cyberlights – week 17/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🎣 Zoom attack tricks victims into allowing remote access to install malware and steal money cybercrime – The ELUSIVE COMET group exploits Zoom to trick victims into granting remote access, allowing malware installation and asset theft. A recent attack succeeded on one CEO but failed on another. https://www.malwarebytes.com/blog/news/2025/04/zoom-attack-tricks-victims-into-allowing-remote-access-to-install-malware-and-steal-money
💳 NFC Fraud Wave: Evolution of Ghost Tap on the Dark Web cybercrime – NFC fraud is surging as cybercriminals exploit contactless payment systems for large-scale theft. The 'Ghost Tap' technique enables remote access to stolen data, posing serious security risks. https://www.resecurity.com/blog/article/nfc-fraud-wave-evolution-of-ghost-tap-on-the-dark-web
🐡 Beware of this sneaky Google phishing scam warning – Scammers are using Google and PayPal tools to craft convincing fake emails that bypass security checks, making them harder to detect. Stay vigilant against these phishing attempts. https://www.theverge.com/news/652509/google-no-reply-dkim-phishing-scam
💂 How to Protect Yourself From Phone Searches at the US Border privacy – As border searches intensify, travelers should consider using a travel phone or modifying their primary device to minimize personal data. Simple precautions can help protect privacy during crossings. https://www.wired.com/story/how-to-protect-yourself-from-phone-searches-at-the-us-border/
🛍️ Marks & Spencer confirms cybersecurity incident amid ongoing disruption cybercrime – Marks & Spencer has confirmed a cybersecurity incident affecting its operations, causing disruptions in payment systems and order pickups. The retailer is investigating with external experts, but details on customer data impact remain unclear. https://techcrunch.com/2025/04/22/marks-spencer-confirms-cybersecurity-incident-amid-ongoing-disruption/
🎥 Beware of video call links that are attempts to steal Microsoft 365 access, researchers tell NGOs security news – Researchers warn that Russia-linked hackers are targeting NGOs with phishing attempts disguised as video call invitations to capture Microsoft 365 access tokens via OAuth. Vigilance is advised against unsolicited contacts. https://therecord.media/russia-linked-phishing-microsoft365-ukraine-ngos
⛪ The Tech That Safeguards the Conclave’s Secrecy security news – As the Vatican prepares for the conclave to elect a new pope, advanced security measures like signal jammers, opaque window films, and thorough inspections are in place to ensure secrecy and integrity. https://www.wired.com/story/technology-used-to-shield-conclave-pope-francis/
💰 EU fines Apple €500 million and Meta €200 million for breaking digital market rules security news – The European Commission fined Apple €500 million and Meta €200 million for violating the Digital Markets Act, marking the first penalties under the new regulations. Both companies plan to appeal the decisions. https://therecord.media/eu-fines-apple-steering-meta-data-privacy-dma
🧿 Blue Shield of California shared the private health data of millions with Google for years data breach – Blue Shield of California disclosed a data breach involving the sharing of sensitive health information with Google since 2021, affecting 4.7 million individuals. The data sharing ended in January 2024 due to a misconfiguration. https://techcrunch.com/2025/04/23/blue-shield-of-california-shared-the-private-health-data-of-millions-with-google-for-years/
©️ WhatsApp now lets you block people from exporting your entire chat history privacy – WhatsApp's new 'Advanced Chat Privacy' feature allows users to prevent others from exporting chat histories and automatically downloading media, enhancing privacy in conversations, although it won't stop screenshots. https://www.theverge.com/news/654592/whatsapp-advanced-chat-privacy-block-exporting-chats
⚰️ Crooks exploit the death of Pope Francis cybercrime – Cybercriminals are exploiting the death of Pope Francis to launch scams and spread malware, leveraging public emotion and curiosity. Strong security practices are essential to counter these risks. https://securityaffairs.com/176917/cyber-crime/crooks-exploit-the-death-of-pope-francis.html
🌍 Even the U.S. Government Says AI Requires Massive Amounts of Water security news – A new GAO report highlights the significant environmental costs of generative AI, emphasizing its heavy demand for power and water, raising concerns about its long-term societal impact. https://www.404media.co/even-the-u-s-government-says-ai-requires-massive-amounts-of-water/
🎮 UK bans export of video game controllers to Russia to hinder attack drone pilots security news – The UK government has banned the export of video game controllers to Russia to prevent their use in piloting drones in Ukraine. This is part of a broader sanctions package aimed at limiting Russia's war efforts. https://therecord.media/uk-bans-video-game-controllers
🤌 Gmail’s New Encrypted Messages Feature Opens a Door for Scams cybercrime – Google's new end-to-end encrypted email feature may enhance security but raises concerns about phishing scams targeting non-Gmail users, as scammers could exploit the invitation system to steal credentials. https://www.wired.com/story/gmail-end-to-end-encryption-scams/
💻 North Korean IT workers seen using AI tools to scam firms into hiring them cybercrime – North Korean IT workers are leveraging generative AI tools to secure jobs at U.S. and European tech firms, facilitating their onboarding and communication while funneling earnings back to the DPRK government. https://therecord.media/north-korean-it-workers-seen-using-ai-recruitment-scams
🥴 Government officials are kind of bad at the internet security news – U.S. officials, including Secretary of Defense Pete Hegseth, have mishandled sensitive information through tech blunders, such as sharing military plans in unsecured messaging apps, highlighting poor digital security practices. https://techcrunch.com/2025/04/26/government-officials-are-kind-of-bad-at-the-internet/
🎒 Storm-1977 targets education sector with password spraying security news – Microsoft reports that the threat actor Storm-1977 is conducting password spraying attacks on the education sector, using AzureChecker.exe to validate credentials and create resources for cryptomining. https://securityaffairs.com/177067/hacking/storm-1977-targets-education-sector-with-password-spraying-microsoft-warns.html
🔑 Who needs phishing when your login's already in the wild? security news – Mandiant's report reveals that stolen credentials have become a major infection vector, surpassing email phishing. The rise in infostealers and cloud attacks emphasizes the need for multi-factor authentication. https://www.theregister.com/2025/04/23/stolen_credentials_mandiant/
🥏 A Look at a Novel Discord Phishing Attack cybercrime – Researchers from Binary Defense investigated MalenuStealer, an infostealer exploiting compromised Discord accounts to distribute malware disguised as a beta game. The attack uses social engineering to trick users into downloading malicious software. https://www.binarydefense.com/resources/blog/a-look-at-a-novel-discord-phishing-attack/
Some More, For the Curious
🤬 Microsoft’s patch for CVE-2025–21204 symlink vulnerability introduces another symlink vulnerability vulnerability – A fix for a symlink vulnerability inadvertently creates another, allowing users to block future Windows updates, risking security. Microsoft has not yet addressed this issue. https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
🔍 CERT.at – DOGE, CISA, Mitre und CVE Published security news – Concerns arose when funding for the CVE system was threatened, but a solution was found. The CVE identifiers remain vital for effective vulnerability management across organizations. https://www.cert.at/de/blog/2025/4/doge-cisa-mitre-und-cve
🎭 Example of a Payload Delivered Through Steganography malware – This article illustrates how steganography conceals malicious payloads in seemingly harmless images, making detection by security tools challenging. It explores obfuscation techniques used in malware. https://isc.sans.edu/diary/rss/31892
🦠 How Lumma Stealer sneaks into organizations malware – Lumma Stealer exploits fake CAPTCHA pages and other social engineering tactics to infiltrate systems, primarily targeting individuals and organizations. Its methods include DLL sideloading and malicious payload injections. https://securelist.com/lumma-fake-captcha-attacks-analysis/116274/
⏳ Eight days from patch to exploitation for Microsoft flaw vulnerability – Just eight days after Microsoft patched CVE-2025-24054, attackers exploited it in campaigns against targets in Poland and Romania, highlighting urgent patching needs for NTLM vulnerabilities. https://www.theregister.com/2025/04/21/microsoft_apple_patch/
🏗️ Attacker Infrastructure cyber defense – The article discusses the various components and setups used by cybercriminals to conduct attacks, including servers, tools, and networks that facilitate malicious activities. https://vulncheck.com/blog/attacker-infrastructure
🃏 Attackers stick with effective intrusion points, valid credentials and exploits security news – IBM X-Force's report reveals that identity-based attacks and exploitation of public-facing applications remain the top intrusion methods. Credential theft and phishing continue to rise, particularly in critical infrastructure sectors. https://cyberscoop.com/ibm-x-force-threat-intelligence-index-2025/
🧑🏫 Ex-NSA boss: AI devs' lesson to learn from early infosec security news – Former NSA chief Mike Rogers urges AI developers to integrate security from the start, learning from cybersecurity's past mistakes, to avoid costly fixes later and ensure responsible use in national security. https://www.theregister.com/2025/04/23/exnsa_boss_ai/
🔮 A Vulnerable Future: MITRE’s Close Call in CVE Management cyber defense – MITRE faced a crisis regarding the CVE program's future but secured an 11-month contract extension. The incident highlights the need for robust vulnerability management practices amid uncertainty. https://jfrog.com/blog/mitres-close-call-in-cve-management/
🃏 M-Trends 2025: Data, Insights, and Recommendations From the Frontlines security news – Mandiant's M-Trends 2025 report highlights evolving attack sophistication, particularly by China-linked groups using custom malware and zero-day vulnerabilities, while also noting a rise in credential theft as a major infection vector. https://cloud.google.com/blog/topics/threat-intelligence/m-trends-2025/
⛓️💥 Ripple NPM supply chain attack hunts for private keys cybercrime – Compromised versions of the Ripple NPM package, xrpl, have been found to contain malware designed to steal private keys from users, affecting developers who interact with the cryptocurrency ledger. https://www.theregister.com/2025/04/23/ripple_npm_supply_chain/
⚖️ DOGE Worker’s Code Supports NLRB Whistleblower security research – A whistleblower alleges that Elon Musk's DOGE group illegally downloaded sensitive data from the NLRB using privileged accounts, raising concerns about unfair advantages in labor disputes and data security. https://krebsonsecurity.com/2025/04/doge-workers-code-supports-nlrb-whistleblower/
🃏 VulnCheck spotted 159 actively exploited vulnerabilities in first few months of 2025 security news – In Q1 2025, VulnCheck reported that attackers exploited nearly a third of vulnerabilities within a day of disclosure, identifying 159 actively exploited vulnerabilities and highlighting the need for rapid response to emerging threats. https://cyberscoop.com/vulncheck-known-exploited-cves-q1-2025/
⛓️ Operation SyncHole: Lazarus APT targets supply chains in South Korea security research – The Lazarus Group has launched Operation SyncHole, targeting at least six South Korean firms through cyber espionage, using malware like ThreatNeedle and exploiting vulnerabilities in local software for data theft. https://securityaffairs.com/176964/apt/operation-synchole-lazarus-apt-targets-supply-chains-in-south-korea.html
⚠️ Critical Commvault Flaw Rated 10/10: CSA Urges Immediate Patching vulnerability – The CSA of Singapore warns of a critical vulnerability (CVE-2025-34028) in Commvault Command Center, rated 10/10, allowing remote code execution. Users are urged to update to patched versions immediately. https://thecyberexpress.com/commvault-vulnerability-cve-2025-34028/
🚨 SAP zero-day vulnerability under widespread active exploitation vulnerability – A critical zero-day vulnerability (CVE-2025-31324) in SAP NetWeaver systems allows unauthorized file uploads, leading to full system compromise. Active exploitation is reported, urging immediate patching for affected customers. https://cyberscoop.com/sap-netweaver-zero-day-exploit-cve-2025-31324/
📱 How to Root Android Phones hacking write-up – This guide explains rooting Android devices, detailing the process for both emulators and physical phones like the Pixel 6. It discusses the pros and cons of rooting, including the benefits for testing applications and the associated security risks. https://www.blackhillsinfosec.com/how-to-root-android-phones/
🐞 How a 20 year old bug in GTA San Andreas surfaced in Windows 11 24H2 security news – A long-standing bug in GTA San Andreas caused the Skimmer plane to disappear on Windows 11 24H2 due to changes in how the OS handles stack memory, exposing uninitialized variables and corrupting game data. https://cookieplmonster.github.io/2025/04/23/gta-san-andreas-win11-24h2-bug/
🛡️ io_uring Rootkit Bypasses Linux Security Tools security research – ARMO researchers reveal a significant security gap in Linux due to the io_uring interface, allowing rootkits to evade detection by traditional security tools. Their rootkit, Curing, exploits this blind spot, underscoring the need for improved detection methods like KRSI. https://www.armosec.io/blog/io_uring-rootkit-bypasses-linux-security/
CISA Corner
⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – CISA issued five advisories on April 22, 2025, addressing vulnerabilities in various ICS products, including Siemens and Schneider Electric systems. Users are urged to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/22/cisa-releases-five-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA issued seven advisories on April 24, 2025, addressing vulnerabilities in various ICS products, including Schneider Electric and Johnson Controls. Users are urged to review for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/04/24/cisa-releases-seven-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.