cyberlights – week 03/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
📞 Rufnummernmissbrauch dank Verordnung drastisch zurückgegangen cybercrime – Österreich verzeichnet einen Rückgang bei missbräuchlicher Verwendung von Telefonnummern, dank einer neuen Anti-Spoofing-Verordnung. Spoofing mit ausländischen Nummern bleibt jedoch ein Problem. https://www.derstandard.at/story/3000000252624/rufnummernmissbrauch-dank-verordnung-drastisch-zurueckgegangen
🚜 FTC, States Sue Deere & Company to Protect Farmers from Unfair Corporate Tactics, High Repair Costs security news – The FTC is suing Deere for unfair practices that inflate repair costs and restrict farmers' ability to fix their own equipment, maintaining a monopoly on repairs. https://www.ftc.gov/news-events/news/press-releases/2025/01/ftc-states-sue-deere-company-protect-farmers-unfair-corporate-tactics-high-repair-costs?ref=404media.co
🔑 Passkeys: the promise of a simpler and safer alternative to passwords security news – Passkeys provide a secure, user-friendly alternative to traditional passwords, reducing the risk of cyber attacks through unique verification methods and credential management. https://www.ncsc.gov.uk/blog-post/passkeys-promise-simpler-alternative-passwords
🎓 Cyberattack forces Dutch university to cancel lectures cybercrime – Eindhoven University of Technology canceled lectures due to a cyberattack, shutting down its network for investigation. No data theft confirmed yet, but services reliant on the network are down. https://therecord.media/tu-eindhoven-cyberattack-lectures-canceled
🍱 Inside the Black Box of Predictive Travel Surveillance privacy – Governments and companies are using AI to analyze traveler data for security profiling, raising privacy concerns. Cases like Frank van der Linde highlight risks of inaccurate data and surveillance. https://www.wired.com/story/inside-the-black-box-of-predictive-travel-surveillance/
⛪️ Pastor's “dream” crypto scheme alleged to be a multi-million dollar scam cybercrime – Pastor Francier Obando Pinillo faces 26 fraud charges for allegedly running a $5.9 million cryptocurrency scam, claiming inspiration from a dream while exploiting his church community. https://www.bitdefender.com/en-us/blog/hotforsecurity/pastors-dream-crypto-scheme-alleged-to-be-a-multi-million-dollar-scam
🎮 Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters security news – A hacker accessed an admin account for Path of Exile 2, allowing them to reset passwords and steal rare in-game items from numerous players just before the game's launch. https://www.404media.co/hacker-broke-into-path-of-exile-2-admin-account-hijacked-wave-of-characters-2/
📍 A major data broker hack may have leaked precise location info for millions data breach – Gravy Analytics disclosed a data breach that may have exposed precise location data for millions, including sensitive sites. The FTC had previously targeted the company for location data practices. https://www.theverge.com/2025/1/13/24342694/gravy-analytics-location-data-broker-breach-hack-disclosed
🐂 How Barcelona became an unlikely hub for spyware startups cybercrime – Barcelona has emerged as a hub for spyware startups, attracting firms like Palm Beach Networks. Concerns arise over the potential for surveillance abuses amid a growing cybersecurity ecosystem. https://techcrunch.com/2025/01/13/how-barcelona-became-an-unlikely-hub-for-spyware-startups/
🥇 The First Password on the Internet security news – Peter Kirstein created the first password for Arpanet in 1973, ensuring security for UK users and preventing breaches during his 15-year service. The actual password remains unknown. https://www.schneier.com/blog/archives/2025/01/the-first-password-on-the-internet.html
🪴 The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says cybercrime – Huione Guarantee, an illicit marketplace facilitating $24 billion in transactions, provides services for scammers, including money laundering and fake tools. Its growth poses significant challenges for law enforcement. https://www.wired.com/story/the-largest-illicit-online-marketplace-ever-is-growing-at-an-alarming-rate/
⚠️ Achtung Fake: vailllant.at und vaillantproservice.at cybercrime – Warnings have been issued about fake websites vailllant.at and vaillantproservice.at, which impersonate legitimate services, potentially misleading users and compromising security. https://www.watchlist-internet.at/news/achtung-fake-vailllantat-und-vaillantproserviceat/
🖥️ FBI hacked thousands of computers to make malware uninstall itself cyber defense – The FBI hacked approximately 4,200 US computers to remove PlugX malware, used by Chinese state-sponsored hackers, by accessing its command-and-control server to issue self-delete commands. https://www.theverge.com/2025/1/14/24343495/fbi-computer-hack-uninstall-plugx-malware
🎭 Subtle makeup tweaks can outsmart facial recognition privacy – Researchers at PeopleTec demonstrate that subtle makeup applications can effectively disrupt facial recognition algorithms without drawing attention, offering a new approach to evade surveillance. https://www.theregister.com/2025/01/15/make_up_thwart_facial_recognition/
🔳 Opting Out of Gmail's Gemini AI Summaries Is a Mess. Here's How to Do It, We Think privacy – Google's Gemini AI feature in Gmail offers email summaries but automatically opts users in. Disabling it is complicated, as it requires turning off broader smart features, raising privacy concerns. https://www.404media.co/opting-out-of-gmails-gemini-ai-summaries-is-a-mess-heres-how-to-do-it-we-think/
💰 North Korea stole over $659M in crypto heists during 2024, deployed fake job seekers cybercrime – North Korean hackers, linked to the Lazarus Group, stole over $659 million in cryptocurrency in 2024 and infiltrated blockchain firms using fake job applications, according to a joint statement from the U.S., Japan, and South Korea. https://techcrunch.com/2025/01/14/north-korea-stole-over-659m-in-crypto-heists-during-2024-deploys-fake-job-seekers/
💔 No, Brad Pitt isn't in love with you cybercrime – Anne, a French woman, was scammed out of 830,000 Euros by fraudsters posing as Brad Pitt and his family. The emotional fallout has left her homeless and facing harassment after her story became public. https://www.bitdefender.com/en-us/blog/hotforsecurity/no-brad-pitt-isnt-in-love-with-you
Some More, For the Curious
🤖 An honest mistake – and a cautionary tale security research – Misinterpretation of sandbox results led to false malware accusations against harmless files. Context is crucial; not all suspicious behavior indicates malicious intent. https://www.gdatasoftware.com/blog/2025/01/38129-usb-network-adapter-malware
⚠️ A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls warning – A campaign targeting a zero-day vulnerability in Fortinet FortiGate firewalls has been observed, allowing attackers to access and modify configurations. Experts advise disabling public management access. https://securityaffairs.com/173050/hacking/attackers-target-zero-day-in-fortinet-fortigate-firewalls.html
🔧 Microsoft: Happy 2025. Here’s 161 Security Updates security news – Microsoft released 161 security updates, including three zero-day vulnerabilities under active attack. This marks the largest Patch Tuesday since 2017, with critical flaws affecting Windows components. https://krebsonsecurity.com/2025/01/microsoft-happy-2025-heres-161-security-updates/
📄 Your Single-Page Applications Are Vulnerable: Here's How to Fix Them cyber defense – Single-page applications (SPAs) are prone to access control vulnerabilities due to client-side rendering. Implementing robust server-side controls and using server-side rendering can mitigate these risks. https://cloud.google.com/blog/topics/threat-intelligence/single-page-applications-vulnerable/
💧 Threat actor leaked config files and VPN passwords for over Fortinet Fortigate devices data breach – The Belsen Group leaked configuration files and VPN passwords for over 15,000 Fortinet FortiGate devices, offering the data for free on a cybercrime forum, raising significant security concerns. https://securityaffairs.com/173111/cyber-crime/fortinet-fortigate-devices-data-leak.html
🦇 CISA director says threat hunters spotted Salt Typhoon on federal networks before telco compromises security news – CISA Director Jen Easterly revealed that threat hunters identified activity from the Chinese hacking group Salt Typhoon on federal networks, aiding faster responses to attacks on U.S. telecommunications. https://cyberscoop.com/salt-typhoon-us-government-jen-easterly-cisa/
🍥 Detecting Teams Chat Phishing Attacks (Black Basta) cyber defense – Black Basta ransomware group uses social engineering via Microsoft Teams, posing as IT support after flooding victims with spam emails. Detection strategies include monitoring email spikes and Teams chat creation. https://blog.nviso.eu/2025/01/16/detecting-teams-chat-phishing-attacks-black-basta/
🚗 A closer look at the Mercedes-Benz infotainment system security security research – Kaspersky's research on the Mercedes-Benz MBUX infotainment system identifies several vulnerabilities, including potential exploits via diagnostic tools and physical access, highlighting the need for improved security measures. https://securelist.com/mercedes-benz-head-unit-security-research/115218/
🎰 One Active Directory Account Can Be Your Best Early Warning cyber defense – The article discusses how a single Active Directory account can be used to detect common adversarial activities through various detection strategies, including monitoring for Kerberoasting and failed login attempts. https://www.blackhillsinfosec.com/one-active-directory-account-can-be-your-best-early-warning/
CISA Corner
📚 CISA Releases Microsoft Expanded Cloud Logs Implementation Playbook security news – CISA has released a playbook to assist organizations in utilizing Microsoft Purview Audit logs for enhanced cybersecurity, detailing log usage, ingestion into SIEM systems, and significant events in M365 services. https://www.cisa.gov/news-events/alerts/2025/01/15/cisa-releases-microsoft-expanded-cloud-logs-implementation-playbook 🛡️ CISA and FBI Release Updated Guidance on Product Security Bad Practices security news – CISA and the FBI updated their guidance on Product Security Bad Practices, enhancing recommendations for software manufacturers, especially those supporting critical infrastructure, to improve security practices. https://www.cisa.gov/news-events/alerts/2025/01/17/cisa-and-fbi-release-updated-guidance-product-security-bad-practices
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added CVE-2024-12686 and CVE-2023-48365 to its Known Exploited Vulnerabilities Catalog due to active exploitation, highlighting significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/01/13/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four vulnerabilities, including those in Fortinet and Microsoft Windows Hyper-V, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal networks. https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-50603, an OS command injection vulnerability in Aviatrix Controllers, to its Known Exploited Vulnerabilities Catalog, highlighting risks for federal networks. https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-adds-one-known-exploited-vulnerability-catalog
🔒 Fortinet Releases Security Updates for Multiple Products security news – Fortinet has issued security updates to fix vulnerabilities that could allow cybercriminals to gain control of affected systems. Users are urged to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2025/01/14/fortinet-releases-security-updates-multiple-products 🔒 Ivanti Releases Security Updates for Multiple Products security news – Ivanti has issued security updates for several of its products to address vulnerabilities that could be exploited by attackers, urging users to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2025/01/14/ivanti-releases-security-updates-multiple-products 🔒 Adobe Releases Security Updates for Multiple Products security news – Adobe has issued security updates for Photoshop, Animate, and Illustrator for iPad to fix vulnerabilities that could allow attackers to gain control of affected systems. https://www.cisa.gov/news-events/alerts/2025/01/14/adobe-releases-security-updates-multiple-products 🔒 Microsoft Releases January 2025 Security Updates security news – Microsoft has issued security updates for various products to fix vulnerabilities that could allow attackers to gain control of affected systems, urging users to apply the updates promptly. https://www.cisa.gov/news-events/alerts/2025/01/14/microsoft-releases-january-2025-security-updates
⚙️ CISA Releases Four Industrial Control Systems Advisories vulnerability – CISA has published four advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and mitigations. https://www.cisa.gov/news-events/alerts/2025/01/14/cisa-releases-four-industrial-control-systems-advisories ⚙️ CISA Releases Twelve Industrial Control Systems Advisories vulnerability – CISA published twelve advisories on January 16, 2025, addressing vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/01/16/cisa-releases-twelve-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.