Saturday, Jan 25, 2025 // (IG): BB // GITHUB // SGM Jarrell
Over 100 Security Flaws Found in LTE and 5G Implementations
Bottom Line Up Front (BLUF): University of Florida and North Carolina State University researchers have identified 119 vulnerabilities affecting LTE and 5G network implementations. The flaws spread across platforms like Open5GS, Magma, and OpenAirInterface, could allow attackers to disrupt city-wide communication, gain unauthorized access to cellular core networks, and conduct targeted attacks.
Analyst Comments: This discovery highlights significant security gaps in LTE and 5G networks, exposing both core and access components to potential exploitation. The ability of attackers to crash critical Mobility Management Entities (MME) or Access and Mobility Functions (AMF) with a single data packet showcases the importance of securing RAN-Core interfaces. As 5G adoption accelerates, vulnerabilities in open-source implementations could serve as low-hanging fruit for malicious actors. Telecom providers and developers must prioritize vulnerability patching and improve testing procedures to protect critical infrastructure against large-scale service disruptions.
FROM THE MEDIA: Researchers identified 119 security vulnerabilities in LTE and 5G implementations across platforms like Open5GS, Magma, and srsRAN. The flaws include buffer overflows and memory corruption errors, which attackers could exploit to crash core cellular functions like the MME or AMF. Such disruptions could disable phone calls, messaging, and data services at a city-wide scale. The vulnerabilities were uncovered using a fuzzing tool called "RANsacked," which targets Radio Access Network (RAN)-Core interfaces receiving input from mobile devices and base stations. Many vulnerabilities can be exploited without authentication or a SIM card, while others require a compromised femtocell or base station. The study highlights the security risks posed by 5G’s deployment of gNodeB base stations, which are more exposed to physical threats. Researchers urge telecom providers to adopt robust fuzzing and security practices to address these risks before attackers exploit them.
READ THE STORY: THN
Japan Moves Closer to Legalizing ‘Active Cyber Defense’
Bottom Line Up Front (BLUF): Japan is advancing its Active Cyber Defense Legislation, a significant step in enhancing its cybersecurity capabilities. The proposed law allows preemptive measures to counter cyberattacks, including neutralizing attacker servers and reinforcing public-private cooperation. Despite public concerns over privacy and constitutional limits, the legislation is backed by major political parties and is expected to pass during the current Diet session.
Analyst Comments: While the legislation aligns with global cybersecurity norms, challenges remain. Privacy concerns, constitutional restrictions under Article 9, and fears of overreach will need careful navigation. The legislation reflects a growing urgency to align Japan’s cybersecurity policies with key allies like the U.S. A successful rollout will depend on public education, transparency, and collaboration with private-sector stakeholders.
FROM THE MEDIA: Japan began debating its Active Cyber Defense Legislation in the Diet, marking a turning point in the nation’s cybersecurity posture. The bill proposes measures to combat cyberattacks, including neutralizing attackers’ servers, monitoring foreign communications metadata, and obligating critical infrastructure operators to report cyber incidents. It also enables Japan’s Self-Defense Forces (SDF) to use cyber defense during severe attacks. The legislation responds to increasing cyberattacks, such as the December breach of Japan Airlines, and criticisms that Japan’s cybersecurity lags behind its allies. However, critics argue that preemptive measures may conflict with Japan’s Constitutional Peace Clause and privacy protections under Article 21. Despite these challenges, public polls show strong support, with 65% of respondents backing the bill. Opposition parties, including the Constitutional Democratic Party, support the legislation, ensuring smooth passage.
READ THE STORY: The Diplomat
SEC Reverses Guidance, Opening Doors for Banks to Hold Crypto
Bottom Line Up Front (BLUF): The U.S. Securities and Exchange Commission (SEC) has overturned the restrictive SAB 121 rule, allowing banks to offer cryptocurrency custody services without treating digital assets as liabilities on their balance sheets. This pro-crypto move, aligned with Donald Trump’s administration priorities, signals a shift toward greater institutional adoption of digital assets.
Analyst Comments: The SEC’s reversal marks a turning point in U.S. crypto regulation, setting the stage for banks to integrate digital assets into their offerings. Removing barriers for custodial services addresses a key limitation for institutions hesitant to engage in crypto markets. While it reflects Trump’s broader support for the sector, the decision could spark debate over financial risks and systemic stability. Institutional involvement may drive crypto mainstream adoption, but concerns over transparency and regulation will likely persist, necessitating careful oversight.
FROM THE MEDIA: On Thursday, the SEC reversed the Biden-era SAB 121 guidance, which required banks to classify customer-held crypto assets as liabilities, effectively deterring their involvement in cryptocurrency custody. This move removes a significant hurdle for financial institutions, enabling them to offer custodial services and expand their crypto businesses. The decision reflects President Donald Trump’s pro-crypto agenda, with his administration emphasizing a more welcoming stance toward digital assets. Acting SEC chair Mark Uyeda and Commissioner Hester Peirce have dismantled previous barriers and formed a crypto-focused task force. The financial sector responds positively, with major banks like Charles Schwab expressing interest in offering crypto-related products. Bitcoin prices reacted to the news, rising 1.5% to $105,800. Industry leaders, including BlackRock CEO Larry Fink, also push for tokenizing traditional assets, signaling broader institutional adoption. Analysts expect the SEC’s new approach to position the U.S. as a global leader in digital asset innovation.
READ THE STORY: FT
Morpheus and HellCat Ransomware Operations Found to Share Codebase
Bottom Line Up Front (BLUF): SentinelOne researchers have identified shared code between Morpheus and HellCat ransomware, suggesting both groups use a standard builder or codebase. Both ransomware variants emerged in late 2024 and exhibit identical encryption behaviors, targeting files without changing extensions. This connection highlights how affiliates in the ransomware-as-a-service (RaaS) ecosystem reuse tools to maximize efficiency.
Analyst Comments: The overlap between Morpheus and HellCat ransomware operations demonstrates the increasing fragmentation and decentralization of the ransomware ecosystem. Shared codebases allow affiliates to distribute their efforts across multiple "brands," potentially complicating attribution and mitigation. The use of identical encryption techniques without altering file extensions suggests deliberate efforts to evade detection and streamline operations. This trend underscores the resilience of RaaS models despite ongoing law enforcement disruptions. Security teams should monitor these developments closely, as similar code reuse could indicate emerging threats tied to these or other ransomware families.
FROM THE MEDIA: Both ransomware variants are 64-bit executables that use the Windows Cryptographic API for file encryption, relying on the BCrypt algorithm to generate encryption keys. The ransomware avoids encrypting critical system files and directories, such as \Windows\System32, and excludes specific extensions (.dll, .sys, .exe) from its encryption scope. Unusually, encrypted files retain their original extensions and metadata, a tactic likely aimed at minimizing user suspicion or facilitating faster encryption processes. Ransom notes for both ransomware types follow a template similar to the Underground Team ransomware group, which emerged in 2023. The discovery points to shared infrastructure or collaboration between affiliates of the two RaaS operations. While these groups are relatively new to the ransomware ecosystem, the increasing frequency of ransomware attacks—574 incidents in December 2024 alone—signals a growing and fragmented threat landscape.
READ THE STORY: THN
Asian Law Enforcement Coalition Claims Progress Against Cyber-Scam Slave Camps
Bottom Line Up Front (BLUF): The Lancang-Mekong Law Enforcement Cooperation (LMLEC), involving six Asian nations, reported dismantling several cyber-scam slave camps in 2024. These camps lure workers into forced labor through fake job offers and force them to run online scams. While LMLEC claims 70,000 arrests and 160 rescues, the camps persist, with Myanmar’s border regions remaining a hotspot.
Analyst Comments: The existence of cyber-scam slave camps highlights the intersection of human trafficking and cybercrime, with global repercussions for cybersecurity and human rights. While LMLEC’s reported progress is significant, the persistence of these camps, especially in Myanmar’s poorly policed regions, underscores the need for sustained cross-border cooperation. China’s leadership in this effort reflects its domestic stake in combating scams targeting its citizens. However, these criminal enterprises may adapt and endure without addressing regional corruption and governance issues, posing a continued threat to global cybersecurity.
FROM THE MEDIA: The LMLEC coalition, which includes China, Thailand, Cambodia, Laos, Myanmar, and Vietnam, was established in 2024 to combat cyber-scam slave camps across Southeast Asia. These camps use fake job offers to lure victims, confiscate their passports, and force them into running tech support scams, investment frauds, and other online crimes. Workers are often subjected to violence, inhumane conditions, and crippling debt. In 2024, LMLEC operations led to the arrest of 70,000 suspects and the rescue of 160 individuals, according to Chinese media. The coalition also disrupted weapons smuggling tied to these criminal networks. Despite these efforts, the camps remain entrenched, particularly in Myanmar’s Myawaddy region, where law enforcement is weak, and reports suggest complicity by local authorities. China, which estimates over 100,000 of its citizens have fallen victim to these operations, has pushed for deeper intelligence sharing and joint operations under LMLEC. The group has pledged to intensify efforts in 2025, focusing on dismantling camps and addressing corruption that enables their existence.
READ THE STORY: The Register
Mexico and Canada Unite Against Trump’s Tariff Threats
Bottom Line Up Front (BLUF): Facing President Donald Trump’s threats of 25% tariffs on exports to the U.S., Mexico and Canada have formed a unified front to defend their economies. Trump claims the tariffs are retaliation for illegal immigration and drug trafficking, with potential implementation on February 1. Both nations warned the tariffs would harm consumers and economies across all three USMCA member countries.
Analyst Comments: Trump’s tariff threats mark a return to hardline trade policies that characterized his first term, using economic pressure to extract concessions from trade partners. The coordinated response by Canada and Mexico highlights the interconnectedness of the USMCA economies and the shared stakes in mitigating economic fallout. A potential renegotiation of USMCA to curb China’s regional influence and reduce trade deficits could strain diplomatic relations further. The situation also signals heightened financial uncertainty, especially as retaliatory tariffs are likely, raising costs for businesses and consumers.
FROM THE MEDIA: Since his November 2024 election victory, President Trump has warned of imposing 25% tariffs on all exports from Mexico and Canada to the U.S., citing concerns over illegal immigration and fentanyl trafficking. These threats come as 75% of Mexico and Canada’s exports depend on the U.S. market under the USMCA trade agreement. Canada’s Chamber of Commerce predicts a 2.6% GDP shrinkage if the tariffs are implemented, while Mexico has outlined retaliatory tariffs targeting key Republican states. Both countries are working to present a united narrative to emphasize that the tariffs would harm consumers and businesses in all three countries. Trump has also raised the possibility of renegotiating the USMCA, emphasizing stricter rules to limit Chinese influence in Mexico’s economy and reduce U.S. trade deficits. Canadian Prime Minister Justin Trudeau and Mexican President Claudia Sheinbaum are working to address Trump’s demands, with Canada committing over $1 billion to border security and Mexico stepping up enforcement against illegal immigration.
READ THE STORY: FT
Multiple Vulnerabilities Found in Palo Alto Networks Firewalls
Bottom Line Up Front (BLUF): A report from Eclypsium revealed critical firmware vulnerabilities in Palo Alto Networks' PA-3260, PA-1410, and PA-415 firewall models. These flaws, dubbed "PANdora's Box," include Secure Boot bypass, privilege escalation, and firmware modification risks. While Palo Alto Networks claims these exploits are difficult to achieve under standard configurations, organizations are advised to apply firmware updates and follow best practices to mitigate risks.
Analyst Comments: The discovery of widespread vulnerabilities in Palo Alto Networks firewalls highlights the importance of securing even the devices designed to protect critical infrastructure. Threat actors targeting these flaws could potentially bypass fundamental security measures, exposing sensitive networks. Although Palo Alto asserts that standard configurations limit exploitability, organizations should not underestimate the risks, especially given rising supply chain attacks. Proactive measures, including vendor assessments, firmware updates, and continuous device integrity monitoring, are essential to safeguard against these vulnerabilities.
FROM THE MEDIA: Eclypsium researchers uncovered multiple firmware vulnerabilities in Palo Alto Networks’ firewall models PA-3260, PA-1410, and PA-415, collectively called "PANdora’s Box." These include critical issues like BootHole (CVE-2020-10713), which bypasses Secure Boot; PixieFail, which exploits UEFI network protocol stack vulnerabilities for code execution, and LogoFAIL, which bypasses Secure Boot through image parsing flaws in UEFI firmware. Other flaws, such as insecure SPI flash access and an Intel BootGuard bypass, enable attackers to modify the firmware and execute malicious code during startup. The Trusted Platform Module (TPM) vulnerability (CVE-2023-1017) further exposes devices to out-of-bounds writes. While Palo Alto Networks emphasized that exploitation is unlikely in adequately configured systems, it collaborates with third-party vendors to release firmware updates and mitigate these risks.
READ THE STORY: THN
Stargate AI Project to Exclusively Serve OpenAI
Bottom Line Up Front (BLUF): The Stargate AI infrastructure project, backed by SoftBank, OpenAI, Oracle, and Abu Dhabi's MGX, plans to invest up to $500 billion over four years to bolster OpenAI's access to data and computing power. Stargate remains in the early stages despite its ambitious scope, with funding, structure, and financing still being finalized.
Analyst Comments: While this exclusivity underscores OpenAI's dominance in the AI space, it also raises concerns about the monopolization of resources and competition among major AI players. However, the lack of finalized funding and operational details suggests the project could face significant delays or challenges. Partnerships with key players like SoftBank, Oracle, and MGX provide credibility but may not fully address the scale of investment required. Stargate’s progress will shape AI development and the geopolitical competition for technological leadership.
FROM THE MEDIA: Stargate, a high-profile AI infrastructure initiative announced by President Donald Trump, will exclusively support OpenAI. The venture, backed by OpenAI, SoftBank, Oracle, and Abu Dhabi's MGX, aims to invest $100 billion initially, with the potential to grow to $500 billion over four years. OpenAI and SoftBank have pledged $15 billion each and plan to raise additional funds through equity and debt. While the first facility in Abilene, Texas, is under construction, the project remains in its early stages, with key aspects like financing and structure still unresolved. SoftBank and OpenAI are leading the effort, with Oracle providing technological support but no direct capital investment. Microsoft, despite its close ties to OpenAI, is not a funding partner for Stargate.
READ THE STORY: FT
Items of interest
Hungary Threatens EU Sanctions Renewal Over Russian Gas Transit
Bottom Line Up Front (BLUF): Hungary's Prime Minister Viktor Orbán has threatened to veto the renewal of EU sanctions against Russia unless Ukraine reopens gas transit routes for Russian exports through its territory. This move comes as the EU faces a January 31 deadline to unanimously extend sanctions. Orbán’s demands include ensuring the security of pipelines carrying Russian energy and resuming gas flows through Ukraine.
Analyst Comments: Orbán's strategy highlights his consistent use of energy dependency as leverage in EU negotiations, aligning with Hungary's reliance on Russian gas. This stance risks undermining EU unity against Russia at a critical moment, especially as the U.S. pressures Moscow with potential new sanctions. If Hungary blocks the rollover, the EU may need to explore alternative sanctions mechanisms, which could complicate enforcement and cohesion. Orbán's actions also strengthen his alignment with other leaders like Slovakia’s Robert Fico, who share similar energy concerns, potentially creating further divisions within the EU bloc.
FROM THE MEDIA: Viktor Orbán has signaled his intent to veto the EU’s sanctions renewal against Russia unless Ukraine guarantees the resumption of Russian gas transit through its territory. He stated that sanctions have cost Hungary €19 billion since 2022 and accused Ukraine of exacerbating the issue by refusing to renew its transit agreement with Gazprom. Hungary, Slovakia, and Austria were the last EU nations to import gas via Ukraine. Still, with the transit deal expiring, Hungary has turned to Turkey for imports through the TurkStream pipeline. Slovakia, led by Robert Fico, has also lobbied for resuming transit through Ukraine, citing a €1.5 billion annual economic impact from its loss. EU diplomats expect Orbán to eventually approve the sanctions after extracting concessions, a tactic he has employed in the past. However, if he holds firm, the EU may have to resort to bilateral measures to maintain restrictions on Russia, potentially complicating the bloc's unified response to the Ukraine conflict.
READ THE STORY: FT
Ten EU Nations Demand TOTAL BAN on Russian Gas Imports (Video)
FROM THE MEDIA: A joint statement by ten EU countries calls for a total ban on Russian gas, accelerating the timeline laid out in the RePowerEU strategy. This bold move could reshape Europe’s energy landscape and weaken Moscow’s war chest.
Sanctions against Russia - How come Europe is importing more LNG now than ever before (Video)
FROM THE MEDIA: Despite sanctions on Russia, Europe’s liquefied natural gas (LNG) imports have surged to record levels, driven by the need to replace piped Russian gas and ensure energy security. Major suppliers like the U.S., Qatar, and Norway have stepped in to meet demand, but ironically, some of the LNG still originates from Russia, creating a loophole in Europe's sanctions framework.
The selected stories cover a broad array of cyber threats and are intended to aid readers in framing key publicly discussed threats and overall situational awareness. InfoDom Securities does not endorse any third-party claims made in its original material or related links on its sites; the opinions expressed by third parties are theirs alone. For further questions, please contact InfoDom Securities at dominanceinformation@gmail.com.