cyberlights - week 13/2025
from 📰wrzlbrmpft's cyberlights💥
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🎮 New Phishing Campaign Uses Browser-in-the-Browser Attacks to Target Video Gamers/Counter-Strike 2 Players cybercrime – A phishing campaign targets Counter-Strike 2 players using fake browser pop-ups to steal Steam account credentials, potentially reselling them. Be cautious of misleading login prompts! https://www.silentpush.com/blog/browser-in-the-browser-attacks/
🧬 23andMe faces an uncertain future — so does your genetic data privacy – 23andMe is facing bankruptcy after a significant data breach, raising concerns about the fate of its 15 million customers' genetic data. Customers are urged to consider deleting their accounts to protect their information. https://techcrunch.com/2025/03/24/23andme-faces-an-uncertain-future-so-does-your-genetic-data/
🗺️ More Countries are Demanding Backdoors to Encrypted Apps privacy – Countries like Sweden and France are pushing for backdoors in encrypted apps, following the UK’s lead with Apple. Such measures threaten user privacy and security, warns Schneier. https://www.schneier.com/blog/archives/2025/03/more-countries-are-demanding-back-doors-to-encrypted-apps.html
🔑 The Best Password Managers to Secure Your Digital Life security news – The article reviews various password managers, highlighting their features and security benefits. It emphasizes the importance of using a password manager for protecting online accounts and suggests options like Bitwarden, 1Password, and Dashlane as top choices. Comment: Please, use a password manager! https://www.wired.com/story/best-password-managers/
🐜 Chinese APT Weaver Ant infiltrated a telco for over four years cybercrime – APT Weaver Ant, linked to China, compromised a telecom provider for over four years using advanced web shells for persistence and data exfiltration. https://securityaffairs.com/175800/apt/chinese-apt-weaver-ant-infiltrated-a-telco-for-over-four-years.html
💸 US lifts sanctions on Tornado Cash, a crypto mixer linked to North Korean money laundering security news – The U.S. Treasury has lifted sanctions on Tornado Cash, a crypto mixer previously linked to laundering $7 billion for North Korean hackers, following a legal dispute. Concerns about ongoing crypto threats remain. https://techcrunch.com/2025/03/24/us-lifts-sanctions-on-tornado-cash-a-crypto-mixer-linked-to-north-korean-money-laundering/
🛡️ How to Enter the US With Your Digital Privacy Intact privacy – Traveling to the U.S. poses risks to digital privacy, prompting experts to recommend using minimal data devices, encrypting information, and being cautious with passwords to protect against customs searches. https://www.wired.com/2017/02/guide-getting-past-customs-digital-privacy-intact/
🕵️♀️ Report on Paragon Spyware cybercrime – Citizen Lab's report reveals Paragon Solutions, an Israeli spyware company, linked to law enforcement in Canada and a zero-click exploit affecting WhatsApp users. Forensic analyses confirmed spyware presence on targeted devices. https://www.schneier.com/blog/archives/2025/03/report-on-paragon-spyware.html
🎣 A Sneaky Phish Just Grabbed my Mailchimp Mailing List data breach – A phishing attack targeted the author's Mailchimp account, leading to unauthorized access and the export of a mailing list containing 16,000 records. The incident highlights the importance of vigilance against phishing attempts. Comment: It can happen to anybody. https://www.troyhunt.com/a-sneaky-phish-just-grabbed-my-mailchimp-mailing-list/
🥉 Generative AI browser extensions not great for privacy privacy – Researchers found that generative AI browser extensions often collect sensitive personal data with minimal safeguards, potentially violating privacy regulations. They urge better vetting and design improvements to protect user privacy. https://www.theregister.com/2025/03/25/generative_ai_browser_extensions_privacy/
🥾 Privacy-boosting tech could prevent breaches, data misuse with government aid, report says privacy – A report recommends that governments prioritize privacy-enhancing technologies (PETs) like encryption and de-identification to prevent data breaches and misuse, advocating for incentives and long-term contracts to support their advancement. https://cyberscoop.com/privacy-boosting-tech-could-prevent-breaches-data-misuse-with-government-aid-report-says/
📱 Senators criticize Trump officials’ discussion of war plans over Signal, but administration answers don’t come easily security news – Democratic senators criticized national security officials for discussing war plans on Signal, which included a journalist. Officials struggled to provide clear answers on specifics, raising concerns about the use of the app for sensitive discussions. https://cyberscoop.com/democratic-senators-question-national-security-officials-over-war-plans-signal-chat/
🧟 Open source devs say AI crawlers dominate traffic, forcing blocks on entire countries security news – Open source developers report that aggressive AI crawlers are overwhelming their infrastructure, causing instability and prompting measures like VPNs and proof-of-work challenges. https://arstechnica.com/ai/2025/03/devs-say-ai-crawlers-dominate-traffic-forcing-blocks-on-entire-countries/
🔍 How to tell if your online accounts have been hacked security news – As hackers increasingly target individuals, it's crucial to know how to check if your online accounts have been compromised. The article outlines steps for securing various accounts, including Gmail, Facebook, and more, emphasizing the importance of multi-factor authentication. https://techcrunch.com/2025/03/25/how-to-tell-if-your-online-accounts-have-been-hacked/
🔐 Google fixes Chrome zero-day security flaw used in hacking campaign targeting journalists vulnerability – Google has patched a zero-day vulnerability (CVE-2025-2783) in Chrome exploited in a hacking campaign targeting journalists via phishing emails. https://techcrunch.com/2025/03/26/google-fixes-chrome-zero-day-security-flaw-used-in-hacking-campaign-targeting-journalists/
🌉 You Need to Use Signal's Nickname Feature security news – Following a significant leak involving U.S. officials discussing sensitive plans in a Signal group chat, the article highlights the importance of using Signal's nickname feature to prevent similar mistakes when adding contacts. https://www.404media.co/you-need-to-use-signals-nickname-feature/
📷 UK's first permanent facial recognition cameras installed privacy – The Metropolitan Police will install the UK's first permanent live facial recognition cameras in Croydon to combat crime. Privacy advocates warn this expands state surveillance and may infringe on individual rights. https://www.theregister.com/2025/03/27/uk_facial_recognition/
⚠️ When Getting Phished Puts You in Mortal Danger security research – Uncovered a Russian phishing campaign targeting individuals seeking to join anti-Kremlin paramilitary groups, potentially endangering their freedom or lives. The campaign uses fake recruitment sites to collect personal information, highlighting the dangers of cyber deception. https://krebsonsecurity.com/2025/03/when-getting-phished-puts-you-in-mortal-danger/
🛡️ Browser extension sales, updates pose hidden threat to enterprises security news – Browser extensions can be bought and repurposed without warning, posing security risks for organizations. Users often remain unaware of ownership changes, leading to potential malicious exploitation of sensitive data. https://cyberscoop.com/browser-extension-sales-permissions-hidden-threat/
🦊 Mozilla fixed critical Firefox vulnerability CVE-2025-2857 vulnerability – Mozilla addressed a critical vulnerability (CVE-2025-2857) in Firefox for Windows that could lead to a sandbox escape. This follows a similar issue in Chrome, which was actively exploited. https://securityaffairs.com/175945/security/mozilla-fixed-critical-firefox-vulnerability-cve-2025-2857.html
💻 VanHelsing Ransomware: What You Need To Know security news – VanHelsing is a new ransomware-as-a-service operation targeting various platforms. It allows affiliates to launch attacks while keeping 80% of ransom payments. Organizations are urged to implement strong security measures to protect against potential attacks. https://www.tripwire.com/state-of-security/vanhelsing-ransomware-what-you-need-know
🔓 Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII data breach – Oracle is facing reports of two data breaches: one involving Oracle Health, exposing patient data, and another involving Oracle Cloud, with 6 million records of authentication data. The company has not confirmed these breaches. https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/
Some More, For the Curious
🗄️ Fileless lateral movement with trapped COM objects security research – Researchers have developed a fileless lateral movement technique using trapped COM objects to exploit DCOM, enabling privilege escalation and bypassing security protections. This method raises significant security concerns. https://www.ibm.com/think/news/fileless-lateral-movement-trapped-com-objects
🛳️ Bypassing Detections with Command-Line Obfuscation security research – Command-line obfuscation can evade detection by altering executable arguments. The new tool, ArgFuscator, aids in generating these obfuscated commands, posing significant challenges for security measures. https://www.wietzebeukema.nl/blog/bypassing-detections-with-command-line-obfuscation
☑️ Despite challenges, the CVE program is a public-private partnership that has shown resilience security news – The CVE program, established 25 years ago, remains vital for cybersecurity, despite challenges like data quality and funding. Experts praise its resilience and importance in identifying vulnerabilities. https://cyberscoop.com/cve-program-history-mitre-nist-1999-2024/
⚠️ CVE-2025-29927 – Authorization Bypass Vulnerability in Next.js: All You Need to Know vulnerability – A critical authorization bypass vulnerability (CVE-2025-29927) affects multiple Next.js versions, allowing attackers to bypass security checks. Users are advised to upgrade or mitigate by blocking the vulnerable header. https://jfrog.com/blog/cve-2025-29927-next-js-authorization-bypass/
⚖️ Tor-backer OTF sues to save its funding from Trump cuts security news – The Open Technology Fund is suing the Trump administration to prevent the cancellation of its federal funding, fearing it will hinder internet security projects like Tor and Let's Encrypt, vital for global online privacy. https://www.theregister.com/2025/03/25/otf_tor_lets_encrypt_funding_lawsuit/
📺 Authentication bypass CVE-2025-22230 impacts VMware Windows Tools vulnerability – CVE-2025-22230 is a high-severity authentication bypass vulnerability in VMware Tools for Windows, allowing low-privileged attackers to escalate privileges. Security updates have been released to address the flaw. https://securityaffairs.com/175858/security/authentication-bypass-cve-2025-22230-in-vmware-tools-for-windows.html
🔔 Kritische Sicherheitslücken in Kubernetes Ingress NGINX Controller – Updates verfügbar warning https://www.cert.at/de/warnungen/2025/3/kubernetes-ingress-nginx-controller-vulnerabilities
🅰️ Austria uncovers alleged Russian disinformation campaign spreading lies about Ukraine security news – Austrian authorities revealed a Russian disinformation campaign aimed at spreading false narratives about Ukraine, linked to a Bulgarian woman accused of spying. The operation targeted German-speaking countries and utilized online misinformation and nationalist symbols. https://therecord.media/austria-uncovers-russian-disinfo-campaign
🔒 Go-Spoof: A Tool for Cyber Deception hacking write-up – Ben Bowman from Black Hills Information Security discusses Go-Spoof, a revamped tool for cyber deception that makes all ports appear open with fake banners, enhancing security and complicating attackers' efforts. https://www.blackhillsinfosec.com/go-spoof-a-tool-for-cyber-deception/
🥩 Stealing user credentials with evilginx hacking write-up – Evilginx is a tool that exploits vulnerabilities to steal user credentials and session tokens, allowing attackers to bypass multi-factor authentication. The article discusses how it works, detection methods, and potential mitigations to protect against such attacks. https://news.sophos.com/en-us/2025/03/28/stealing-user-credentials-with-evilginx/
⛔ What not to do with on prem virtualization cyber defense – The article discusses common misconfigurations in on-premises virtual machine environments, highlighting risks such as unencrypted VM backups and broken tiering that can lead to privilege escalation and security breaches. It emphasizes the importance of access control and integrity in securing virtual systems. https://therealunicornsecurity.github.io/What-not-to-do-with-vms/
CISA Corner
🦠 MAR-25993211-r1.v1 Ivanti Connect Secure (RESURGE) malware – The article details a backdoor dropper rootkit named RESURGE, identified by CISA. The malware targets GNU/Linux systems, with specific signatures and capabilities. Antivirus detection has classified it as a variant of Linux/SpawnSnail.A trojan. https://www.cisa.gov/news-events/analysis-reports/ar25-087a
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-30154, a vulnerability in GitHub Actions, to its Known Exploited Vulnerabilities Catalog due to active exploitation risks, emphasizing the need for federal agencies to remediate it promptly. https://www.cisa.gov/news-events/alerts/2025/03/24/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2025-2783, a Google Chromium Mojo sandbox escape vulnerability, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, urging federal agencies to address the risk promptly. https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two Sitecore CMS vulnerabilities (CVE-2019-9874 and CVE-2019-9875) to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to remediate these risks promptly. https://www.cisa.gov/news-events/alerts/2025/03/26/cisa-adds-two-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA has issued four advisories regarding vulnerabilities in Industrial Control Systems, including products from ABB and Rockwell Automation. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/25/cisa-releases-four-industrial-control-systems-advisories ⚙️ CISA Releases One Industrial Control Systems Advisory vulnerability – CISA has issued an advisory (ICSA-25-037-01) regarding a vulnerability in Schneider Electric's EcoStruxure Power Monitoring Expert. Users are urged to review the advisory for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/03/27/cisa-releases-one-industrial-control-systems-advisory
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.