Welcome back to the Kraven Security weekly newsletter, triaging the week. We round up the week’s top news stories, highlight our featured article, give you some learning resources, and finish with a few personal notes about what’s happening at the company. Enjoy!
Top 5 News Stories
Hackers Start Using AI Written Malware in Cyber Attacks
Hackers are now deploying AI-written malware in targeted attacks, according to HP researchers.
Top 4 takeaways:
🎯 In a campaign targeting French users, they found code likely generated by AI, which included detailed comments explaining each line—uncommon for human-written malware.
🪲 The malware delivered AsyncRAT, allowing attackers to remotely control infected systems.
🧠 Generative AI is enabling less-skilled cybercriminals to create malware more quickly, especially using methods like HTML smuggling.
📈 This trend raises concerns about AI’s role in advancing cyber threats.
Telegram Starts Cooperating with Law Enforcement
Telegram will now share users’ phone numbers and IP addresses with law enforcement if there’s a valid court order confirming criminal activity.
Top 5 takeaways:
📝 This change expands previous policies that only allowed data sharing for terrorism-related cases.
📈 Any data shared will be included in quarterly transparency reports, although the reporting bot is currently being updated.
🔎 Telegram is also enhancing its search feature to combat the promotion of illegal goods, urging users to report unsafe content.
🚔 CEO Pavel Durov was arrested in France over suspected criminal activities on the platform, prompting these changes.
👀 Despite these measures, private chats remain end-to-end encrypted, making it difficult to monitor illicit activities in those spaces.
Europol Takedown Global Phishing Operation Unlocking Stolen Phones
Europol dismantled a major phishing-as-a-service platform called iServer, which targeted mobile phone credentials, affecting over 483,000 victims globally.
Top 4 takeaways:
📧 This phishing-as-a-service platform targeted over 1.2 million mobile phones, focusing on unlocking stolen devices by harvesting user credentials.
📱 The operation revealed a structured network where “unlockers” used iServer to steal credentials and unlock stolen phones.
👮 Operation Kaerb involved multiple countries, resulting in 17 arrests and the seizure of various electronic devices and weapons.
🌎 The arrests highlight the importance of cross-border cooperation in combating cybercrime, safeguarding personal information worldwide.
Discords Adds End-to-End Encryption for Audio and Video Calls
Discord has introduced the DAVE protocol for end-to-end encryption (E2EE) in audio and video calls.
Top 5 takeaways:
🔓The protocol will secure voice and video in direct messages, group DMs, and live streams, but text messages will remain unencrypted.
🛜 DAVE uses WebRTC and Message Layer Security (MLS) for encryption, ensuring that only participants can decrypt the media.
📋 The protocol is publicly auditable, with a whitepaper and independent reviews from cybersecurity firm Trail of Bits.
👥 Discord emphasizes that while enhancing privacy, it maintains its content moderation policies to ensure user safety.
🧑💻 E2EE will be seamlessly integrated into Discord, maintaining the same high-quality experience while allowing users to verify call participants.
Rust Programming Reduces Android Memory Vulnerabilities by 52%
Google’s shift to using Rust for Android development has reduced memory-related vulnerabilities by 52% over six years.
Top 4 takeaways:
🪲 Over 2023, more than 70% of Android vulnerabilities stemmed from memory safety issues.
📈 By prioritizing memory-safe languages like Rust, Google saw a decrease in vulnerabilities from 223 in 2019 to fewer than 50 in 2024. The switch improves security by making codebases safer and more scalable.
🔗 Instead of code rewrites, Google emphasizes interoperability between Rust, C++, and Kotlin as part of a broader secure-by-design approach.
🔐 The company is investing in further development to rewrite critical parts of Android and foster a secure-by-design approach while balancing performance and interoperability.
Top Tips of the Week
Threat Intelligence
- Implement CTI in cloud security strategies. Adapt threat intelligence for the unique challenges of cloud environments.
Threat Hunting
- Share threat intelligence with industry-ISACs. Contribute to collective defense efforts against sector-specific threats.
- Implement a response plan in cyber threat hunting. Be prepared to act swiftly when a threat is detected. A well-defined plan is crucial.
Custom Tooling
- Consider integration with threat intelligence feeds in custom tools. Enhance detection capabilities with real-time threat data.
- Use secure authentication mechanisms in custom tools. Protect against unauthorized access and ensure data integrity.
- Optimize custom tools for resource efficiency. Minimize resource usage while maintaining optimal performance.
- Integrate custom tools with incident response processes. Enhance the organization’s ability to detect, respond, and recover from security incidents.
Feature Video
MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source threat intelligence platform that allows you to share, collate, analyze, and distribute threat intelligence.
In this video, you will learn how to add open-source threat intelligence feeds to your MISP instance so you can begin rapidly populating the threat intelligence platform with the latest data.
You will see the default feeds that come with MISP, how to enable these, and how to use Decaying Models to remove outdated intelligence.
Learning Resources
Learn Programming the Easy Way
If you want to get ahead in cyber, programming is a must-know skill. This video focuses on the most efficient way to learn this skill.
It explains how to focus on problem-solving rather than memorizing code using active recall, spaced repetition, and AI assistance to enhance understanding and retention. Practical coding projects solidify concepts, making the learning process efficient and engaging.
Discover a New Threat Hunting Framework
PEAK is a new threat hunting framework from David Bianco that emphasizes continuous improvement in security posture through structured methodologies, including hypothesis-driven, baseline, and model-assisted hunting.
The framework aims to provide a comprehensive approach to threat detection, emphasizing collaboration and knowledge sharing within security teams. This presentation discusses its development and how it can enhance threat hunting practices.
Enhanced Your DFIR Workflows
DFIR is a key skill that all cyber defenders must be familiar with. This fascinating presentation by Jessica Wilson discusses how you can improve your forensic workflows through simplified, scalable systems that allow you to efficiently collect and process artifacts.
By integrating tools and automating processes, teams can ensure consistent investigations and reduce time spent on manual tasks, ultimately enhancing incident management. Check it out now!
Google’s Latest AI Note-Taking and Research Assistant
Notebook LM is a powerful AI tool by Google for note-taking and research, allowing users to consolidate up to 20 data sources for comparative analysis. It facilitates easy note creation, FAQs, and study guides, making it ideal for students and professionals.
This video showcases how you can use the tool to enhance the organization and accessibility of your research materials.
Personal Notes
🤔 Another week down. Another week creating video content complete!
Our crusade to master video content creation and expand our free learning resources to different platforms was in full force this week. We’ve been busy scripting, filming, and editing more videos as we continue our MISP YouTube series.
We have also been exploring ways to make our videos better, be it by improving the script or adding more polish with VFX and SFX. At Kraven we are always looking for ways to better deliver high-quality content. Each week we are striving to improve our delivery to help you optimize your learning.
It’s very exciting to see all the improvements we have made and are excited to share our latest videos with you!
