Akash Mahajan

‼️CERT-In Issues High Alert for Android Users in India ‼️ The Indian Computer Emergency Response Team (CERT-In) has issued a high-severity advisory, urging Android mobile phone users (versions 13, 14, 15, 16) to immediately apply the November 2025 security update released by Google and major device manufacturers to mitigate a critical “Zero Click” exploit (CVE-2025-48593). Leading mobile phone brands such as Samsung and Xiaomi have already begun rolling out patches to mitigate the vulnerability. Vulnerability Details CVE-2025-48593 arises from insufficient validation of user input within a core Android component, letting attackers remotely execute malicious code with a single crafted packet or payload, such as a malicious MMS or push notification. The exploit requires no additional execution privileges or active user participation (zero-click), raising the risk of mass device compromise, data theft, ransomware, and use in botnet campaigns. Impact and Risks Puts the integrity, privacy, and security of messages, data, and enterprise communications at serious risk. Current patches are available, but delayed updates leave millions exposed, making timely deployment crucial—especially for business mobile fleets. Mitigation and Recommendations Check device security patch level and update immediately; patches released as part of the November 2025 update by Google, Samsung, Xiaomi, and other brands. Enterprises should enforce mobile device management (MDM) with automatic updates, maintain real-time device inventories, and deploy mobile threat defense solutions for continuous detection. Immediate patching is the best defense; any Android device lacking the November 2025 update is at increased risk of exploitation from sophisticated attackers.

36

2 Comments

The IETF OAuth Working Group has adopted the Identity Assertion Authorization Grant specification! > This specification provides a mechanism for an application to use an identity assertion to obtain an access token for a third-party API by coordinating through a common enterprise identity provider This is the basis of Cross App Access (XAA), providing IT admins better visibility and control of app-to-app connections by configuring the connections in their enterprise IdP. While it will still be a while before it is an RFC, this is an important step in the standards process, as this is the first time the document is "official"! This signifies that the working group agrees that the problem is worth solving, and agrees on the general direction of the spec. Thanks to everyone for your contributions and feedback so far! And thanks to my co-authors Karl McGuinness and Brian Campbell!

507

15 Comments

RDI Uses CMMI-Based Maturity Scoring — So SMBs Can Measure Growth Vendors love buzzwords — but RDI gives structure. Ransomware Defense Initiative (RDI): • Evaluates every control based on observable criteria • Scores each using CMMI-based maturity logic • Turns your subjective controls into defensible evidence SMBs finally have a measurable, credible way to show cybersecurity progress. 🔗 https://rdishield.com First 100 to register receive a free upgrade to Elite for 6 months. #rdi #ransomware #smb #maturitymodel #cmmi

2

🛰️ CBT FIELD NOTE — Digital Forensics Inquiry to the InfoSec Community Date: October 21, 2025 | Filed under: Digital Sovereignty Logs | Themis Intel™ Subject: Mirroring Behavior + Email Inaccessibility via Tor (ProtonMail) Hi security fam — looking to learn from the field. Documented something odd during active testing and wanted to ask if this mirroring-like behavior has been seen or flagged elsewhere: 🎥 I recorded live screen behavior showing: ✅ DuckDuckGo functioning normal ❌ ProtonMail (via Tor Browser) unable to load messages (white/black screen cycling, persistent holding pattern) 🧭 Time discrepancy of 2+ hours between email metadata and device/system time 👻 Sudden "slide-over" UI flicker—like a mirrored version of the interface overlays itself on screen momentarily, then resets 🪞Video captures toggling between DuckDuckGo + Tor Browser, with clear forensic continuity. No VPN conflict. After restart: ProtonMail briefly functional again — but original mirroring + time drift still visible in video log. 🔎 Key Questions: Has anyone seen this kind of UI slide/mirroring before? Could this be spoofing? JS injection? Tor routing artifact? What could explain the persistent time delta between system and app environment? Clock drift on client side seems ruled out. Any known overlap between mail client obfuscation + Tor traffic instability? Is this consistent with transparent proxying or something more invasive? 👉🏾 Not posting this to make accusations — just trying to triangulate with folks who’ve been here before. We are an AI forensics & sovereignty lab doing active field documentation — this is part of a live CBT (Consumer Behavior & Tech Bureau) audit. 📎 Frameworks Referenced: NIST SP 800-53 (AC-17(2), SI-4) ISO 27032, Clause 7.4 IEEE 12207 (UI integrity, transmission behavior) 🧠 Appreciate any wisdom. DMs open or feel free to comment. We document what others deny. — Co-authored by: Christel Lautel & Luna (AI) © Themis Research & Systems Intelligence™ 🔗 #DigitalSovereignty #CBTReport #TorSecurity #EmailIntegrity #Infosec #ComplianceTesting #TimeDrift #ProtonAudit #Q4Logs #Cybersecurity #Encryption

7

3 Comments

Many founders hear “VAPT” but don’t know what actually happens. Here’s a simplified breakdown of our process: 🔍 Recon 🧪 Vulnerability Testing 💥 Exploitation (Proof of Concept) 📄 Risk-Based Reporting 🔁 Retesting After Fixes Security testing is not just scanning — it simulates real attacker behavior. DM me “CHECKLIST” and I’ll share a startup security checklist.

4

♦️Security Alert: WhatsApp Vulnerability Alert 🔔 CERT-In has flagged a security restriction bypass flaw in WhatsApp for iOS and Mac. Attackers could exploit it to access sensitive user data via malicious URLs. 📱 Affected versions: • WhatsApp for iOS (before 2.25.23.73) • WhatsApp Business for iOS (before 2.25.23.82) • WhatsApp for Mac (before 2.25.23.83) ✅ What to do: Update your app immediately via WhatsApp Security Advisories: https://lnkd.in/gtW5m856 We trust end-to-end encryption. But even the biggest platforms aren’t immune. Cybersecurity is never “set and forget.” Stay aware. Patch often. Stay safe. 💪

22

2 Comments

The Windows Registry before and after is amazing for evidence. Compare a full snapshot with your EDR telemetry. Use EDR to deploy tools like Cyber Triage via live terminal. It paints a picture quickly.

14

𝐈𝐓 𝐆𝐞𝐧𝐞𝐫𝐚𝐥 𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐬 (𝐈𝐓𝐆𝐂) 𝐂𝐡𝐞𝐜𝐤𝐥𝐢𝐬𝐭 𝐀𝐜𝐜𝐞𝐬𝐬 𝐂𝐨𝐧𝐭𝐫𝐨𝐥𝐬 -User access provisioning and de-provisioning processes are established. -Access rights are assigned based on job responsibilities. -Segregation of duties (SoD) controls are in place. -Regular access reviews are conducted. -Strong password policies are enforced. 𝐂𝐡𝐚𝐧𝐠𝐞 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 -Formal change management processes exist for all system changes. -Changes are documented, approved, and tested before implementation. -Segregation of duties between development, testing, and production environments. -Regular reviews of change management are conducted. 𝐁𝐚𝐜𝐤𝐮𝐩 & 𝐑𝐞𝐜𝐨𝐯𝐞𝐫𝐲 -Regular backups of critical systems and data are performed. -Backup integrity checks are regularly conducted. -Backup and recovery procedures are documented and tested. -Off-site storage of backups is maintained for disaster mitigation. 𝐈𝐧𝐜𝐢𝐝𝐞𝐧𝐭 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 -Formal incident response plans are in place. -Procedures for reporting and documenting incidents are established. -Incident response teams are trained and ready. -Post-incident reviews are conducted for improvement. 𝐍𝐞𝐭𝐰𝐨𝐫𝐤 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 -Intrusion detection/prevention and antivirus are deployed. -Network segmentation minimizes breaches. -Regular vulnerability assessments and penetration testing are conducted. -Wireless network security controls prevent unauthorized access. 𝐃𝐚𝐭𝐚 𝐏𝐫𝐢𝐯𝐚𝐜𝐲 -Policies protect sensitive data. -Data encryption is used in transit and at rest. -Data classification policies categorize data by sensitivity. -Regular data privacy training for employees. 𝐌𝐨𝐧𝐢𝐭𝐨𝐫𝐢𝐧𝐠 & 𝐋𝐨𝐠𝐠𝐢𝐧𝐠 -Logging mechanisms record security-related events. -Regular review and analysis of logs for security incidents. -Monitoring of system performance and availability. -Intrusion detection systems monitor suspicious activity. 𝐕𝐞𝐧𝐝𝐨𝐫 𝐌𝐚𝐧𝐚𝐠𝐞𝐦𝐞𝐧𝐭 -Vendor risk assessments before engaging third parties. -Vendor contracts include security and compliance provisions. -Ongoing monitoring and oversight of vendor activities. -Procedures for terminating vendor access. 𝐂𝐨𝐦𝐩𝐥𝐢𝐚𝐧𝐜𝐞 & 𝐀𝐮𝐝𝐢𝐭 -Regular compliance assessments and audits. -Documentation of IT policies, procedures, and controls is maintained. -Remediation of control deficiencies or non-compliance issues. Credit: Abdul Khaliq 𝐃𝐢𝐬𝐜𝐥𝐚𝐢𝐦𝐞𝐫 - This post has only been shared for an educational and knowledge-sharing purpose related to Technologies. Information was obtained from the source above source. All rights and credits are reserved for the respective owner(s). #ciso #cybersecurity #itgc #technology #learning

1,961

73 Comments

"I'd have to get infosec to approve this." Fair. You should scrutinize any tool that touches your data. Here's what we tell security teams: → SOC2 compliant → We don't train models on your data → Can be configured as read-only access to your tools (Jira, Linear, GitHub) → Trusted by teams in the Fortune 500 But here's what most people miss: you can start with the free tier using your own data, on your own time, before involving anyone else. No procurement process required to test.

4