cyberlights – week 04/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 Selling followers where the skies are blue security news – A network of over 8,000 fake Bluesky accounts aims to exploit the platform's growth by selling followers. Many accounts exhibit bot-like behavior. https://conspirator0.substack.com/p/selling-followers-where-the-skies
🕵️♂️ The Powerful AI Tool That Cops (or Stalkers) Can Use to Geolocate Photos in Seconds privacy – GeoSpy, an AI tool from Graylark Technologies, can quickly determine photo locations using image features, raising concerns about its use by law enforcement and potential misuse by stalkers. https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocate-photos-in-seconds/
🚗 Experts found multiple flaws in Mercedes vulnerability – Kaspersky researchers uncovered several vulnerabilities in the Mercedes-Benz MBUX infotainment system, allowing attackers with physical access to disable anti-theft features and modify vehicle settings. https://securityaffairs.com/173275/hacking/mercedes-benz-infotainment-system-flaws.html
💰 Medusa Ransomware: What You Need To Know cybercrime – Medusa ransomware, a RaaS platform, exploits vulnerable systems via initial access brokers, encrypting files and demanding ransom. It targets various sectors, primarily in the U.S., and threatens to leak stolen data. https://www.tripwire.com/state-of-security/medusa-ransomware-what-you-need-know
🌋 AI Mistakes Are Very Different from Human Mistakes security research – AI mistakes differ from human errors, often being unpredictable and lacking self-awareness. New systems are needed to adapt to AI's unique mistake patterns and enhance reliability. https://www.schneier.com/blog/archives/2025/01/ai-mistakes-are-very-different-from-human-mistakes.html
🌍 Cloudflare Issue Can Leak Chat App Users' Broad Location privacy – A vulnerability in Cloudflare allows attackers to determine the approximate location of users in messaging apps like Signal and Discord by sending images. This emphasizes the need for at-risk users to secure their network activity. https://www.404media.co/cloudflare-issue-can-leak-chat-app-users-broad-location/
🖥️ Ransomware groups pose as fake tech support over Teams cybercrime – Sophos researchers discovered ransomware groups exploiting Microsoft 365 and Teams by inundating targets with spam, then posing as IT support to gain remote access and deploy malware. https://cyberscoop.com/ransomware-groups-pose-as-fake-tech-support-over-teams/
🔓 Trump Frees Silk Road Creator Ross Ulbricht After 11 Years in Prison security news – Donald Trump pardoned Ross Ulbricht, creator of the Silk Road dark-web market, after over a decade in prison. Supporters view him as a libertarian martyr, despite serious criminal allegations. https://www.wired.com/story/trump-frees-silk-road-creator-ross-ulbricht-after-11-years-in-prison/
🎯 Targeted supply chain attack against Chrome browser extensions security research – A supply chain attack compromised multiple Chrome extensions, targeting sensitive user data through phishing and malicious OAuth applications. The attack may have affected hundreds of thousands of users. https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
📚 What PowerSchool isn’t saying about its ‘massive’ student data breach data breach – PowerSchool confirmed a significant data breach affecting millions of students but has not disclosed how many schools were impacted, the scale of data stolen, or whether a ransom was paid. https://techcrunch.com/2025/01/22/what-powerschool-isnt-saying-about-its-massive-student-data-breach/
🔍 You Can't Trust Hackers, and Other Data Breach Verification Tales cybercrime – A cybersecurity expert shares a story of attempting to verify a data breach claim from a hacker, revealing how recycled data from previous breaches is often misrepresented. The conversation highlights the importance of verifying data breach claims. https://www.troyhunt.com/you-cant-trust-hackers-and-other-data-breach-verification-tales/
🔒 Cisco addresses a critical privilege escalation bug in Meeting Management vulnerability – Cisco fixed a critical privilege escalation vulnerability (CVE-2025-20156) in its Meeting Management software, allowing remote authenticated attackers to gain admin privileges. No attacks have been reported in the wild. https://securityaffairs.com/173361/security/cisco-meeting-management-critical-flaw.html
🚗 Subaru Security Flaws Exposed Its System for Tracking Millions of Cars privacy – Researchers discovered vulnerabilities in Subaru's system that allowed remote access to vehicles and a year of precise location data. Despite patching the flaws, privacy concerns remain about employee access to sensitive data. https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
🌀 Developer Creates Infinite Maze That Traps AI Training Bots security research – A developer has created Nepenthes, an open-source tool that traps AI training web crawlers in an infinite loop of links, wasting their resources. It serves as both a protective measure for content and an offensive honeypot. https://www.404media.co/developer-creates-infinite-maze-to-trap-ai-crawlers-in/
⚡ Researchers say new attack could take down the European power grid security research – Researchers found that Central Europe's power grid uses unencrypted radio signals for control, allowing potential exploitation to disrupt power supply. The vulnerabilities highlight significant security risks in critical infrastructure management. https://arstechnica.com/security/2025/01/could-hackers-use-new-attack-to-take-down-european-power-grid/
🔧 Google is giving IT more control over your Chrome extensions security news – Google has introduced new features for IT admins in Chrome Enterprise, allowing them to better manage browser extensions by promoting approved ones, customizing the Chrome Web Store UI, and soon enabling remote removal of extensions. https://www.theverge.com/2025/1/23/24350178/google-chrome-extensions-admin-enterprise-controls
💸 PayPal penalized $2 million over data breach involving 35K Social Security numbers data breach – PayPal will pay a $2 million penalty for a December 2022 data breach that exposed nearly 35,000 Social Security numbers due to inadequate cybersecurity measures and training, according to New York regulators. https://therecord.media/paypal-penalty-millions-data-breach
🔗 Beware of Contacts through LinkedIn: They Target Your Organization’s Property, Not Yours – JPCERT/CC Eyes warning – JPCERT/CC warns that unauthorized access incidents in Japan have increased, utilizing LinkedIn as a vector for attacks by the Lazarus group. Companies are advised to restrict social media use on work devices to mitigate risks. https://blogs.jpcert.or.jp/en/2025/01/initial_attack_vector.html
Some More, For the Curious
🔍 cURL Project and Go Security Teams Reject CVSS as Broken security news – The cURL and Go teams are abandoning CVSS due to its misleading severity scores. They advocate for context-driven assessments, highlighting growing discontent with the framework's effectiveness in vulnerability management. https://socket.dev/blog/curl-project-and-go-security-teams-reject-cvss-as-broken
🌐 ChatGPT crawler flaw opens door to DDoS, prompt injection vulnerability – A vulnerability in ChatGPT's API allows for potential DDoS attacks by flooding target websites with requests. The flaw raises concerns about security practices and prompt injection risks. https://www.theregister.com/2025/01/19/openais_chatgpt_crawler_vulnerability/
🔥 50K Fortinet firewalls still vulnerable to latest zero-day security news – Nearly 50,000 Fortinet firewalls remain vulnerable to the CVE-2024-55591 zero-day exploit. Despite warnings, many customers, particularly in Asia, have not applied necessary patches, risking severe network breaches. https://www.theregister.com/2025/01/21/fortinet_firewalls_still_vulnerable/
💳 MasterCard DNS Error Went Unnoticed for Years security research – MasterCard fixed a critical DNS misconfiguration that could have allowed traffic interception for nearly five years. A researcher prevented potential exploitation by registering the incorrect domain, but MasterCard downplayed the risk. https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/
🩺 Medical Device Company Tells Hospitals They're No Longer Allowed to Fix Machine That Costs Six Figures security news – Terumo Cardiovascular has mandated that repairs for its Advanced Perfusion System 1 Heart Lung Machine must now be conducted by the manufacturer, increasing costs for hospitals and limiting in-house repair capabilities. https://www.404media.co/medical-device-company-tells-hospitals-theyre-no-longer-allowed-to-fix-machine-that-costs-six-figures/
⚠️ Kritische Sicherheitslücke in SonicWall SMA1000 – aktiv ausgenutzt – Update verfügbar warning https://www.cert.at/de/warnungen/2025/1/sonicwall-amc-cmc-rce
🚪 New backdoor discovered that specifically targets Juniper routers vulnerability – Researchers found a backdoor, dubbed 'J-Magic,' targeting Juniper routers, using 'magic packets' to execute commands and establish a reverse shell. This stealthy malware campaign highlights vulnerabilities in network infrastructure. https://cyberscoop.com/jmagic-juniper-networks-backdoor-freebsd-vpn/
🚨 New Law Could Mean Prison for Reporting Data Leaks security news – Turkey's proposed cybersecurity law could criminalize reporting on data breaches, imposing prison sentences for those perceived to create false perceptions of breaches, raising concerns about free speech and discouraging transparency in cybersecurity. https://www.tripwire.com/state-of-security/new-law-could-mean-prison-reporting-data-leaks
📧 Seasoning email threats with hidden text salting cyber defense – Cisco Talos reports an increase in email threats using hidden text salting to bypass detection systems. This technique conceals malicious content in HTML emails, complicating threat detection and mitigation. https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/
🏆 Participants in the Pwn2Own Automotive 2025 earned $886,250 security news – The Pwn2Own Automotive 2025 contest concluded with participants earning $886,250 by demonstrating 49 zero-day vulnerabilities. Sina Kheirkhah won the Master of Pwn title with significant exploits on EV chargers. https://securityaffairs.com/173426/breaking-news/pwn2own-automotive-2025-final-results.html
🔔 Cisco warns of a ClamAV bug with PoC exploit vulnerability – Cisco has addressed a medium-severity denial-of-service vulnerability (CVE-2025-20128) in ClamAV, with proof-of-concept exploit code now available. The flaw can cause crashes during scans on affected devices. https://securityaffairs.com/173446/uncategorized/cisco-fixed-clamav-dos-flaw.html
🛠️ USB Army Knife: The Ultimate Close Access Penetest Tool security research – The USB Army Knife is a versatile red teaming tool that enables various attack vectors, including keystroke injection and network traffic capture. Its ease of installation and multifunctionality make it essential for penetration testers. https://www.mobile-hacker.com/2025/01/24/usb-army-knife-the-ultimate-close-access-penetest-tool/
CISA Corner
🔗 Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications security news – CISA and FBI issued a cybersecurity advisory on vulnerabilities in Ivanti Cloud Service Appliances exploited in 2024. Threat actors chained multiple CVEs to gain access, execute remote code, and implant webshells. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA issued three advisories on January 21, 2025, addressing security vulnerabilities in ICS, including TCAS II, Siemens SIMATIC S7-1200 CPUs, and ZF RSSPlus. Users are urged to review these advisories. https://www.cisa.gov/news-events/alerts/2025/01/21/cisa-releases-three-industrial-control-systems-advisories ⚙️ CISA Releases Six Industrial Control Systems Advisories vulnerability – CISA issued six advisories on January 23, 2025, detailing vulnerabilities in various ICS products, including those from Schneider Electric and Hitachi Energy. Users are urged to review for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-releases-six-industrial-control-systems-advisories
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2020-11023, a jQuery Cross-Site Scripting vulnerability, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to remediate such risks. https://www.cisa.gov/news-events/alerts/2025/01/23/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-23006, a deserialization vulnerability affecting SonicWall SMA1000 Appliances, to its Known Exploited Vulnerabilities Catalog, highlighting significant risks for federal agencies. https://www.cisa.gov/news-events/alerts/2025/01/24/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.