{"id":2494,"date":"2025-05-02T07:11:36","date_gmt":"2025-05-02T07:11:36","guid":{"rendered":"http:\/\/localhost\/?p=2494"},"modified":"2025-05-02T07:11:36","modified_gmt":"2025-05-02T07:11:36","slug":"understanding-the-challenges-of-securing-an-ngo","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=2494","title":{"rendered":"Understanding the challenges of securing an NGO"},"content":{"rendered":"
\n

Vulnerability Details<\/h2>\n
\n

Basic Information<\/h3>\n\n\n\n\n\n\n
Title<\/th>\nUnderstanding the challenges of securing an NGO<\/td>\n<\/tr>\n
Type<\/th>\ntalosblog<\/td>\n<\/tr>\n
Published<\/th>\n2025-05-01T18:01:27<\/td>\n<\/tr>\n
Last Seen<\/th>\n2025-05-01T19:53:04<\/td>\n<\/tr>\n
CVSS Score<\/th>\n10.0 (CRITICAL)<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVSS v3 Details<\/h3>\n\n\n\n\n\n\n\n\n\n
Attack Vector<\/th>\nNETWORK<\/td>\n<\/tr>\n
Attack Complexity<\/th>\nLOW<\/td>\n<\/tr>\n
Privileges Required<\/th>\nNONE<\/td>\n<\/tr>\n
User Interaction<\/th>\nNONE<\/td>\n<\/tr>\n
Scope<\/th>\nCHANGED<\/td>\n<\/tr>\n
Confidentiality Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Integrity Impact<\/th>\nHIGH<\/td>\n<\/tr>\n
Availability Impact<\/th>\nHIGH<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

CVE Information<\/h3>\n\n\n\n\n
CVE IDs<\/th>\nCVE-2025-31324<\/td>\n<\/tr>\n
CWE<\/th>\n<\/td>\n<\/tr>\n
Bulletin Family<\/th>\nblog<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

Description<\/h3>\n
\n ![Understanding the challenges of securing an NGO](https:\/\/blog.talosintelligence.com\/content\/images\/2025\/05\/threat-source-newsletter.jpg)<\/p>\n

Welcome to this week’s edition of the Threat Source newsletter.<\/p>\n

Recently, I was invited to sit on a panel at the _CIO4Good Conference_ here in Washington D.C., where I talked about incident response and cyber preparedness to a room full of CIOs who help lead wonderful missions to help others. I’m incredibly fortunate to be able to volunteer for the NGO community. I’ve been involved with them for a few years now, and it has been a singular experience.<\/p>\n

I sit in a uniquely blessed situation. Cisco Talos is resourced to help protect our customers — we have expertise, tooling and a huge array of diverse security skillsets. A humanitarian assistance or non-governmental organization (NGO) usually has none or very few of these luxuries. If I can take some of my time and experience here at Talos and help others who provide housing to the homeless, protect refugees or feed the hungry, damn right I’m gonna do it. And NGOs? They really need help.<\/p>\n

In today’s global humanitarian funding climate, money and grants are very scarce to come by _._ This means the competition for the dollars that remain is fierce, and that things like cybersecurity can fall by the wayside. But security in an NGO is incredibly important. We’re talking about incredibly vulnerable and marginalized people who deserve aid, and the amazing volunteers who should have privacy without malicious interference.<\/p>\n

The hard truth is that cybersecurity can be a bleak space. We as professionals do not operate in the “good news” business. We work, and thrive, in adversarial conditions — actively searching for what the bad guys are doing and learning how they are coming after the good guys. They’re launching ransomware. They are extorting _and causing real harm to others_. This is day in and day out, and it can wear you down mentally. You have to endure and focus on the mission. After all, that’s the gig.<\/p>\n

This is why I enjoy volunteering by either giving some of my time and expertise to a mentee or to an NGO that has an outstanding mission to help others. It puts fuel in your soul and reminds you that others are fighting their own good fights. These organizations are some of the best. They have a thankless, often dangerous, mission to help others have better lives. The way I see it, volunteering is the least I could do.<\/p>\n

If you want to join me, there are some places that could use your help. Check out the _Cyber Peace Institute_, or _Defcon Project Franklin_.<\/p>\n

## The one big thing<\/p>\n

This week is bittersweet because we’re discussing the final section of Talos’ _2024 Year in Review_ report. Let’s jump into the abyss of _AI-based threats_ together.<\/p>\n

### Why do I care?<\/p>\n

AI may not have upended the threat landscape last year, but it’s setting the stage for 2025, where agentic AI and automated vulnerability discovery could pose serious challenges for defenders. The future may bring:<\/p>\n

1. The use of agentic AI to conduct multi-stage attacks or find creative ways to access restricted systems
\n 2. Improved personalization and professionalization of social engineering
\n 3. Automated vulnerability discovery and exploitation
\n 4. Capabilities to compromise AI models, systems and infrastructure that organizations around the world are building<\/p>\n

### So now what?<\/p>\n

Continue to stay informed and alert, and for more information, read Talos’ _blog post_ about these threats or download the full _Year in Review_.<\/p>\n

## Top security headlines of the week<\/p>\n

**AirPlay Vulnerabilities Expose Apple Devices to Zero-Click Takeover.** The identified security defects, 23 in total, could be exploited over wireless networks and peer-to-peer connections, leading to the complete compromise of not only Apple products, but also third-party devices that use the AirPlay SDK. (_SecurityWeek_)<\/p>\n

**4 Million Affected by VeriSource Data Breach.** VeriSource says the stolen information belonged to employees and dependents of companies using its services. It has been working with its customers to “collect the necessary information to notify additional individuals affected by this incident.” (_SecurityWeek_)<\/p>\n

**SAP NetWeaver Visual Composer Flaw Under Active Exploitation.** CVE-2025-31324 is a critical vulnerability with a maximum CVSS score of 10 that affects all SAP NetWeaver 7.xx versions. It allows unauthenticated remote attackers to upload arbitrary files to Internet exposed systems without any restrictions. (_DarkReading_)<\/p>\n

**FBI shares massive list of 42,000 LabHost phishing domains.** The FBI has shared 42,000 phishing domains tied to the LabHost cybercrime platform, one of the largest global phishing-as-a-service (PhaaS) platforms that was dismantled in April 2024. (_BleepingComputer_)<\/p>\n

## Can’t get enough Talos?<\/p>\n

_State-of-the-art phishing: MFA bypass_ _._ Cybercriminals are bypassing multi-factor authentication (MFA) using adversary-in-the-middle (AiTM) attacks via reverse proxies, intercepting credentials and authentication cookies.<\/p>\n

IR Trends Q1 2025: Phishing soars as identity-based attacks persist. This quarter, phishing attacks surged as the primary method for initial access. Learn how you can detect and prevent pre-ransomware attacks.<\/p>\n

_TTP Episode 11_. Craig, Bill and Hazel discuss three of the biggest callouts from Cisco Talos’ latest Incident Response Quarterly Trends.<\/p>\n

_Talos Takes: Identity and MFA_ _._ Hazel and friends discuss how AI isn’t rewriting the cybercrime playbook, but it is turbo charging some of the old tricks, particularly on the social engineering side.<\/p>\n

## Upcoming events where you can find Talos<\/p>\n

* _PIVOTcon_ (May 7 – 9) Malaga, Spain
\n * _CTA TIPS 2025_ (May 14 – 15) Arlington, VA
\n * _Cisco Connect UK & Ireland_ (May 20) London, UK
\n * _BotConf_ (May 20 – 23) Angers, France
\n * _Cisco Live U.S._ (June 8 – 12) San Diego, CA<\/p>\n

## Most prevalent malware files from Talos telemetry over the past week<\/p>\n

**SHA256: 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507 **
\nMD5: 2915b3f8b703eb744fc54c81f4a9c67f
\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507\/_
\nTypical Filename: VID001.exe
\nDetection Name: Win.Worm.Bitmin-9847045-0<\/p>\n

**SHA256: a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91 **
\nMD5: 7bdbd180c081fa63ca94f9c22c457376
\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_
\nTypical Filename: img001.exe
\nDetection Name: Simple_Custom_Detection<\/p>\n

**SHA256: 47ecaab5cd6b26fe18d9759a9392bce81ba379817c53a3a468fe9060a076f8ca **
\nMD5: 71fea034b422e4a17ebb06022532fdde
\nVirusTotal: _https:\/\/www.virustotal.com\/gui\/file\/a31f222fc283227f5e7988d1ad9c0aecd66d58bb7b4d8518ae23e110308dbf91_
\nTypical Filename: VID001.exe
\nDetection Name: Coinminer:MBT.26mw.in14.Talos\n <\/p><\/div>\n<\/p><\/div>\n

\n

Impact Assessment<\/h3>\n\n\n\n
Base Score<\/th>\n10.0<\/td>\n<\/tr>\n
Severity<\/th>\nCRITICAL<\/td>\n<\/tr>\n<\/table><\/div>\n
\n

View full CVE details<\/a><\/p>\n<\/p><\/div>\n<\/div>\n