In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.

Episode Links and Topics:

PacketCrypt Classic Cryptocurrency Miner on PHP Servers

https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564

Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.

SonicOS Affected By Multiple Vulnerabilities

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003

A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.

Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices

https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo

Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.

White House Launches U.S. Cyber Trust Mark

https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/

A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.

Windows BitLocker: Screwed without a Screwdriver

https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761

(video in English)

A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.