cyberlights – week 10/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
Highlight
🔌 #UnplugTrump: Mach dich digital unabhängig von Trump und Big Tech privacy – The #UnplugTrump series offers 30 tips for reducing dependence on Trump and Big Tech, promoting privacy-friendly alternatives and encouraging a more independent digital world. https://www.kuketz-blog.de/unplugtrump-mach-dich-digital-unabhaengig-von-trump-und-big-tech/
News For All
🤖 Booking a Threat: Inside LummaStealer's Fake reCAPTCHA malware – LummaStealer uses fake booking confirmation links and reCAPTCHA to trick users into downloading malware. The malware employs complex evasion techniques to avoid detection. https://www.gdatasoftware.com/blog/2025/03/38154-lummastealer-fake-recaptcha
🦹♂️ Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension malware – Polymorphic extensions can impersonate legitimate browser extensions, tricking users into providing sensitive information. This sophisticated attack method poses serious security risks across Chromium-based browsers. https://labs.sqrx.com/polymorphic-extensions-dd2310006e04
🚫 Stop targeting Russian hackers, Trump administration orders US Cyber Command security news – The Trump administration has ordered US Cyber Command and CISA to cease monitoring Russian cyber threats, raising concerns about increased vulnerability to attacks from Russian hackers. https://www.bitdefender.com/en-us/blog/hotforsecurity/stop-targeting-russian-hackers-trump-administration-orders-us-cyber-command
💻 Nearly 1 million Windows devices targeted in advanced “malvertising” spree cybercrime – A sophisticated malvertising campaign has targeted nearly 1 million Windows devices, stealing login credentials and cryptocurrency by exploiting malicious ads hosted on platforms like GitHub and streaming sites. https://arstechnica.com/security/2025/03/nearly-1-million-windows-devices-targeted-in-advanced-malvertising-spree/
🛂 Microsoft unveils finalized EU Data Boundary privacy – Microsoft's EU Data Boundary aims to store European customer data within the EU, but concerns persist over reliance on US entities and potential risks from US regulations. https://www.theregister.com/2025/03/03/microsoft_unveils_a_finalized_eu/
🌃 As Skype shuts down, its legacy is end-to-end encryption for the masses security news – Skype, once a pioneer of end-to-end encryption, is shutting down, but its legacy lives on in the secure communication technologies used by modern apps, enhancing global privacy. https://techcrunch.com/2025/03/03/as-skype-shuts-down-its-legacy-is-end-to-end-encryption-for-the-masses/
🛎️ Android security update contains 2 actively exploited vulnerabilities vulnerability – Google's March security update addresses 43 vulnerabilities in Android, including two actively exploited flaws that allow privilege escalation, highlighting the importance of timely updates. https://cyberscoop.com/android-security-update-march-2025/
🔍 Google’s 'consent-less' Android tracking probed by academics privacy – Research reveals Android users are tracked via cookies and identifiers without consent, raising privacy concerns. Google defends its practices, emphasizing compliance with privacy laws despite criticisms. https://www.theregister.com/2025/03/04/google_android/
📬 Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear cybercrime – A fake ransom note campaign impersonating the BianLian ransomware group targets executives, demanding ransoms via mail. Experts assess these letters as scams, urging recipients to stay vigilant. https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/
🫦 Google Messages is using AI to detect scam texts security news – Google Messages introduces an AI feature to detect scam texts in real time, alerting users to suspicious patterns. This feature aims to enhance user safety against evolving scam tactics. https://www.theverge.com/news/623632/google-messages-pixel-android-updates-scam-detection
🔐 Apple reportedly challenges the UK’s secretive encryption crackdown privacy – Apple is appealing a UK order requiring access to encrypted iCloud files, contesting its legality in the Investigatory Powers Tribunal, amid concerns over user privacy. https://www.theverge.com/news/623977/apple-uk-encryption-order-appeal
💻 Qilin claims attacks on cancer, women's clinics cybercrime – The Qilin ransomware group has claimed attacks on a cancer clinic in Japan and a women's healthcare facility in the US, stealing sensitive patient data and causing significant disruption. https://www.theregister.com/2025/03/05/qilin_ransomware_credit/
📱 1 Million Third-Party Android Devices Have a Secret Backdoor for Scammers malware – Research reveals over 1 million Android devices, including streaming boxes and car infotainment systems, are compromised with backdoors, enabling ad fraud and cybercrime without users' knowledge. https://www.wired.com/story/1-million-third-party-android-devices-badbox-2/
⚽ Leeds United kick card swipers into Row Z after 5-day attack data breach – Leeds United reported a five-day cyberattack that compromised payment card details of some customers on its retail website. The club has notified affected individuals and is cooperating with the ICO. https://www.theregister.com/2025/03/05/leeds_united_card_swipers/
🌵 Cactus Ransomware: What You Need To Know cybercrime – Cactus is a ransomware-as-a-service group that encrypts data and demands ransom, exploiting VPN vulnerabilities. Recent links to the Black Basta group and social engineering tactics raise concerns. https://www.tripwire.com/state-of-security/cactus-ransomware-what-you-need-know
🤐 Anorexia coaches, self-harm buddies and sexualized minors: How online communities are using AI chatbots for harmful behavior security news – A report reveals that AI chatbots are being exploited by online communities to promote harmful behaviors, such as anorexia and pedophilia, posing significant risks to vulnerable individuals, especially minors. https://cyberscoop.com/graphika-ai-chatbots-harmful-behavior-character-ai/
🔞 Chinese AI Video Generators Unleash a Flood of New Nonconsensual Porn security news – AI video generators from Chinese companies lack safeguards against creating nonconsensual pornography, allowing users to easily produce explicit videos using a single image and a text prompt. https://www.404media.co/chinese-ai-video-generators-unleash-a-flood-of-new-nonconsensual-porn-3/
⚠️ AI Chatbots: The New Cybersecurity Threat Lurking in Plain Sight security news – AI chatbots present hidden dangers, including misinformation, manipulation, and cybersecurity vulnerabilities. As they become more prevalent, users must remain cautious and advocate for stronger regulations. https://infosec-mashup.santolaria.net/p/ai-chatbots-the-new-cybersecurity-threat-lurking-in-plain-sight
📰 Hacked health firm HCRG demanded journalist 'take down' data breach reporting, citing UK court order security news – HCRG sought a UK court injunction to remove articles about its ransomware attack from DataBreaches.net. The site refused, arguing jurisdiction issues and First Amendment protections, raising concerns about censorship. https://techcrunch.com/2025/03/06/hacked-health-firm-hcrg-demanded-journalist-take-down-data-breach-reporting-citing-uk-court-order/
🎟️ Suspects cuffed over $635k Taylor Swift ticket heist cybercrime – Two suspects have been arrested for stealing over 900 Taylor Swift tickets using a loophole in an offshore ticketing system, allegedly netting $635,000 from reselling them. https://www.theregister.com/2025/03/07/stubhub_taylor_swift_scammers/
Some More, For the Curious
🤞 Undocumented hidden feature found in Espressif ESP32 microchip vulnerability – Researchers discovered a hidden feature in the Espressif ESP32 microchip that could act as a backdoor for impersonation attacks, posing security risks for over 1 billion IoT devices. Comment: this might be a big one https://securityaffairs.com/175102/hacking/undocumented-hidden-feature-espressif-esp32-microchip.html
📶 Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying privacy – Rayhunter is an open source tool by EFF designed to help users detect cell-site simulators used for surveillance. It aims to empower individuals to protect their privacy. https://www.eff.org/deeplinks/2025/03/meet-rayhunter-new-open-source-tool-eff-detect-cellular-spying
😷 Unmasking Hacktivist Groups: A Modern Approach to Attribution https://blog.checkpoint.com/research/unmasking-hacktivist-groups-a-modern-approach-to-attribution/ security research – Check Point Research reveals how state-sponsored hacktivist groups evolve through geopolitical events, using modern linguistic analysis to uncover hidden connections and enhance cyber threat attribution.
🔑 The Dangers of Exposed Secrets – and How to Prevent Them cyber defense – Exposed authentication tokens and secrets can lead to severe security breaches. Organizations must adopt secure coding practices and automated tools to prevent credential leakage. https://checkmarx.com/blog/exposed-secrets-and-how-to-prevent-them/
🎯 A Deep Dive into Strela Stealer and how it Targets European Countries malware – Strela Stealer is a targeted infostealer malware focusing on email credentials from users in select European countries. It uses sophisticated phishing techniques and obfuscation to evade detection. https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/a-deep-dive-into-strela-stealer-and-how-it-targets-european-countries/
🕵️♀️ Not Lost in Translation: Rosetta 2 Artifacts in macOS Intrusions security research – Mandiant reveals how Rosetta 2's AOT files can serve as crucial forensic artifacts in investigating macOS intrusions, especially with x86-64 malware exploiting compatibility features. https://cloud.google.com/blog/topics/threat-intelligence/rosetta2-artifacts-macos-intrusions/
⚠️ Threat posed by new VMware hyperjacking vulnerabilities is hard to overstate vulnerability – Three critical VMware vulnerabilities could allow attackers to escape a compromised VM and access the hypervisor, threatening multiple customers' networks. Exploitation is reportedly already occurring. Comment: The big one this week. https://arstechnica.com/security/2025/03/vmware-patches-3-critical-vulnerabilities-in-multiple-product-lines/
🥻 Silk Typhoon targeting IT supply chain security research – Microsoft Threat Intelligence reports that the Chinese espionage group Silk Typhoon is exploiting vulnerabilities in IT solutions to gain access to sensitive networks, highlighting their tactics and recent activities. https://www.microsoft.com/en-us/security/blog/2025/03/05/silk-typhoon-targeting-it-supply-chain/
🔧 GoStringUngarbler: Deobfuscating Strings in Garbled Binaries security research – Mandiant introduces GoStringUngarbler, a Python tool that automates the deobfuscation of strings in garble-obfuscated Go binaries, streamlining malware analysis and enhancing reverse engineering processes. https://cloud.google.com/blog/topics/threat-intelligence/gostringungarbler-deobfuscating-strings-in-garbled-binaries/
❤️🩹 Massive botnet that appeared overnight is delivering record-size DDoSes security research – The Eleven11bot botnet, comprising around 30,000 compromised webcams and video recorders, is executing record-size DDoS attacks, exploiting vulnerabilities and overwhelming targets with terabits of data. https://arstechnica.com/security/2025/03/massive-botnet-that-appeared-overnight-is-delivering-record-size-ddoses/
💰 Russian crypto exchange Garantex seized in international law enforcement operation cybercrime – U.S. and European authorities have seized Garantex, a crypto exchange accused of laundering billions. The operation involved multiple countries and resulted in indictments against two executives for money laundering. https://cyberscoop.com/garantex-seized-secret-service-doj-russia-crypto-sanctions/
🗳️ CISA completed its election security review. It won’t make the results public security news – CISA has completed an internal review of its election security mission but will not release the findings, raising concerns among election officials about potential impacts on security resources and collaboration. https://cyberscoop.com/cisa-election-security-review-lacks-transparency/
💻 Developer sabotaged ex-employer IT systems with kill switch security news – Davis Lu, a former Eaton Corporation developer, was found guilty of sabotaging company systems with malware and a kill switch, potentially facing ten years in prison for the attack. https://www.theregister.com/2025/03/08/developer_server_kill_switch/
CISA Corner
🚨 CISA Adds Four Known Exploited Vulnerabilities to Catalog warning – CISA has identified four new vulnerabilities, including issues in the Linux Kernel and VMware ESXi, highlighting significant risks that require immediate remediation by federal agencies. Comment: !!!!!! The big one this week !!!!!! https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-adds-four-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Five Known Exploited Vulnerabilities to Catalog warning – CISA has added five new vulnerabilities to its catalog, highlighting significant risks to federal networks. Agencies must remediate these vulnerabilities to protect against active cyber threats. https://www.cisa.gov/news-events/alerts/2025/03/03/cisa-adds-five-known-exploited-vulnerabilities-catalog
⚙️ CISA Releases Eight Industrial Control Systems Advisories vulnerability – CISA has issued eight advisories regarding vulnerabilities in various Industrial Control Systems, urging users to review them for technical details and mitigation strategies. Comment: Carrier, Keysight, Hitachi, Delta Electronics, GMOD, Edimax (!) https://www.cisa.gov/news-events/alerts/2025/03/04/cisa-releases-eight-industrial-control-systems-advisories ⚙️ CISA Releases Three Industrial Control Systems Advisories vulnerability – CISA has issued three advisories regarding vulnerabilities in Industrial Control Systems, urging users to review them for critical security information and mitigation strategies. Comment: Hitachi, Schneider Electric https://www.cisa.gov/news-events/alerts/2025/03/06/cisa-releases-three-industrial-control-systems-advisories
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.