Cybersecurity Reading List - Week of 2025-01-27

In an effort to share not just what we’re observing on the net but what we’re reading and listening to elsewhere, the below links are provided as an abbreviated digest of media being passed around within our team as well as what we’re seeing in the security community at large. Quotes from the source will be in quotation marks; any commentary from me will be in italics.

Podcasts

CyberWire Research Saturday – The hidden cost of data hoarding – SpyCloud researchers on how Chinese state surveillance data gets sold privately as a side-hustle, as well as some significant differences from European state and criminal hacking.

ChinaTalk – DeepSeek r1 and the future of AI competition – Former OpenAI policy wonk provides some good background on the LLM that’s got the market all a-twitter. If Chinese-related tech news, and especially AI, is of interest ChinaTalk is a great, current source.

Articles and Blog Posts

404Media – Hackers claim massive breach of location data giant Gravy – and the followup – Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

Infoblox – Pushed Down the Rabbit Hole – “Once I visited the compromised site and accepted notifications, I was “pushed” into an ecosystem that not only delivered an endless torrent of malicious content but also colored the mainstream content that was delivered to me.” – Really great post on the user-experience and device progression side of mobile compromise and malicious adtech. Very much looking forward to the rest in this series.

Krebs – MasterCard DNS Error Went Unnoticed For Years – ‘All of the Akamai DNS server names that MasterCard uses are supposed to end in “akam.net” but one of them was misconfigured to rely on the domain “akam.ne.” …discovered recently by Philippe Caturegli, founder of the security consultancy Seralys.’

WatchTowr – Backdooring your backdoors – (via Ian Campbell) – “Put simply – we have been hijacking backdoors (that were reliant on now abandoned infrastructure and/or expired domains) that themselves existed inside backdoors, and have since been watching the results flood in.”

RiskyBusiness – Threat actor impersonates FSB APT for months to target Russian orgs

Sophos – Cybercriminals still not fully on board the AI train (yet) – “We noted that there does seem to have been a small shift, at least on the forums we investigated; a handful of threat actors are beginning to incorporate generative AI into their toolboxes. This mostly applied to spamming, open-source intelligence (OSINT), and, to a lesser extent, social engineering… However, as before, many threat actors on cybercrime forums remain skeptical about AI.”

CNBC – China’s DeepSeek AI dethrones ChatGPT on App Store: Here’s what you should know – The DeepSeek fiasco has made apparent some deeper market undertones that don’t inspire me with a lot of confidence for AI/LLM industries in general. What’s more interesting to me, though, is that most of what’s being reacted to is at least a month old, if not multiple months old, thanks to filings and releases from DeepSeek. Bit of a Sputnik moment, if Sputnik had instead crashed on a Bay Area lawn and started speaking in tongues.

SpyCloud – 2024 in Review – I know year-in-review posts are a dime a dozen, but this is one of the better ones I’ve read lately.

ESET – PlushDaemon compromises supply chain of Korean VPN Service 

Tenable – Salt Typhoon: An Analysis of Vulnerabilities Exploited 

LetsEncrypt – Announcing Six Day and IP Address Certificate Options – HR has politely asked me to avoid vulgarities when discussing six-day SSL certs.

DarkReading – New Docuseries Spotlights Hackers Who Helped Shape Cybersecurity – Highly anticipating this series, especially with Biella Coleman involved. Bonus: one of the interviewees is Mike Schiffman, who many of us worked with back at Farsight Security prior to the DomainTools acquisition. Mike is both brilliant and hilarious.  

TechCrunch – Edtech giant PowerSchool says hackers accessed personal data of students and teachers

AP – Trump pardons founder of Silk Road website

Research Papers and Reports

arXiv – DarkGram: A Large-Scale Analysis of Cybercriminal Activity Channels on Telegram – Provided with the caveat that arXiv is largely pre-print material, though this paper appears to have been accepted to USENIX.

Google – Google Cloud H1 2025 Threat Horizons Report – PDF link.

APNIC – Impact of scanning on authoritative nameservers 

APNIC – IP addresses through 2024

APNIC – BGP in 2024

APNIC – RPKI 2024 year in review

Tools and Resources

FIRST – DNS abuse techniques matrix

BIML – Berryville Institute of Machine Learning Bibliography – BIML adds machine learning security papers to this bibliography after being read by their research group, along with a “top 5” list. Great curated resource for MLsec.