cyberlights – week 07/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🤖 Malware from fake recruiters: How to spot suspicious job offers cybercrime – Job seekers should be cautious of recruiters asking for work samples, as some may be fronts for malware schemes. Protect yourself by verifying the legitimacy of job offers. https://www.gdatasoftware.com/blog/2025/02/38143-malware-fake-recruiters
🧠 Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared” security research – A Microsoft and Carnegie Mellon study reveals that reliance on generative AI diminishes critical thinking skills, leading to cognitive atrophy in knowledge workers who neglect routine judgment practice. https://www.404media.co/microsoft-study-finds-ai-makes-human-cognition-atrophied-and-unprepared-3/
☁️ New Exploitation Surge: Attackers Target ThinkPHP and ownCloud Flaws at Scale vulnerability – A surge in attacks targets vulnerabilities in ThinkPHP and ownCloud, raising concerns about how security teams prioritize patching. Real-time data is essential to stay ahead of threats. https://www.greynoise.io/blog/new-exploitation-surge-attackers-target-thinkphp-and-owncloud-flaws-at-scale
💸 Wie Handynutzer mit einem Uralt-Bezahlsystem in die Abofalle tappen warning – WAP-Billing allows users to unintentionally subscribe to costly services via their mobile bill, raising concerns over deceptive practices. Consumers should be cautious and consider blocking such services. https://futurezone.at/digital-life/wap-mobilfunk-abofalle-abzocke-sms-bezahlen-per-handyrechnung-drei-cookies-factory-srl/403009819
🏦 India wants all banking to happen at bank.in domain security news – India's Reserve Bank plans to adopt bank.in and fin.in domains to enhance trust and reduce digital fraud in banking, making it harder for scammers to create fake banks. https://www.theregister.com/2025/02/10/india_bank_dotin_plan/
🔓 UK's secret Apple iCloud backdoor order is a global emergency, say critics privacy – The UK government secretly ordered Apple to create a backdoor for iCloud, risking global encryption standards and raising concerns over privacy, security, and potential exploitation by hackers. https://techcrunch.com/2025/02/10/uks-secret-apple-icloud-backdoor-order-is-a-global-emergency-say-critics/
🚔 Thai authorities detain four Europeans in ransomware crackdown cybercrime – Thai authorities arrested four Europeans linked to the 8Base ransomware gang, accused of extorting $16 million from Swiss companies. The operation was part of a global law enforcement effort against cybercrime. https://cyberscoop.com/8base-ransomware-arrests-thailand-domain-seizure/
🚫 Apple and Google take down malicious mobile apps from their app stores security news – Apple and Google removed 20 apps containing SparkCat malware that stole data, including cryptocurrency recovery phrases. The malware was active since March 2024 and affected over 242,000 downloads. https://techcrunch.com/2025/02/10/apple-and-google-take-down-malicious-apps-from-their-app-stores/
📖 Wikipedia Prepares for 'Increase in Threats' to US Editors From Musk and His Allies security news – The Wikimedia Foundation is developing tools to protect Wikipedia editors from harassment amid rising threats from Elon Musk and the Heritage Foundation, including plans for anonymous editing and legal defense. https://www.404media.co/wikipedia-prepares-for-increase-in-threats-to-us-editors-from-musk-and-his-allies/
⚒️ I'm a security expert and I almost fell for this IT job scam security news – Security expert Dawid Moczadło encountered two AI-generated job candidates during interviews, highlighting the rising threat of deepfake technology in recruitment and potential ties to larger scams involving North Korean tech workers. https://www.theregister.com/2025/02/11/it_worker_scam/
🤹 Cybercrime: A Multifaceted National Security Threat cybercrime – Cybercrime, particularly financially motivated attacks, poses a significant national security threat, often overlapping with state-sponsored activities. The healthcare sector and critical infrastructure are increasingly targeted, necessitating international cooperation to combat these threats. https://cloud.google.com/blog/topics/threat-intelligence/cybercrime-multifaceted-national-security-threat/
📡 China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers cybercrime – The Chinese hacker group Salt Typhoon continues to exploit vulnerabilities in Cisco routers, breaching multiple telecoms and universities worldwide despite previous exposure and US sanctions. Their persistent activity raises concerns over national security. https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/
🔒 Federal workers say they increasingly distrust platforms like Facebook privacy – Federal employees are shifting from platforms like Facebook to encrypted messaging apps like Signal due to distrust and security concerns, fearing government monitoring and data leaks amid political tensions. https://www.theverge.com/news/610951/federal-workers-privacy-surveillance-signal-facebook-messenger
📱 Spyware maker caught distributing malicious Android apps for years privacy – Italian spyware firm SIO has been linked to malicious Android apps that impersonate popular applications to steal data. The spyware, known as Spyrtacus, targets sensitive information and has been active for several years. https://techcrunch.com/2025/02/13/spyware-maker-caught-distributing-malicious-android-apps-for-years/
🙈 Nearly a Year Later, Mozilla is Still Promoting OneRep security news – Despite initial plans to end its partnership with OneRep after concerns about its founder's ties to people-search services, Mozilla continues to promote the data removal service to Firefox users nearly a year later. https://krebsonsecurity.com/2025/02/nearly-a-year-later-mozilla-is-still-promoting-onerep/
🕹️ Valve removes Steam game that contained malware malware – Valve has removed the game PirateFi from its Steam platform after it was found to contain malware. Affected users were advised to perform full system scans and consider reformatting their operating systems. https://techcrunch.com/2025/02/13/valve-removes-steam-game-that-contained-malware/
🫷 Anyone Can Push Updates to the DOGE.gov Website security news – The DOGE.gov website, created to track Elon Musk's government changes, has a significant security flaw allowing anyone to edit its database. Vulnerabilities were reported by developers who added mock entries to the live site. https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/
⏭️ Open-source code repository says ‘far-right forces’ are behind massive spam attacks security news – Codeberg attributes recent abusive spam emails to a far-right hate campaign, affecting projects promoting tolerance. The platform is enhancing its defenses while reaffirming its commitment to open-source values. https://www.theverge.com/news/612857/codeberg-open-source-code-far-right-forces-spam
🚪 What is an encryption backdoor? privacy – The article discusses the implications of backdoors in encrypted services, particularly in the context of the U.K. government pressuring Apple to create a backdoor for iCloud. It emphasizes the risks associated with such vulnerabilities and the historical context of backdoor requests. https://techcrunch.com/2025/02/15/what-is-an-encryption-backdoor/
🔍 Kagi’s search engine adds a more private way to search privacy – Kagi has introduced a new feature called Privacy Pass, allowing users to search without their queries being traced back to them. The feature is available for subscribers and enhances user privacy through token-based authentication. https://www.theverge.com/news/612910/kagi-search-engine-privacy-pass
Some More, For the Curious
🚨 Remote code execution in Wazuh server vulnerability – A vulnerability in Wazuh server allows remote code execution, posing significant security risks. Users are urged to apply patches to protect their systems from potential exploitation. https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
🦄 Fault Injection – Looking for a Unicorn security research – The article explores fault injection techniques, demonstrating that single-bit modifications are possible through voltage glitching, challenging previous assumptions about instruction skipping in hardware. https://security.humanativaspa.it/fault-injection-looking-for-a-unicorn/
💰 How We Hacked a Software Supply Chain for $50K hacking write-up – Through collaboration and targeting overlooked acquisitions, the authors exploited a software supply chain vulnerability, gaining access to critical resources and securing a $50,500 bounty. https://www.landh.tech/blog/20250211-hack-supply-chain-for-50k/
💕 Pairwise Authentication of Humans security research – Bruce Schneier proposes a simple method for two people to authenticate each other using time-based one-time passcodes (TOTP) generated via a shared page, enhancing trust during conversations. https://www.schneier.com/blog/archives/2025/02/pairwise-authentication-of-humans.html
✅ Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t security research – A vulnerability in Ubuntu's printing system was mitigated by modern compiler features, which prevented exploitation through effective static analysis and the FORTIFY_SOURCE protection mechanism. https://blog.talosintelligence.com/small-praise-for-modern-compilers-a-case-of-ubuntu-printing-vulnerability-that-wasnt/
0️⃣ Zero Day Initiative — The February 2025 Security Update Review security news – February 2025 updates from Adobe and Microsoft address numerous vulnerabilities across multiple products, including critical code execution and privilege escalation issues. Users are urged to apply patches promptly. https://www.thezdi.com/blog/2025/2/11/the-february-2025-security-update-review
🔒 OpenSSL patched high-severity flaw CVE-2024-12797 vulnerability – OpenSSL fixed a high-severity vulnerability (CVE-2024-12797) enabling man-in-the-middle attacks due to server authentication failures in TLS connections using raw public keys. The flaw affects versions 3.2, 3.3, and 3.4. https://securityaffairs.com/174111/security/openssl-patched-the-vulnerability-cve-2024-12797.html
🙊 Attackers exploit a new zero-day to hijack Fortinet firewalls vulnerability – Fortinet disclosed a zero-day vulnerability (CVE-2025-24472) allowing attackers to hijack firewalls via authentication bypass, gaining super-admin privileges through crafted requests. Mitigations include disabling administrative interfaces. https://securityaffairs.com/174117/hacking/fortinet-fortios-zero-day-exploited.html
🚫 Have I Been Pwned likely to ban resellers security news – Troy Hunt of Have I Been Pwned is considering banning resellers from the service due to their complex support requests and high support ticket volume, which strain resources. He aims to simplify subscriptions and improve user experience. https://www.theregister.com/2025/02/13/hibp_reseller_ban/
🎣 Gone Phishing: Installing GoPhish and Creating a Campaign hacking write-up – The article provides a step-by-step guide to installing GoPhish, a phishing simulation tool, and creating a phishing campaign, including setting up user management, email templates, and landing pages. https://www.blackhillsinfosec.com/installing-gophish-and-creating-a-campaign/
💔 Changing the narrative on pig butchering scams security news – Interpol advocates for renaming 'pig butchering' scams to 'romance baiting' to reduce victim shaming and encourage reporting. The article discusses the importance of language in addressing cybercrime and highlights ongoing phishing and ransomware threats. https://blog.talosintelligence.com/changing-the-narrative-on-pig-butchering-scams/
💰 Chinese spies suspected of ransomware side hustle security research – Symantec's research indicates that a Chinese government-backed espionage group, known as Mustang Panda, has begun conducting ransomware attacks alongside traditional spying, highlighting a growing overlap between state-sponsored and financially motivated cybercrime. https://www.theregister.com/2025/02/14/chinese_spies_ransomware_moonlighting/
🔍 PostgreSQL bug played key role in zero-day Treasury attack security research – A high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL was exploited alongside a zero-day in a December attack on the US Treasury, highlighting the need for coordinated vulnerability disclosure and patching. https://www.theregister.com/2025/02/14/postgresql_bug_treasury/
⚠️ Attackers exploit recently disclosed Palo Alto Networks PAN vulnerability – Threat actors are actively exploiting CVE-2025-0108, a vulnerability in Palo Alto Networks PAN-OS firewalls that allows unauthenticated access to the management interface. Organizations are urged to secure unpatched devices immediately. https://securityaffairs.com/174237/hacking/exploitation-palo-alto-networks-pan-os-firewalls-bug.html
🎭 Storm-2372 conducts device code phishing campaign”, cybercrime – Microsoft warns of ongoing phishing attacks by Storm-2372, targeting various sectors using deceptive device code authentication techniques to steal access tokens and compromise accounts. https://www.microsoft.com/en-us/security/blog/2025/02/13/storm-2372-conducts-device-code-phishing-campaign/
CISA Corner
⚠️ CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, including two from Zyxel and two from Microsoft, highlighting significant risks for federal networks. https://www.cisa.gov/news-events/alerts/2025/02/11/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2024-57727, a path traversal vulnerability in SimpleHelp, to its Known Exploited Vulnerabilities Catalog, highlighting its significant risk to federal networks and urging timely remediation. https://www.cisa.gov/news-events/alerts/2025/02/13/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog: CVE-2025-24200 in Apple iOS/iPadOS and CVE-2024-41710 in Mitel SIP Phones, highlighting significant risks for federal networks. https://www.cisa.gov/news-events/alerts/2025/02/12/cisa-adds-two-known-exploited-vulnerabilities-catalog
🗽 CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software security news – CISA and the FBI issued a Secure by Design Alert addressing buffer overflow vulnerabilities, providing techniques to prevent exploitation that can lead to system compromise and unauthorized access to networks. https://www.cisa.gov/news-events/alerts/2025/02/12/cisa-and-fbi-warn-malicious-cyber-actors-using-buffer-overflow-vulnerabilities-compromise-software
⚙️ CISA Releases Twenty Industrial Control Systems Advisories vulnerability – CISA published twenty advisories on February 13, 2025, detailing vulnerabilities in various Siemens products and other ICS devices, urging users to review for technical details and mitigation strategies. Comment: TWENTY!!! https://www.cisa.gov/news-events/alerts/2025/02/13/cisa-releases-twenty-industrial-control-systems-advisories ⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA published two advisories on February 11, 2025, detailing vulnerabilities in 2N Access Commander and Trimble Cityworks. Users are urged to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/02/11/cisa-releases-two-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.