Daily Security Digest – 2025-11-19
🛡️ Security Feed Digest – 2025-11-19
Total Articles: 33 SMB Tagged: 33
Key Takeaways
- Small businesses using FortiWeb web application firewalls are at risk of unauthorized access due to critical vulnerabilities, highlighting the importance of regular security patching and vulnerability scanning. Immediately review and update Fortinet security patches to prevent potential breaches.
- Conflicting international data laws and regulations can create cybersecurity vulnerabilities for global businesses, emphasizing the need for compliance monitoring and adaptability. Conduct regular reviews of national data laws and adjust security protocols accordingly to mitigate risks.
- AI advancements are raising concerns about cybersecurity risks, including the potential creation of super-viruses, underscoring the importance of proactive threat detection and incident response planning.
- Russian bulletproof hosting providers enable ransomware gangs, posing a significant risk to small businesses through phishing attacks and malware distribution, highlighting the need for robust email security measures. Implement advanced email filtering and anti-phishing solutions to prevent potential breaches.
High-Risk
- [SMB] Fortinet 'fesses up to second 0-day within a week
https://theregister.com/2025/11/19/fortinet_confirms_second_fortiweb_0day
2025-11-19T23:07:14.00Z
Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier. The new bug, tracked as CVE-2025-58034, is an OS ... - [SMB] Russian bulletproof hosting provider sanctioned over ransomware ties
https://bleepingcomputer.com/news/security/us-sanctions-russian-bulletproof-hosting-provider-media-land-over-ransomware-ties
Wed, 19 Nov 2025 11:43:46 -0500
Today, the United States, the United Kingdom, and Australia announced sanctions targeting Russian bulletproof hosting (BPH) providers that have supported ransomware gangs and other cybercrime operations. BPH providers that lease servers to cybercriminals to help them hinder disruption efforts targe... - [SMB] Anatomy of an Akira Ransomware Attack: When a Fake CAPTCHA Led to 42 Days of Compromise
https://unit42.paloaltonetworks.com/fake-captcha-to-compromise
Wed, 19 Nov 2025 00:00:01 +0000
Unit 42 recently assisted a global data storage and infrastructure company that experienced a destructive ransomware attack. This attack was orchestrated by Howling Scorpius, the distributors of Akira ransomware. What began with a single click on what appeared to be a routine website CAPTCHA evolved... - [SMB] IT threat evolution in Q3 2025. Mobile statistics
https://securelist.com/malware-report-q3-2025-mobile-statistics/118013
Wed, 19 Nov 2025 10:00:34 +0000
IT threat evolution in Q3 2025. Mobile statistics IT threat evolution in Q3 2025. Non-mobile statistics The quarter at a glance In the third quarter of 2025, we updated the methodology for calculating statistical indicators based on the Kaspersky Security Network. These changes affected all secti... - [SMB] Cat’s Got Your Files: Lynx Ransomware
https://thedfirreport.com/2025/11/17/cats-got-your-files-lynx-ransomware
Mon, 17 Nov 2025 13:00:28 +0000
Key Takeaways The intrusion began with a successful RDP login using already-compromised credentials, likely obtained via an infostealer, data breach reuse, or an initial access broker. Within minutes, the threat actor moved laterally to a domain controller using a separate compromised domain admin... - [SMB] Securing your network for the holidays
https://news.sophos.com/en-us/2025/11/19/securing-your-network-for-the-holidays
Wed, 19 Nov 2025 17:27:07 +0000
It’s that time of year when network admins in many parts of the world are looking forward to spending more time with family and friends and less time in front of their management consoles. Unfortunately, this is also a peak period for cyberattacks. To help ensure your network is optimally secure ov... - [SMB] Introducing Rapid7 Curated Intelligence Rules for AWS Network Firewall
https://rapid7.com/blog/post/cds-rapid7-curated-intelligence-rules-aws-network-firewall
Wed, 19 Nov 2025 20:46:16 GMT
Outsmart attackers with smarter rules Managing network security in a dynamic cloud environment is a constant challenge. As traffic volume grows and threat actors evolve their tactics, organizations need protection that can scale effortlessly while delivering robust, intelligent defense. That's wher... - [SMB] CVE-2025-13315, CVE-2025-13316: Critical Twonky Server Authentication Bypass (NOT FIXED)
https://rapid7.com/blog/post/cve-2025-13315-cve-2025-13316-critical-twonky-server-authentication-bypass-not-fixed
Wed, 19 Nov 2025 17:30:41 GMT
Overview Twonky Server version 8.5.2 is susceptible to two vulnerabilities that facilitate administrator authentication bypass on Linux and Windows. An unauthenticated attacker can improperly access a privileged web API endpoint to leak application logs, which contain encrypted administrator creden... - [SMB] The State of Security Today: Setting the Stage for 2026
https://rapid7.com/blog/post/it-security-today-setting-stage-for-2026-predictions-webinar
Tue, 18 Nov 2025 16:07:34 GMT
As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are as ... - [SMB] Pro-Hamas Hackers Leak Alleged Redback IFV Plans and Israeli Defense Employee Data After Major Cyber Breach
https://cysecurity.news/2025/11/pro-hamas-hackers-leak-alleged-redback.html
2025-11-19T10:24:00.000-05:00
A hacker collective aligned with Hamas has allegedly released sensitive information tied to Australia’s Redback next-generation infantry fighting vehicle program, along with hundreds of photographs of staff from Israeli defense companies. The group, known as Cyber Toufan and widely believed to ha...
Policy
- [SMB] How Modern Application Delivery Models Are Evolving: Local Apps, VDI, SaaS, and DaaS Explained
https://cysecurity.news/2025/11/how-modern-application-delivery-models.html
2025-11-18T12:03:00.000-05:00
Since the early 1990s, the methods used to deliver applications and data have been in constant transition. Today, IT teams must navigate a wider range of options—and a greater level of complexity—than ever before. Because applications are deployed in different ways for different needs, most organiza...
Awareness
- [SMB] Sneaky2FA PhaaS kit now uses redteamers' Browser-in-the-Browser attack
https://bleepingcomputer.com/news/security/sneaky2fa-phaas-kit-now-uses-redteamers-browser-in-the-browser-attack
Wed, 19 Nov 2025 16:59:46 -0500
The Sneaky2FA phishing-as-a-service (PhaaS) kit has added browser-in-the-browser (BitB) capabilities that are used in attacks to steal Microsoft credentials and active sessions. Sneaky2FA is a widely used PhaaS platform right now, alongside Tycoon2FA and Mamba2FA, all targeting primarily Microsoft ... - [SMB] AI and Voter Engagement
https://schneier.com/blog/archives/2025/11/ai-and-voter-engagement.html
2025-11-18T12:01:44Z
AI and Voter Engagement Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate wa...
Emerging
- [SMB] The AI Fix #77: Genome LLM makes a super-virus, and should AI decide if you live?
https://grahamcluley.com/the-ai-fix-77
Tue, 18 Nov 2025 15:35:13 +0000
News and views from the world of artificial intelligence. In episode 77 of The AI Fix, a language model trained on genomes that creates a super-virus, Graham wonders whether AI should be allowed to decide if we live or die, and a woman marries ChatGPT (and calls it “Klaus”). Also in this episode: ... - [SMB] More Prompt||GTFO
https://schneier.com/blog/archives/2025/11/more-promptgtfo.html
2025-11-17T12:05:07Z
About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998. I'm a fellow and lecturer at Harvard's Kennedy School, a board member of... - [SMB] What if your romantic AI chatbot can’t keep a secret?
https://welivesecurity.com/en/privacy/romantic-ai-chatbot-keep-secret
Mon, 17 Nov 2025 10:00:00 +0000
Does your chatbot know too much? Here's why you should think twice before you tell your AI companion everything. In the movie “Her” the film’s hero strikes up an ultimately doomed romantic relationship with a sophisticated AI system. At the time of its release in 2013, such a scenario was firmly in...
Controls
- [SMB] Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software
https://thehackernews.com/2025/11/application-containment-how-to-use.html
Wed, 19 Nov 2025 17:25:00 +0530
The challenge facing security leaders is monumental: Securing environments where failure is not an option. Reliance on traditional security postures, such as Endpoint Detection and Response (EDR) to chase threats after they have already entered the network, is fundamentally risky and contributes sig... - [SMB] Microsoft Patch Tuesday, November 2025 Edition
https://krebsonsecurity.com/2025/11/microsoft-patch-tuesday-november-2025-edition
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an...
Other
- [SMB] Pegasus XL rocket dusted off to rescue NASA’s Swift observatory from fiery demise
https://theregister.com/2025/11/19/pegasus_fly_again_rescue_swift
2025-11-19T18:55:37.00Z
NASA's Neil Gehrels Swift Observatory, facing the risk of an uncontrolled dive back to Earth, is set for a rescue ride on a Pegasus XL, the air-dropped rocket that hasn't flown since 2021. Flagstaff-based Katalyst has announced that the rocket to launch its LINK spacecraft on a rescue mission will ... - [SMB] Do National Data Laws Carry Cyber-Risks for Large Orgs?
https://darkreading.com/cybersecurity-operations/national-data-laws-cyber-risks-large-orgs
Wed, 19 Nov 2025 22:09:10 GMT
When international corporations have to balance competing cyber laws from different countries, the result is fragmented, potentially vulnerable systems.... - [SMB] Unicode: It is more than funny domain names., (Wed, Nov 12th)
https://isc.sans.edu/diary/rss/32472
Wed, 19 Nov 2025 15:59:55 GMT
When people discuss the security implications of Unicode, International Domain Names (IDNs) are often highlighted as a risk. However, while visible and often talked about, IDNs are probably not what you should really worry about when it comes to Unicode. There are several issues that impact applicat... - [SMB] Legal Restrictions on Vulnerability Disclosure
https://schneier.com/blog/archives/2025/11/legal-restrictions-on-vulnerability-disclosure.html
2025-11-19T12:04:50Z
Kendra Albert gave an excellent talk at USENIX Security this year, pointing out that the legal agreements surrounding vulnerability disclosure muzzle researchers while allowing companies to not fix the vulnerabilities—exactly the opposite of what the responsible disclosure movement of the early 2000... - [SMB] Advancing Cybersecurity for Microsoft Environments
https://news.sophos.com/en-us/2025/11/18/advancing-cybersecurity-for-microsoft-environments
Tue, 18 Nov 2025 16:31:04 +0000
I’m pleased to share three significant updates that advance cybersecurity for organizations that rely on Microsoft technologies. These milestones expand the reach of Sophos’ world-class threat intelligence and managed detection and response (MDR) capabilities into the Microsoft ecosystem, helping IT... - [SMB] From point-in-time audits to continuous confidence: How Sophos IT transformed identity defense
https://news.sophos.com/en-us/2025/11/18/sophos-itdr-case-study-sophos-identity-security
Tue, 18 Nov 2025 14:49:42 +0000
Attackers don’t break in — they log in. That shift has made identity the new perimeter of modern cybersecurity. Every enterprise wrestles with the same challenge: a constantly changing identity environment that’s hard to monitor and even harder to secure. Sophos is no exception. With thousands of u... - [SMB] U.S. Agencies Consider Restrictions on TP-Link Routers Over Security Risks
https://cysecurity.news/2025/11/us-agencies-consider-restrictions-on-tp.html
2025-11-19T12:03:00.000-05:00
A coordinated review by several federal agencies in the United States has intensified scrutiny of TP-Link home routers, with officials considering whether the devices should continue to be available in the country. Recent reporting indicates that more than six departments and agencies have suppo... - [SMB] Why Oslo’s Bus Security Tests Highlight the Hidden Risks of Connected Vehicles
https://cysecurity.news/2025/11/why-oslos-bus-security-tests-highlight.html
2025-11-19T09:34:00.000-05:00
Modern transportation looks very different from what it used to be, and the question of who controls a vehicle on the road no longer has a simple answer. Decades ago, the person behind the wheel was unquestionably the one in charge. But as cars, buses, and trucks increasingly rely on constant connec...