cyberlights – week 05/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
👁️ mySpy-Leak: Vom Partner verwanzt privacy – Leaked messages reveal users are employing the mSpy spyware app to secretly monitor partners and children, often illegally. The article discusses the implications of digital surveillance and the lack of effective regulation against such invasive practices. https://netzpolitik.org/2025/mspy-leak-vom-partner-verwanzt/
News For All
🛡️ Brave Desktop Browser Vulnerability Lets Malicious Sites Appear Trusted vulnerability – A vulnerability in Brave Browser allows malicious sites to masquerade as trusted sources during file transfers, risking user data and security. Update to version 1.74.48 or later. https://hackread.com/brave-desktop-browser-vulnerability-malicious-sites-trusted/
😂 On hackers, hackers, and hilarious misunderstandings security news – The article humorously addresses misconceptions about hackers and their motivations, highlighting the importance of understanding the hacker mindset and the often comical misunderstandings that arise. https://gynvael.coldwind.pl/?id=799
⌚ How Garmin watches reveal your personal data, and what you can do security research – Garmin watches store sensitive data easily accessed via USB, raising privacy concerns. Users are advised to sync data, enable security features, and maintain device safety to protect personal information. https://www.pentestpartners.com/security-blog/how-garmin-watches-reveal-your-personal-data-and-what-you-can-do/
🔍 mSpy-Leak: Tipps und Gegenmaßnahmen gegen Spionage-Apps privacy – The article discusses the illegal use of the mSpy spying app and provides measures to take if you suspect such an app is on your device, including disconnecting from the internet, removing suspicious software, and reporting to the police. https://www.kuketz-blog.de/mspy-leak-tipps-und-gegenmassnahmen-gegen-spionage-apps/
🎥 Scammers Are Creating Fake News Videos to Blackmail Victims cybercrime – Scammers are using AI-generated fake news videos to blackmail victims, falsely accusing them of crimes. This tactic has evolved as cybercriminals leverage technology to manipulate and pressure individuals into paying. https://www.wired.com/story/scammers-are-creating-fake-news-videos-to-blackmail-victims/
💥A brief history of mass hacks cybercrime – The article chronicles the rise of mass hacks exploiting vulnerabilities in enterprise security tools, detailing incidents from various software breaches affecting millions of individuals and organizations. https://techcrunch.com/2025/01/31/a-brief-history-of-mass-hacks/
🔧 How to switch off Apple Intelligence on your iPhone, iPad, and Mac privacy – Apple's new software updates automatically enable Apple Intelligence features. Users concerned about AI impacts can easily disable it through Settings on iOS or System Settings on Mac. https://techcrunch.com/2025/01/27/how-to-switch-off-apple-intelligence-on-your-iphone-ipad-and-mac/
🧑🏭 LinkedIn Removes Accounts of AI 'Co-Workers' Looking for Jobs security news – LinkedIn has removed AI-generated accounts created by Marketeam that falsely advertised themselves as job-seeking 'co-workers' with the #OpenToWork tag, citing violations of its terms of service. https://www.404media.co/linkedin-ai-coworkers-marketeam-open-to-work/
🍏 Apple’s latest patch closes zero-day affecting wide swath of products vulnerability – Apple has released updates to address a critical zero-day vulnerability (CVE-2025-24085) in its Core Media component, affecting multiple devices. Users are urged to update to mitigate risks. https://cyberscoop.com/apple-security-update-zero-day-january-2025/
🏆 Google Play will now verify VPNs that prioritize privacy and safety security news – Google Play is introducing verification badges for VPN apps that meet specific security standards, enhancing user privacy and safety. Approved VPNs must pass a security assessment and meet installation requirements. https://www.theverge.com/news/599214/google-play-vpn-verification-badges
🌍 ExxonMobil Lobbyist Caught Hacking Climate Activists cybercrime – The DOJ is investigating a lobbying firm for allegedly hacking climate activists on behalf of ExxonMobil, with an Israeli investigator sought for orchestrating the campaign to discredit environmental groups. https://www.schneier.com/blog/archives/2025/01/exxonmobil-lobbyist-caught-hacking-climate-activists.html
🚨 FBI seizes major cybercrime forums in coordinated domain takedown cybercrime – The FBI, alongside international law enforcement, has seized control of cybercrime forums Cracked.io and Nulled.to, redirecting their domains to FBI servers. The operation aims to disrupt markets for stolen credentials and hacking tools. https://cyberscoop.com/fbi-seized-cracked-nulled-sellix-cybercriminal-forum/
🔒 Google will now automatically revoke permissions from harmful Android apps security news – Google's Play Protect will now automatically revoke permissions from potentially harmful Android apps to enhance security. Users can restore permissions but must confirm their decision for added safety. https://www.theverge.com/news/601715/google-play-protect-revoke-app-permissions
💻 Lazarus Group's latest heist hits hundreds globally cybercrime – North Korea's Lazarus Group conducted a large-scale supply chain attack, compromising hundreds of victims by embedding malware in cloned software packages, particularly targeting the cryptocurrency sector. https://www.theregister.com/2025/01/29/lazarus_groups_supply_chain_attack/
🍝 Italy’s Data Protection Authority Garante requested information from Deepseek security news – Italy's Garante has requested information from Chinese AI firm DeepSeek regarding its data practices, citing risks to user data and requiring a response within 20 days amid concerns over data collection methods. https://securityaffairs.com/173637/digital-id/italys-garante-requested-information-from-deepseek.html
🏮 Fake Reddit and WeTransfer Sites are Pushing Malware security research https://www.schneier.com/blog/archives/2025/01/fake-reddit-and-wetransfer-sites-are-pushing-malware.html
⛲ TeamViewer fixed a bug in Windows client and host applications vulnerability – TeamViewer has patched a high-severity privilege escalation vulnerability (CVE-2025-0065) in its Windows client and host applications, allowing attackers with local access to elevate privileges through argument injection. https://securityaffairs.com/173658/security/teamviewer-windows-client-flaw.html
📉 Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov security news – Concerns over missing datasets from Data.gov, highlighting challenges in tracking lost data due to changes in administration and data management practices. https://www.404media.co/archivists-work-to-identify-and-save-the-thousands-of-datasets-disappearing-from-data-gov/
⚠️ #UnplugTrump: Was dem Internet jetzt droht und was die Chance ist security news – The article discusses the risks posed by the alignment of right-wing politics and tech billionaires under Trump's influence, highlighting potential impacts on digital rights, privacy, and democracy, while promoting a campaign to explore ways to mitigate these risks. https://www.kuketz-blog.de/unplugtrump-was-dem-internet-jetzt-droht-und-was-die-chance-ist/
🦺 DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot security research – Researchers found that DeepSeek's AI chatbot failed to block any of the 50 jailbreak prompts tested, revealing significant vulnerabilities in its safety measures compared to other AI models. https://www.wired.com/story/deepseeks-ai-jailbreak-prompt-injection-attacks/
Some More, For the Curious
🤖 How GhostGPT Empowers Cybercriminals with Uncensored AI security research – GhostGPT, an uncensored AI chatbot, aids cybercriminals in crafting malware and phishing schemes without safety restrictions, making illegal activities easier and more efficient. https://abnormalsecurity.com/blog/ghostgpt-uncensored-ai-chatbot
🤔 Node.js EOL Versions CVE Dubbed the “Worst CVE of the Year” ... security news – CVE-2025-23088 warns about risks of using EOL Node.js versions, sparking debate on its validity as a CVE. Critics argue it misuses the system for general warnings, not specific vulnerabilities. https://socket.dev/blog/node-js-eol-versions-cve-dubbed-the-worst-cve-of-the-year
🔑 Best practices for key derivation cyber defense – Key derivation is crucial for cryptography, but common misuses can lead to vulnerabilities. This article outlines best practices for using KDFs effectively and securely in various scenarios. https://blog.trailofbits.com/2025/01/28/best-practices-for-key-derivation/
🏹 Questions From a Beginner Threat Hunter cyber defense – This article clarifies key concepts in threat hunting versus detection, outlines necessary skills and tools, and explains techniques like C2 over DNS for identifying network compromises. https://www.blackhillsinfosec.com/questions-from-a-beginner-threat-hunter/
⚔️ How cyberattackers exploit group policies hacking write-up – Cyberattackers misuse Windows group policies to distribute malware and execute malicious scripts, gaining significant control over networks. Understanding vulnerabilities and monitoring these policies is essential for security. https://securelist.com/group-policies-in-cyberattacks/115331/
🫏 A method to assess 'forgivable' vs 'unforgivable' vulnerabilities security research – New research by NCSC aims to categorize software vulnerabilities as 'forgivable' or 'unforgivable', focusing on making mitigations easier to implement and improving secure development practices. https://www.ncsc.gov.uk/report/a-method-to-assess-forgivable-vs-unforgivable-vulnerabilities
🔓 Get FortiRekt, I Am The SuperAdmin Now – Fortinet FortiOS Authentication Bypass CVE-2024-55591 hacking write-up – CVE-2024-55591 is a critical authentication bypass vulnerability in Fortinet's FortiOS, allowing attackers to gain super-admin access via crafted WebSocket requests. Immediate patching is advised due to active exploitation. https://labs.watchtowr.com/get-fortirekt-i-am-the-superadmin-now-fortios-authentication-bypass-cve-2024-55591/
📍 Everyone knows your location: tracking myself down through in-app ads privacy – A study revealed that over 2000 apps collect geolocation data without user consent. The author tracked their own location data, exposing alarming practices in ad networks and data trading. https://timsh.org/tracking-myself-down-through-in-app-ads/
🗃️ PyPI’s New Archival Feature Closes a Major Security Gap security news – PyPI introduces a project archival feature, allowing maintainers to mark inactive packages. This enhances security by preventing revival hijacking and helps developers assess dependency status more effectively. https://socket.dev/blog/pypi-adds-support-for-archiving-projects
🤝 Open-source security spat leads companies to join forces for new tool security news – In response to Semgrep's licensing changes limiting community contributions, over 10 security firms have launched Opengrep, a new open-source static analysis tool aimed at preserving accessibility and community involvement in software security. https://cyberscoop.com/opengrep-static-analysis-security-tool-semgrep-open-source/
🍟 Apple chips can be hacked to leak secrets from Gmail, iCloud, and more vulnerability – New vulnerabilities in Apple A- and M-series chips allow attackers to exploit side-channel attacks, leaking sensitive data like credit card info and locations from browsers such as Chrome and Safari. https://arstechnica.com/security/2025/01/newly-discovered-flaws-in-apple-chips-leak-secrets-in-safari-and-chrome/
🔄 Backups & DRP in the ransomware era cyber defense – Ransomware threats necessitate a rethinking of disaster recovery plans. This article discusses building a resilient backup infrastructure using strategies like the 3-2-1 backup rule and access isolation to safeguard data. https://blog.nviso.eu/2025/01/29/backups-drp-in-the-ransomware-era/
💉 Google Online Security Blog: How we estimate the risk from prompt injection attacks on AI systems security research – Google discusses the threat of indirect prompt injection attacks on AI systems like Gemini, outlining their evaluation framework and automated red-teaming methods to mitigate risks and enhance security. http://security.googleblog.com/2025/01/how-we-estimate-risk-from-prompt.html
⚔️ Adversarial Misuse of Generative AI security research – Google's Threat Intelligence Group analyzes the misuse of AI systems by threat actors, particularly focusing on indirect prompt injection attacks and the use of generative AI in cyber operations, revealing how actors exploit tools like Gemini for malicious purposes. https://cloud.google.com/blog/topics/threat-intelligence/adversarial-misuse-generative-ai/
⚠️ Critical remote code execution bug found in Cacti framework vulnerability – A critical vulnerability (CVE-2025-22604) in the Cacti framework allows authenticated users to execute remote code by injecting malformed OIDs, potentially compromising sensitive data. A fix is available in version 1.2.29. https://securityaffairs.com/173597/security/critical-rce-cacti-framework.html
💂 Your Private Wireguard Network from Scratch cyber defense – This article guides readers through setting up a private WireGuard network, emphasizing the importance of self-hosting for security and privacy. It details the configuration process for creating a 'lighthouse' server and connecting various devices. https://taggart-tech.com/wireguard/
☁️ Infrastructure Laundering: Blending in with the Cloud cybercrime – The FBI and international law enforcement have seized cybercrime forums linked to organized crime, highlighting the trend of criminals using U.S. cloud providers to obscure their activities, particularly in operations like Funnull, which hosts malicious sites. https://krebsonsecurity.com/2025/01/infrastructure-laundering-blending-in-with-the-cloud/
CISA Corner
⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA has issued seven advisories regarding vulnerabilities in various Industrial Control Systems, including products from B&R Automation and Rockwell Automation. Users are urged to review these advisories for security updates. https://www.cisa.gov/news-events/alerts/2025/01/28/cisa-releases-seven-industrial-control-systems-advisories ⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA issued advisories on vulnerabilities in various Industrial Control Systems, urging users to review them for essential security updates and mitigations. https://www.cisa.gov/news-events/alerts/2025/01/30/cisa-releases-eight-industrial-control-systems-advisories
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-24085, a use-after-free vulnerability affecting multiple Apple products, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation confirmed by Fortinet. https://www.cisa.gov/news-events/alerts/2025/01/29/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.