundation which runs Wikipedia has 550 employees with top managers making high salaries but doesn't pay it maintainers a penny.

I'm so disillusioned.

The next time Wikipedia asks for a donation, ignore it
https://unherd.com/newsroom/the-next-time-wikipedia-asks-for-a-donation-ignore-it/

@philbetts I'd love to hear from @molly0xfff on this.

https://www.golocalprov.com/news/ri-massive-hack-hundreds-of-thousands-ss-banking-information-names-dob

Right before Christmas, RI is forced to close its SNAP food and Medicaid systems due to what sounds like a ransomware attack.

“At an unprecedented Friday night press conference held by Governor Dan McKee, he claimed that the State of Rhode Island was first notified on December 5 of a potential major massive cyberattack.

McKee disclosed late on Friday that the state’s system to support everything from SNAP benefits to Medicaid to HealthsourceRI are all now closed.”

https://www.timesofisrael.com/liveblog_entry/syrian-sources-say-assad-may-have-been-killed-in-plane-crash-during-escape/
Reuters hasn’t confirmed it but reports are that Assad was killed in a plane crash.

Not a good month for telecoms!

Scattered Spider Teen Hacked Telecoms to Spam Victims, US Says
https://www.bloomberg.com/news/articles/2024-12-04/scattered-spider-teen-hacked-telecoms-to-spam-victims-us-says

Don't miss today's Metacurity for the most important infosec developments you should know, including

--UK cybersecurity chief warns of rise in hostile cyber activity
--Russia sentences Hydra Market leader to life in prison,
--Former Polish security chief forced into Pegasus spyware hearing,
--CFPB publishes proposed data brokers rule,
--SEC settles ICBC ransomware records case,
--FDD argues for Chinese-made lidar sensor ban,
--Hack forces DMM Bitcoin shutdown,
--much more
https://www.metacurity.com/uk-cybersecurity-chief-warns-of-rise-in-hostile-cyber-activity/

@mbmy @GossiTheDog I can see how the writer interpreted the small MSP space "really doesn't matter" as "won't be missed."

But I will delete my toot that quoted the article directly to not create any confusion.