Cybersecurity Center
Cybersecurity News
- Google Confirms Android SafetyCore Enables AI-Powered On-Device Content Classification (Tuesday February 11, 2025)
Google has stepped in to clarify that a newly introduced Android System SafetyCore app does not perform any client-side scanning of content. "Android provides many on-device protections that safeguard users against threats like malware, messaging spam and abuse protections, and phone scam protections, while preserving user privacy and keeping users in control of their data," a spokesperson for (HackerNews) - 4 Ways to Keep MFA From Becoming too Much of a Good Thing (Tuesday February 11, 2025)
Multi-factor authentication (MFA) has quickly become the standard for securing business accounts. Once a niche security measure, adoption is on the rise across industries. But while it’s undeniably effective at keeping bad actors out, the implementation of MFA solutions can be a tangled mess of competing designs and ideas. For businesses and employees, the reality is that MFA sometimes feels (HackerNews) - Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions (Tuesday February 11, 2025)
Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller (ADC) and load balancer that provides availability, scalability, performance, and security for business-critical (HackerNews) - Gcore DDoS Radar Reveals 56% YoY Increase in DDoS Attacks (Tuesday February 11, 2025)
Gcore’s latest DDoS Radar report analyzes attack data from Q3–Q4 2024, revealing a 56% YoY rise in the total number of DDoS attacks with the largest attack peaking at a record 2 Tbps. The financial services sector saw the most dramatic increase, with a 117% rise in attacks, while gaming remained the most-targeted industry. This period’s findings emphasize the need for robust, adaptive DDoS (HackerNews) - Apple Patches Actively Exploited iOS Zero-Day CVE-2025-24200 in Emergency Update (Tuesday February 11, 2025)
Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack. This (HackerNews) - Protecting Your Software Supply Chain: Assessing the Risks Before Deployment (Tuesday February 11, 2025)
Imagine you're considering a new car for your family. Before making a purchase, you evaluate its safety ratings, fuel efficiency, and reliability. You might even take it for a test drive to ensure it meets your needs. The same approach should be applied to software and hardware products before integrating them into an organization's environment. Just as you wouldn’t buy a car without knowing its (HackerNews) - Threat Actors Exploit ClickFix to Deploy NetSupport RAT in Latest Cyber Attacks (Tuesday February 11, 2025)
Threat actors have observed the increasingly common ClickFix technique to deliver a remote access trojan named NetSupport RAT since early January 2025. NetSupport RAT, typically propagated via bogus websites and fake browser updates, grants attackers full control over the victim's host, allowing them to monitor the device's screen in real-time, control the keyboard and mouse, upload and download (HackerNews) - FBI, Europol, and NCA Take Down 8Base Ransomware Data Leak and Negotiation Sites (Tuesday February 11, 2025)
Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang. Visitors to the data leak site are now greeted with a seizure banner that says: "This hidden site and the criminal content have been seized by the Bavarian State Criminal Police Office on behalf of the Office of the Public Prosecutor (HackerNews) - Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores (Monday February 10, 2025)
Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites. Website security company Sucuri said the code, while appearing to be a typical GTM and Google Analytics script used for website analytics and advertising purposes, contains an obfuscated backdoor capable of providing attackers with persistent (HackerNews) - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February] (Monday February 10, 2025)
In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we’ve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted. The question (HackerNews) - Don't Overlook These 6 Critical Okta Security Configurations (Monday February 10, 2025)
Given Okta's role as a critical part of identity infrastructure, strengthening Okta security is essential. This article covers six key Okta security settings that provide a strong starting point, along with recommendations for implementing continuous monitoring of your Okta security posture. With over 18,000 customers, Okta serves as the cornerstone of identity governance and security for (HackerNews) - DragonRank Exploits IIS Servers with BadIIS Malware for SEO Fraud and Gambling Redirects (Monday February 10, 2025)
Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware. "It is likely that the campaign is financially motivated since redirecting users to illegal gambling websites shows that attackers deploy BadIIS for profit," Trend Micro researchers Ted Lee and (HackerNews) - Zimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF Vulnerabilities (Monday February 10, 2025)
Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0. It has been described as an SQL injection bug in the ZimbraSync Service SOAP endpoint affecting (HackerNews) - XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells (Monday February 10, 2025)
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation of security flaws in VeraCore has been attributed to a threat actor known as XE Group, a cybercrime (HackerNews) - Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection (Saturday February 08, 2025)
Cybersecurity researchers have uncovered two malicious machine learning (ML) models on Hugging Face that leveraged an unusual technique of "broken" pickle files to evade detection. "The pickle files extracted from the mentioned PyTorch archives revealed the malicious Python content at the beginning of the file," ReversingLabs researcher Karlo Zanki said in a report shared with The Hacker News. " (HackerNews) - Teen on Musk’s DOGE Team Graduated from ‘The Com’ (Saturday February 08, 2025)
Wired reported this week that a 19-year-old working for Elon Musk's so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today's story explores, the DOGE teen is a former denizen of 'The Com,' an archipelago of Discord and Telegram chat channels that function as a kind of distributed cybercriminal social network for facilitating instant collaboration. (KrebsOnSecurity) - DeepSeek App Transmits Sensitive User and Device Data Without Encryption (Friday February 07, 2025)
A new audit of DeepSeek's mobile app for the Apple iOS operating system has found glaring security issues, the foremost being that it sends sensitive data over the internet sans any encryption, exposing it to interception and manipulation attacks. The assessment comes from NowSecure, which also found that the app fails to adhere to best security practices and that it collects extensive user and (HackerNews) - CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability (Friday February 07, 2025)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has warned that a security flaw impacting Trimble Cityworks GIS-centric asset management software has come under active exploitation in the wild. The vulnerability in question is CVE-2025-0994 (CVSS v4 score: 8.6), a deserialization of untrusted data bug that could permit an attacker to conduct remote code execution. "This could (HackerNews) - AI-Powered Social Engineering: Reinvented Threats (Friday February 07, 2025)
The foundations for social engineering attacks – manipulating humans – might not have changed much over the years. It’s the vectors – how these techniques are deployed – that are evolving. And like most industries these days, AI is accelerating its evolution. This article explores how these changes are impacting business, and how cybersecurity leaders can respond. Impersonation attacks: (HackerNews) - Microsoft Identifies 3,000 Leaked ASP.NET Keys Enabling Code Injection Attacks (Friday February 07, 2025)
Microsoft is warning of an insecure practice wherein software developers are incorporating publicly disclosed ASP.NET machine keys from publicly accessible resources, thereby putting their applications in attackers' pathway. The tech giant's threat intelligence team said it observed limited activity in December 2024 that involved an unknown threat actor using a publicly available, static ASP.NET (HackerNews) - India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud (Friday February 07, 2025)
India's central bank, the Reserve Bank of India (RBI), said it's introducing an exclusive "bank.in" internet domain for banks in the country to combat digital financial fraud. "This initiative aims to reduce cyber security threats and malicious activities like phishing; and, streamline secure financial services, thereby enhancing trust in digital banking and payment services," the RBI said in a (HackerNews) - Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware (Friday February 07, 2025)
Threat actors have been observed exploiting recently disclosed security flaws in SimpleHelp's Remote Monitoring and Management (RMM) software as a precursor for what appears to be a ransomware attack. The intrusion leveraged the now-patched vulnerabilities to gain initial access and maintain persistent remote access to an unspecified target network, cybersecurity company Field Effect said in a (HackerNews) - Experts Flag Security, Privacy Risks in DeepSeek AI App (Thursday February 06, 2025)
New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three "free" downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek's design choices -- such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies -- introduce a number of glaring security and privacy risks. (KrebsOnSecurity) - Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (Thursday February 06, 2025)
Bogus websites advertising Google Chrome have been used to distribute malicious installers for a remote access trojan called ValleyRAT. The malware, first detected in 2023, is attributed to a threat actor tracked as Silver Fox, with prior attack campaigns primarily targeting Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China. "This actor has increasingly targeted key roles (HackerNews) - Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023 (Thursday February 06, 2025)
Ransomware attacks netted cybercrime groups a total of $813.5 million in 2024, a decline from $1.25 billion in 2023. The total amount extorted during the first half of 2024 stood at $459.8 million, blockchain intelligence firm Chainalysis said, adding payment activity slumped after July 2024 by about 3.94%. "The number of ransomware events increased into H2, but on-chain payments declined, (HackerNews) - SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images (Thursday February 06, 2025)
A new malware campaign dubbed SparkCat has leveraged a suit of bogus apps on both Apple's and Google's respective app stores to steal victims' mnemonic phrases associated with cryptocurrency wallets. The attacks leverage an optical character recognition (OCR) model to exfiltrate select images containing wallet recovery phrases from photo libraries to a command-and-control (C2) server, (HackerNews) - The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025 (Thursday February 06, 2025)
Privileged Access Management (PAM) has emerged as a cornerstone of modern cybersecurity strategies, shifting from a technical necessity to a critical pillar in leadership agendas. With the PAM market projected to reach $42.96 billion by 2037 (according to Research Nester), organizations invest heavily in PAM solutions. Why is PAM climbing the ranks of leadership priorities? While Gartner (HackerNews) - North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials (Thursday February 06, 2025)
The North Korea-linked nation-state hacking group known as Kimsuky has been observed conducting spear-phishing attacks to deliver an information stealer malware named forceCopy, according to new findings from the AhnLab Security Intelligence Center (ASEC). The attacks commence with phishing emails containing a Windows shortcut (LNK) file that's disguised as a Microsoft Office or PDF document. (HackerNews) - Top 3 Ransomware Threats Active in 2025 (Thursday February 06, 2025)
You arrive at the office, power up your system, and panic sets in. Every file is locked, and every system is frozen. A ransom demand flashes on your screen: "Pay $2 million in Bitcoin within 48 hours or lose everything." And the worst part is that even after paying, there’s no guarantee you’ll get your data back. Many victims hand over the money, only to receive nothing in return, or worse, get (HackerNews) - Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc (Thursday February 06, 2025)
Cisco has released updates to address two critical security flaws Identity Services Engine (ISE) that could allow remote attackers to execute arbitrary commands and elevate privileges on susceptible devices. The vulnerabilities are listed below - CVE-2025-20124 (CVSS score: 9.9) - An insecure Java deserialization vulnerability in an API of Cisco ISE that could permit an authenticated, remote (HackerNews) - Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group Campaign (Wednesday February 05, 2025)
The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of (HackerNews) - Cybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying Attempts (Wednesday February 05, 2025)
Cybercriminals are increasingly leveraging legitimate HTTP client tools to facilitate account takeover (ATO) attacks on Microsoft 365 environments. Enterprise security company Proofpoint said it observed campaigns using HTTP clients Axios and Node Fetch to send HTTP requests and receive HTTP responses from web servers with the goal of conducting ATO attacks. "Originally sourced from public (HackerNews) - Silent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage Cyberattacks (Wednesday February 05, 2025)
A previously undocumented threat actor known as Silent Lynx has been linked to cyber attacks targeting various entities in Kyrgyzstan and Turkmenistan. "This threat group has previously targeted entities around Eastern Europe and Central Asian government think tanks involved in economic decision making and banking sector," Seqrite Labs researcher Subhajeet Singha said in a technical report (HackerNews) - New Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle Attack (Wednesday February 05, 2025)
Veeam has released patches to address a critical security flaw impacting its Backup software that could allow an attacker to execute arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2025-23114, carries a CVSS score of 9.0 out of 10.0. "A vulnerability within the Veeam Updater component that allows an attacker to utilize a Man-in-the-Middle attack to execute arbitrary code (HackerNews) - Navigating the Future: Key IT Vulnerability Management Trends (Wednesday February 05, 2025)
As the cybersecurity landscape continues to evolve, proactive vulnerability management has become a critical priority for managed service providers (MSPs) and IT teams. Recent trends indicate that organizations increasingly prioritize more frequent IT security vulnerability assessments to identify and address potential security flaws. Staying informed on these trends can help MSPs and IT teams (HackerNews) - AsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth Attacks (Wednesday February 05, 2025)
A malware campaign has been observed delivering a remote access trojan (RAT) named AsyncRAT by making use of Python payloads and TryCloudflare tunnels. "AsyncRAT is a remote access trojan (RAT) that exploits the async/await pattern for efficient, asynchronous communication," Forcepoint X-Labs researcher Jyotika Singh said in an analysis. "It allows attackers to control infected systems (HackerNews) - CISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25 (Wednesday February 05, 2025)
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-45195 (CVSS score: 7.5/9.8) - A forced browsing vulnerability in Apache OFBiz that allows a remote attacker to obtain unauthorized (HackerNews) - Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’? (Tuesday February 04, 2025)
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums. (KrebsOnSecurity) - Malicious Go Package Exploits Module Mirror Caching for Persistent Remote Access (Tuesday February 04, 2025)
Cybersecurity researchers have called attention to a software supply chain attack targeting the Go ecosystem that involves a malicious package capable of granting the adversary remote access to infected systems. The package, named github.com/boltdb-go/bolt, is a typosquat of the legitimate BoltDB database module (github.com/boltdb/bolt), per Socket. The malicious version (1.3.1) was published to (HackerNews) - Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections (Tuesday February 04, 2025)
A recently patched security vulnerability in the 7-Zip archiver tool was exploited in the wild to deliver the SmokeLoader malware. The flaw, CVE-2025-0411 (CVSS score: 7.0), allows remote attackers to circumvent mark-of-the-web (MotW) protections and execute arbitrary code in the context of the current user. It was addressed by 7-Zip in November 2024 with version 24.09. "The vulnerability was (HackerNews) - North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOS (Tuesday February 04, 2025)
The North Korean threat actors behind the Contagious Interview campaign have been observed delivering a collection of Apple macOS malware strains dubbed FERRET as part of a supposed job interview process. "Targets are typically asked to communicate with an interviewer through a link that throws an error message and a request to install or update some required piece of software such as VCam or (HackerNews) - Watch Out For These 8 Cloud Security Shifts in 2025 (Tuesday February 04, 2025)
As cloud security evolves in 2025 and beyond, organizations must adapt to both new and evolving realities, including the increasing reliance on cloud infrastructure for AI-driven workflows and the vast quantities of data being migrated to the cloud. But there are other developments that could impact your organizations and drive the need for an even more robust security strategy. Let’s take a (HackerNews) - Taiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage Risks (Tuesday February 04, 2025)
Taiwan has become the latest country to ban government agencies from using Chinese startup DeepSeek's Artificial Intelligence (AI) platform, citing security risks. "Government agencies and critical infrastructure should not use DeepSeek, because it endangers national information security," according to a statement released by Taiwan's Ministry of Digital Affairs, per Radio Free Asia. "DeepSeek (HackerNews) - AMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin Access (Tuesday February 04, 2025)
A security vulnerability has been disclosed in AMD's Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions. The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity. "Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local (HackerNews) - Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score (Tuesday February 04, 2025)
Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.9) - Azure AI Face Service (HackerNews) - Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (Tuesday February 04, 2025)
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver. Successful exploitation of the flaw could lead (HackerNews) - Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform (Tuesday February 04, 2025)
Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks. This could manifest in the form of post-exploitation actions that allow the attacker to send requests to the SharePoint API on behalf (HackerNews) - 768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023 (Monday February 03, 2025)
As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.6% of known exploited vulnerabilities (KEV) were known to be weaponized either on or before (HackerNews) - PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages (Monday February 03, 2025)
The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said. In doing so, the idea is to (HackerNews) - ⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [3 February] (Monday February 03, 2025)
This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference. Let’s take a (HackerNews) - Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions (Monday February 03, 2025)
Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week. The (HackerNews) - What Is Attack Surface Management? (Monday February 03, 2025)
Attack surfaces are growing faster than security teams can keep up – to stay ahead, you need to know what’s exposed and where attackers are most likely to strike. With cloud adoption dramatically increasing the ease of exposing new systems and services to the internet, prioritizing threats and managing your attack surface from an attacker’s perspective has never been more important. In this (HackerNews) - Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware (Monday February 03, 2025)
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS Stealer (aka AMOS), and Angel Drainer. "Specializing in identity fraud, cryptocurrency theft, and information-stealing malware, Crazy Evil employs a (HackerNews) - FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang (Friday January 31, 2025)
The FBI and authorities in The Netherlands this week seized a number of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname "The Manipulaters," have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party. (KrebsOnSecurity) - Infrastructure Laundering: Blending in with the Cloud (Thursday January 30, 2025)
In an effort to blend in and make their malicious traffic tougher to block, hosting firms catering to cybercriminals in China and Russia increasingly are funneling their operations through major U.S. cloud providers. Research published this week on one such outfit -- a sprawling network tied to Chinese organized crime gangs and aptly named "Funnull" -- highlights a persistent whac-a-mole problem facing cloud services. (KrebsOnSecurity) - A Tumultuous Week for Federal Cybersecurity Efforts (Tuesday January 28, 2025)
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation's cybersecurity posture. The president fired all advisors from the Department of Homeland Security's Cyber Safety Review Board, called for the creation of a strategic cryptocurrency reserve, and voided a Biden administration action that sought to reduce the risks that artificial intelligence poses to consumers, workers and national security. (KrebsOnSecurity) - MasterCard DNS Error Went Unnoticed for Years (Wednesday January 22, 2025)
The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals. (KrebsOnSecurity) - Chinese Innovations Spawn Wave of Toll Phishing Via SMS (Thursday January 16, 2025)
Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states. (KrebsOnSecurity) - Microsoft: Happy 2025. Here’s 161 Security Updates (Tuesday January 14, 2025)
Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three "zero-day" weaknesses that are already under active attack. Redmond's inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. (KrebsOnSecurity) - A Day in the Life of a Prolific Voice Phishing Crew (Tuesday January 07, 2025)
Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices. (KrebsOnSecurity)
Disclaimer: Some Links listed are external-links and are not managed by Western Illinois University. Western Illinois University or any of its employees shall not be held liable for any improper or incorrect use of the information described and/or contained herein and assumes no responsibility for anyone's use of the information.
Connect with us: