Dutch police arrested four individuals for selling stolen personal data via Telegram groups, seizing devices and firearms in…

Dutch police arrested four individuals for selling stolen personal data via Telegram groups, seizing devices and firearms in raids. The investigation aims to disrupt illegal data trading networks tied to identity theft and fraud.

Dutch police arrested four individuals for selling stolen personal data within Telegram groups, following a major investigation into illegal data trading. Authorities warn that such data sales often lead to further criminal activities.

The Dutch police have arrested four individuals in connection with the illegal sale of personal data within various Telegram groups. The arrests were made in recent days as part of a larger effort to disrupt illegal data trading networks that operate within the popular messaging platform.

Those detained include a 26-year-old man and a 20-year-old woman from Leeuwarden, a 28-year-old man from Maarssen, and a 31-year-old man without a fixed residence.

According to authorities, the suspects are believed to have sold personal information, including names, dates of birth, phone numbers, bank details, and home addresses, obtained through data theft, hacking, or company data breaches.

The police warned that such data can lead to other forms of crime, as criminals use it to impersonate bank employees or exploit vulnerable individuals, particularly the elderly.

During the raids, law enforcement officials confiscated several data storage devices and uncovered three firearms. The investigation is now focused on determining how and where the stolen data originated. Police also hinted that more arrests could follow, as they continue to monitor and infiltrate these Telegram groups.

To further demonstrate their presence online, the police have left messages in both public and private Telegram groups, warning members about the legal consequences of data trading. “Maybe we noticed your nickname too, and we’ll see you soon!” reads one of their warnings, reinforcing their commitment to combating cybercrime.

Message left by Dutch Police

Telegram, long known for its commitment to privacy, has found itself in a difficult position following the August 2024 arrest of its founder, Pavel Durov, in France. Durov, an advocate for user privacy, had previously resisted government pressure to share user data; however, in September 20224, Telegram quietly updated its privacy policy to allow sharing of users’ IP addresses and phone numbers with authorities in response to valid legal requests.

The policy change has raised suspicion among many users, with some deciding to leave the app. Former long-time users are now switching to other, more secure platforms, worried that Telegram’s cooperation with authorities goes against the privacy-focused service they once trusted.

The policy change, aimed at sharing data with authorities to combat serious crimes like data breaches, leaks, and CSAM, has been welcomed by many as a positive step in tackling illegal activity. However, it has also raised concerns among whistleblowers, journalists, and privacy-focused users who rely on platforms like Telegram to remain anonymous for legitimate reasons. These individuals worry that the change could put their privacy at risk, leading some to seek more secure alternatives.

1.  How Facebook Helped FBI Capture a Notorious Child Abuser
2.  PureVPN Aided FBI Track CyberStalker by Providing His Logs
3.  Facebook Call Cops on BBC for Exposing Child Abuse Content
4.  How police ruined a man’s life by making a typo in his IP address
5.  Gay dating app Grindr shared user HIV, location data with 3rd parties

Dutch Police Infiltrate Telegram Groups, Arrest 4 for Illegal Data Trading

Cross Site Scripting vulnerability in camaleon-cms v.2.7.5 allows remote attacker to execute arbitrary code via the content group name field.

**Exploitability Metrics**

Attack Vector: This metric reflects the context by which vulnerability exploitation is possible. This metric value (and consequently the resulting severity) will be larger the more remote (logically, and physically) an attacker can be in order to exploit the vulnerable system. The assumption is that the number of potential attackers for a vulnerability that could be exploited from across a network is larger than the number of potential attackers that could exploit a vulnerability requiring physical access to a device, and therefore warrants a greater severity.

Attack Complexity: This metric captures measurable actions that must be taken by the attacker to actively evade or circumvent existing built-in security-enhancing conditions in order to obtain a working exploit. These are conditions whose primary purpose is to increase security and/or increase exploit engineering complexity. A vulnerability exploitable without a target-specific variable has a lower complexity than a vulnerability that would require non-trivial customization. This metric is meant to capture security mechanisms utilized by the vulnerable system.

Attack Requirements: This metric captures the prerequisite deployment and execution conditions or variables of the vulnerable system that enable the attack. These differ from security-enhancing techniques/technologies (ref Attack Complexity) as the primary purpose of these conditions is not to explicitly mitigate attacks, but rather, emerge naturally as a consequence of the deployment and execution of the vulnerable system.

Privileges Required: This metric describes the level of privileges an attacker must possess prior to successfully exploiting the vulnerability. The method by which the attacker obtains privileged credentials prior to the attack (e.g., free trial accounts), is outside the scope of this metric. Generally, self-service provisioned accounts do not constitute a privilege requirement if the attacker can grant themselves privileges as part of the attack.

User interaction: This metric captures the requirement for a human user, other than the attacker, to participate in the successful compromise of the vulnerable system. This metric determines whether the vulnerability can be exploited solely at the will of the attacker, or whether a separate user (or user-initiated process) must participate in some manner.

**Vulnerable System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the VULNERABLE SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the VULNERABLE SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the VULNERABLE SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

**Subsequent System Impact Metrics**

Confidentiality: This metric measures the impact to the confidentiality of the information managed by the SUBSEQUENT SYSTEM due to a successfully exploited vulnerability. Confidentiality refers to limiting information access and disclosure to only authorized users, as well as preventing access by, or disclosure to, unauthorized ones.

Integrity: This metric measures the impact to integrity of a successfully exploited vulnerability. Integrity refers to the trustworthiness and veracity of information. Integrity of the SUBSEQUENT SYSTEM is impacted when an attacker makes unauthorized modification of system data. Integrity is also impacted when a system user can repudiate critical actions taken in the context of the system (e.g. due to insufficient logging).

Availability: This metric measures the impact to the availability of the SUBSEQUENT SYSTEM resulting from a successfully exploited vulnerability. While the Confidentiality and Integrity impact metrics apply to the loss of confidentiality or integrity of data (e.g., information, files) used by the system, this metric refers to the loss of availability of the impacted system itself, such as a networked service (e.g., web, database, email). Since availability refers to the accessibility of information resources, attacks that consume network bandwidth, processor cycles, or disk space all impact the availability of a system.

GHSA-hhxg-rvc9-8726: camaleon_cms affected by cross site scripting

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.A recent report from BlackBe

As organizations start deploying advanced monitoring capabilities to protect their production environment from cyber attacks, attackers are finding it increasingly difficult to break in and compromise systems. As a result, they are now leveraging alternate approaches to infiltrate systems by secretly injecting malware into the software supply chain. This illicit code allows them to turn a software component into a Trojan horse of sorts, resulting in software infected with malicious code which allows cyber criminals to open the "doors to the kingdom" from the inside.

A recent report from BlackBerry estimated that the majority (74%) of companies surveyed have experienced a software supply chain attack in the last 12 months. This high number underscores the need for enhanced software supply chain protections since third-party software suppliers and some open source libraries and frameworks may not have the same security measures.

DevSecOps methodology integrates security practices into the DevOps process so security practices are embedded throughout the entire software development lifecycle. Unlike traditional approaches where security is added towards the end of the development process, DevSecOps incorporates security from the very beginning and automates various aspects to help streamline the development process.

An end-to-end solution across the entire supply chain is highly recommended. This system should trust nothing, examine all source code, prepare Supply chain Levels for Software Artifacts (SLSAs), provide audit and scanning capabilities and manage the Software Bill of Material (SBOM) for both custom and third-party software artifacts.

**Red Hat Trusted Software Supply Chain** provides a zero trust architecture and provides a solid foundation for DevSecOps, helping shift security to the left to catch known vulnerabilities earlier in the development life cycle. Let's go through each component to see how they work together to help bring development, infosec and operations teams together.

**Red Hat Trusted Application Pipeline**

**Trusted Application Pipeline** provides integrated software templates that help enable secure software development through artifact signatures, attestations, SBOMs and build provenance verification. These security-focused software templates not only standardize but also speed up the adoption of security measures across different stages of software development, enhancing trust and transparency from the outset. Trusted Application Pipeline includes the following three key products.

**Red Hat Developer Hub**

**Red Hat Developer Hub** is an enterprise platform for building developer portals and golden paths and provides a single pane of glass to help increase engineering productivity, and provide guardrails for cloud-native development and a real-time view of application and infrastructure health and security. Built on the open source Backstage project, it helps streamline development through a unified platform that reduces cognitive load and frustration for developers. Try Red Hat Developer Hub today.

**Red Hat Trusted Artifact Signer**

**Trusted Artifact Signer** is built on the open source Sigstore project, and provides a transparent, auditable and cryptographically enhanced signing and verification system. Trusted Artifact Signer supports keyless and key-based signing, and provides simplified operator installation and an immutable audit trail. It also includes Enterprise Contract, enabling the automatic verification of supply chain integrity, provenance authentication and SLSA enforcement.

**Red Hat Trusted Profile Analyzer**

**Trusted Profile Analyzer** provides developers, security teams and platform engineers visibility and actionable insights into the risk profile of their software supply chain. It does this across the entire software development life cycle using application SBOM and VEX (Vulnerability Exploitability eXchange) and open source dependencies risk profiles. This information can help lower the risk of a supply chain breach.

**Red Hat OpenShift Platform Plus**

**OpenShift Platform Plus** is a unified platform that combines multicluster security, cluster management and compliance, registry scanning and data management capabilities with Red Hat OpenShift. Learn how OpenShift Platform Plus meets the zero trust requirements in 10 ways.

OpenShift Platform Plus includes the following components.

**Red Hat OpenShift**

**OpenShift** is the industry’s leading hybrid cloud application platform powered by Kubernetes, bringing together a comprehensive set of tools and services that help streamline the entire application lifecycle, from development to delivery to management of app workloads.

**Red Hat Quay**

**Quay** is a security-focused and scalable platform for managing content across globally distributed datacenter and cloud environments. It provides a private container registry that stores, builds and deploys containerized software and scans container images for known vulnerabilities.

**Red Hat Advanced Cluster Management for Kubernetes**

**Advanced Cluster Management for Kubernetes** is a multicluster management solution that provides automated and built-in security policy-driven configuration and observability across your entire hybrid cloud environment, including on-prem, cloud and edge. Advanced Cluster Management for Kubernetes simplifies compliance, monitoring and consistency.

**Red Hat Advanced Cluster Security for Kubernetes**

**Advanced Cluster Security for Kubernetes** is a Kubernetes-native security solution that provides security guardrails with minimal impact on developer velocity. It addresses six key use cases including vulnerability management, configuration management, risk profiling, network isolation, industry compliance and run-time threat detection.

Learn more about Red Hat Trusted Software Supply Chain

Strengthen DevSecOps with Red Hat Trusted Software Supply Chain

The ABB BMS/BAS controller suffers from an unauthenticated log information disclosure vulnerability. An unauthorized attacker can reference the affected page and disclose the webserver's log file containing system information running on the device.

ABB Cylon Aspect 3.08.01 (logCriticalLookup.php) Unauthenticated Log Disclosure

ABB Cylon Aspect 3.08.01 (throttledLog.php) Unauthenticated Log Disclosure

If exploited, bad actors can execute arbitrary code while evading detection thanks to a renamed process.

Source: B Christopher via Alamy Stock Photo

A zero-day vulnerability, tracked as CVE-2024-44068, has been discovered in Samsung's mobile processors and is being used in an exploit chain for arbitrary code execution.

The vulnerability was given a critical CVSS score of 8.1 out of 10 and was patched in Samsung's October set of security fixes.

A National Institute of Standards and Technology (NIST) advisory on the bug describes it as "an issue \[that\] was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, and W920." A use-after-free bug in the mobile processor ultimately leads to privilege escalation, the agency added.

Google researcher Xingyu Jin was credited with reporting the flaw earlier this year, and Google TAG researcher Clement Lecigne warned that an exploit exists in the wild.

"This zero-day exploit is part of an EoP chain," Jin and Lecigne noted. "The actor is able to execute arbitrary code in a privileged camera server process. The exploit also renamed the process name itself to '\[email protected\]', probably for anti-forensic purposes."

**About the Author**

Samsung Zero-Day Vuln Under Active Exploit, Google Warns

The vulnerability affects all versions prior to v0.68.0 and highlights the risks organizations assume when consuming open source software and code.

Source: adison pangchai via Shutterstock

Organizations using Open Policy Agent (OPA) for Windows should consider updating to v0.68.0 or later to protect against an authentication hash leakage vulnerability identified in all earlier versions of the open source policy enforcement engine.

The vulnerability designated the identifier CVE-2024-8260, stems from improper input validation, and allows attackers to trick OPA into accessing a malicious Server Message Block (SMB) share. This can result in credential leakage and the potential exposure of sensitive system information.

**Enabling Credential Leaks**

"Successful exploitation can lead to unauthorised access by leaking the Net-NTLMv2 hash — or in lay terms, the credentials — of the user currently logged into the Windows device running the OPA application," said researchers at Tenable, who discovered the bug and issued a report this week. "Post-exploitation, the attacker could relay authentication to other systems that support NTLMv2 or perform offline cracking to extract the password."

Many organizations use OPA for Windows to implement and enforce authorization and resource access policies across their software stack, including cloud native applications, microservices, and APIs. The technology gives organizations a way to ensure consistent policy automation and compliance across mixed Linux and Windows environments.

The vulnerability that Tenable discovered essentially allows attackers to force a vulnerable system to authenticate to an attacker's server and thereby share user credentials in the process. The problem had to do with older versions of OPA for Windows not properly verifying the kind of files it received. Ordinarily, OPA should only use what are known as Rego files for rules and policies around decision making. What Tenable discovered was that because of improper validation, an attacker could pass an arbitrary SMB share instead of a Rego file to the OPA Command Line Interface or one of its Go library functions. An attacker could inject a path to their own server in the SMB share and force the system running the vulnerable OPA instance to authenticate to it.

"This can result in credential leaks or the execution of malicious logic, posing serious risks to system integrity and security," Tenable said. An adversary that obtains a NTLM hash by exploiting CVE-2024-8260 could use the hash in a variety of ways, including authenticating to other systems and services, moving laterally, connecting to file shares, and attempting to extract the password.

NTLM (New Technology LAN Manager) is a suite of authentication protocols from Microsoft that many organizations use to enable single sign-on to enterprise applications and services. Attackers have often exploited NTLM in so-called pass-the-hash attacks and NTLM relay attacks, where they essentially reuse a captured hash to authenticate to different applications and services without actually knowing the password.

**A Reminder of Open Source Risks**

Tenable described the vulnerability it discovered as highlighting the risks organizations assume when consuming open source software and code. In research that Black Duck described in its "2024 Open Source Security and Risk Analysis Report," the vendor found some 96% of code bases it reviewed to contain open source components. On average, 77% of all code in these codebases originated from open source. Some 84% codebases that underwent a risk assessment contained one or more security vulnerabilities and 74% had high-risk vulnerabilities like Log4Shel and XZ Utils in them. A surprising 14% of the code bases that Black Duck assessed had unpatched open source vulnerabilities in them that were 10 or more years old.

"As open-source projects become integrated into widespread solutions, it is crucial to ensure they are secure and do not expose vendors and their customers to an increased attack surface," said Ari Eitan, director of Tenable Cloud Security Research, in a statement. "This vulnerability discovery underscores the need for collaboration between security and engineering teams to mitigate such risks."

**About the Author**

Jai Vijayan is a seasoned technology reporter with over 20 years of experience in IT trade journalism. He was most recently a Senior Editor at Computerworld, where he covered information security and data privacy issues for the publication. Over the course of his 20-year career at Computerworld, Jai also covered a variety of other technology topics, including big data, Hadoop, Internet of Things, e-voting, and data analytics. Prior to Computerworld, Jai covered technology issues for The Economic Times in Bangalore, India. Jai has a Master's degree in Statistics and lives in Naperville, Ill.

OPA for Windows Vulnerability Exposes NTLM Hashes

Cybersecurity is not "one size fits all." Employers, recruiters, and managers need to embrace neurodiversity through inclusive hiring practices, tailored training programs, and adaptive management styles.

Source: Tomertu via Adobe Stock Photo

Megan Roddie-Fonseca, a senior security engineer at Datadog, recalls a pivotal moment during her job interview that swayed her decision to join the company.

"During the interview process, the manager asked me, 'How can I manage you? What's your ideal way of working?'" Roddie-Fonseca says. "'What can I do in order to make you the employee that you need to be and that you want to be?'"

For Roddie-Fonseca, a neurodivergent individual, this willingness to adapt management styles based on individual needs was a key factor in her decision to accept Datadog's offer.

"That's a big thing for me, instead of a manager saying, 'This is my management style,'" she says, noting that a tailored management approach can create an environment where neurodiverse workers feel understood and supported.

Roddie-Fonseca was diagnosed with autism when she was 12 years old and with ADHD later in life. While she has personally had overall positive experiences in the cybersecurity industry, she's also aware — by networking with other neurodivergent individuals — of the challenges that many face in their careers.

Neurodiversity includes individuals with conditions such as autism, ADHD, and dyslexia. While neurodivergent individuals can bring a wealth of unique skills to the workplace, they often face unnecessary challenges in the hiring process, training, and overall workplace environment.

**Align the Interview With the Job**

One issue is the current structure of the hiring process in many organizations. Rigid interviews, vague expectations, and unaccommodating environments can create barriers for neurodivergent candidates. Roddie-Fonseca says that typical interview setups, where candidates sit in front of a hiring manager or panel to answer rapid-fire questions, are not designed for those who may struggle with social anxiety or sensory-processing issues.

"Sitting in a room answering questions, especially when you're seeking a job that is going to have less social interaction, is not the way to do it," she says. "When it comes to showing my skill set, I'm going to be doing that on a computer, in an environment I'm comfortable with."

Performance-based interviews, where candidates demonstrate their skills in a simulated work environment, are a better alternative. Dr. Jodi Asbell-Clarke, a senior researcher in neurodiversity in STEM education at the nonprofit TERC and author of Reaching and Teaching Neurodivergent Learners in STEM, says it is essential to allow candidates to show their abilities under conditions they’re comfortable with.

“Many neurodivergent employees I have spoken with tell me they are at their best when they have time and mental space to solve a problem on their own, in their own way, and then bring it back to the team,” she says.

Rather than focusing on quick thinking under pressure, performance-based assessments allow candidates to demonstrate their problem-solving talents without the added stress of rigid, high-pressure conditions.

**Supporting Neurodivergent Employees on the Job**

Hiring neurodivergent candidates is just the first step; ensuring they are supported once on the job is equally important. Neurodivergent professionals often thrive in environments where accommodations are made to help them succeed, from flexible working conditions to individualized communication styles.

Universal design principles — where workplace accommodations are made available to everyone, regardless of whether they disclose a neurodivergent condition — can make a big difference, says Liz Green, an occupational therapist and business consultant who specializes in neurodiversity and inclusive design and often works with cybersecurity.

"Neurodivergence is already present in about 20% of the workforce, but not everyone will disclose it. So it's important to have support systems in place that everyone can access," she says.

Creating employee manuals, where workers outline their preferred communication and work styles, is a simple and inclusive solution that can benefit all employees, neurodivergent or not, Green adds.

Once neurodivergent employees are onboarded, providing appropriate training is essential. The traditional approach to training, where all new hires undergo the same program without considering individual learning needs, can leave neurodivergent employees struggling. Asbell-Clarke points out that giving neurodivergent employees space for "autonomy of thought" during training can be beneficial. For example, instead of bombarding new hires with information in a classroom setting, consider self-paced training modules that allow individuals to learn at their own speed.

Meghan Maneval, senior director of product marketing at LogicGate and also a neurodivergent individual, says clear communication — in multiple formats — during both interviewing and training is essential for her.

"Due to my auditory processing disorder, I often rely on written communication to fully process information," she says.

Employers can also create mentorship opportunities, pairing neurodivergent hires with more experienced employees who understand their challenges. These mentors can offer guidance and help them navigate the nuances of company culture and expectations.

**Creating a Culture of Inclusion**

Building an inclusive culture goes beyond just offering accommodations. It requires a shift in mindset across the organization.

"It's a culture shift because a lot of people are afraid to bring up those things because people think they're silly or they'll feel like, you know, they're going to get fired or not be a candidate for hire because they made a request like this," says Roddie-Fonseca.

Green emphasizes the need for open dialogue and the willingness to learn.

"Opening up the conversation is the first step. Silence doesn't help,” she says. By engaging in conversations about neurodiversity, employers can begin to dismantle the biases that prevent neurodivergent individuals from succeeding.

Another key component is establishing employee resource groups (ERGs) for neurodivergent individuals, says Green. These groups can provide a platform for employees to voice their needs and advocate for changes that improve the workplace for everyone.

“The most important thing is bringing forth the voices of the population," Green says. "It's about making an effort to listen and then act on what neurodivergent employees are saying."

An opportunity exists to rethink traditional hiring practices and embrace a more inclusive approach in cybersecurity hiring. As Datadog's Roddie-Fonseca points out, neurodivergent individuals often possess unique problem-solving abilities and strong attention to detail — skills that are highly valuable in technical fields. Yet the current hiring landscape remains inaccessible for many. By adopting flexible, inclusive hiring and training practices, cybersecurity employers can not only tap into the neurodiverse talent pool but also create a more dynamic and innovative workforce.

**About the Author**

Contributing Writer, Dark Reading

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online.

Breaking Barriers: Making Cybersecurity Accessible for Neurodiverse Professionals

Without DMARC, campaigns remain highly susceptible to phishing, domain spoofing, and impersonation.

Source: Saphiens via Alamy Stock Photo

Nearly 75% of US Senate campaign websites are lacking when it comes to DMARC protections, otherwise known as Domain-based Message Authentication, Reporting, and Conformance safeguards.

DMARC tools are used to prevent phishing and spoofing attacks by ensuring that the domains from which emails are sent get authenticated.

Without these protections, campaign websites are left vulnerable to cyberattacks, a critical issue given that these campaigns are emailing voters, donors, and staff frequently.

This could lead to compromised voter information, donor data, strategic campaign plans, and other sensitive data, furthering a lack of public trust in US elections, an issue that has become increasingly prominent in the past few years. In 2016, Russian state actors tried to influence the presidential election by disrupting the election process and hacking emails. 

According to the study, conducted by Red Sift, campaigns will remain highly susceptible to phishing, domain spoofing, and impersonation attacks without DMARC, ultimately leading to slower campaign operations, leaks in confidential information, and worse.

The report calls for immediate prioritization of DMARC implementation across US Senate and presidential campaigns, and insuring that these implementations are properly configured.

**About the Author**

Most US Political Campaigns Lack DMARC Email Protection

### Impact
During an explicit sign-out, the server session is not fully terminated.


Attack vector: More severe the more the remote (logically and physically) an attacker can be in order to exploit the vulnerability.

Attack complexity: More severe for the least complex attacks.

Privileges required: More severe if no privileges are required.

User interaction: More severe when no user interaction is required.

Scope: More severe when a scope change occurs, e.g. one vulnerable component impacts resources in components beyond its security scope.

Confidentiality: More severe when loss of data confidentiality is highest, measuring the level of data access available to an unauthorized user.

Integrity: More severe when loss of data integrity is the highest, measuring the consequence of data modification possible by an unauthorized user.

Availability: More severe when the loss of impacted component availability is highest.

Tag

#auth