Security News: Telemessage Worsens, Predictive Patching, GoDaddy Incompetence, Credential DB Found
Arthur T Knackerbracket has processed the following story:
Evidence of an attack on administration officials appeared last week on leak site Distributed Denial of Secrets, hosted an archive of messages that included details of over 60 government workers, a White House staffer, and members of the Secret.
The leak, first reported by Reuters, isn't as serious as Signalgate - no one was discussing air strikes and possible war crimes - but it's still suboptimal.
The White House said that it was "aware of the cyber security incident" but didn't comment further.
TeleMessage servers are reportedly closed while an investigation is carried out.
Europol had already detailed attempts to take down the Qakbot and Danabot malware groups, and last Friday it announced the disruption of the following five malware crews:
Operation Endgame II, a combined operation involving police from the EU, UK, US, and Canada, has now led to 20 arrests and 18 suspects have been added to the EU's most wanted list. In addition a total of 21.2 million has been seized.
"This new phase demonstrates law enforcement's ability to adapt and strike again, even as cybercriminals retool and reorganise," said Catherine De Bolle, Europol executive director. "By disrupting the services criminals rely on to deploy ransomware, we are breaking the kill chain at its source."
Two government boffins have proposed a method for predicting which security vulnerabilities criminals are likely to exploit, and think it could be used to improve patching choices.
In a recent paper [PDF], cybersecurity specialist Jono Spring of CISA and Peter Mell, a former senior computer scientist retired from Uncle Sam's NIST this month, suggest a new system that addresses a blind spot in current flaw fixing methodologies.
Here's the current list of patches under active attack, courtesy of US government security guards at CISA.
CVSS 9.8 - CVE-2025-4632 is a path traversal vulnerability in Samsung MagicINFO 9 Server which would allow anyone with the skill to write arbitrary files as a system authority.
CVSS 7.2 - CVE-2025-4428 is a vulnerability in Ivanti Endpoint Manager Mobile 12.5.0.0 and earlier builds. It allows full remote code execution using a specially crafted API request.
One current tool to help users prioritize the fixes to deploy is the US Cybersecurity and Infrastructure Security Agency's (CISA's) known exploited vulnerabilities (KEV) database that lists which CVEs under active attack. Regulations require US federal government agencies to patch bugs on the list within six months. Private sector admins also use the list.
Further help comes from an industry group known as the Forum of Incident Response and Security Teams (FIRST) which feeds CVE data into a separate Exploit Prediction Scoring System (EPSS). This machine-learning system predicts which vulnerabilities criminals are likely to attack in the next 30 days.
Spring and Mell have suggested a new system to help admins that combines KEV and EPSS and called it a likely exploited vulnerabilities (LEV) list, and assert that it offers helpfully accurate indicators to focus patching priorities.
Read more of this story at SoylentNews.