cyberlights – week 14/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🚗 Europcar GitLab breach exposes data of up to 200,000 customers data breach – A breach of Europcar's GitLab exposed source code and personal data of up to 200,000 customers, with no financial information compromised. The company is assessing the damage and notifying affected users. https://www.bleepingcomputer.com/news/security/europcar-gitlab-breach-exposes-data-of-up-to-200-000-customers/
📱 Evolution of Sophisticated Phishing Tactics: The QR Code Phenomenon security research – Phishing attacks are evolving with QR codes that disguise malicious URLs, using legitimate redirection techniques and human verification to enhance deception. This trend highlights the need for improved security awareness. https://unit42.paloaltonetworks.com/qr-code-phishing/
💸 £3 million fine for healthcare MSP with sloppy security after it was hit by ransomware attack security news – Advanced Computer Software Group was fined £3 million for inadequate security measures, leading to a ransomware attack that compromised personal data of over 79,000 individuals and disrupted NHS services. https://www.exponential-e.com/blog/3-million-fine-for-healthcare-msp-with-sloppy-security-after-it-was-hit-by-ransomware-attack
🛡️ Flirts: Was tun, wenn ich mit Nacktfotos erpresst werde? privacy – The Take It Down service helps individuals under 18 report and prevent the unwanted spread of intimate images on various platforms, ensuring their photos remain secure. https://www.watchlist-internet.at/news/online-flirts-was-tun-wenn-ich-mit-nacktfotos-erpresst-werde/
🚨 An AI Image Generator’s Exposed Database Reveals What People Really Used It For data breach – An exposed database from AI image generator GenNomis revealed over 95,000 explicit images, including AI-generated child sexual abuse material. This incident underscores the urgent need for better controls and regulations on AI-generated content. https://www.wired.com/story/genomis-ai-image-database-exposed/
📩 The Weaponization of PDFs: 68% of Cyber attacks begin in your inbox, with 22% of these hiding in PDFs cybercrime – PDFs are increasingly used in cyber attacks, with 22% of malicious email attachments hiding threats. Their complexity allows attackers to bypass security measures, making them a significant risk. https://blog.checkpoint.com/research/the-weaponization-of-pdfs-68-of-cyberattacks-begin-in-your-inbox-with-22-of-these-hiding-in-pdfs/
🧬 Open Source Genetic Database Shuts Down to Protect Users From 'Authoritarian Governments' security news – OpenSNP founder Bastian Greshake Tzovaras has shut down the genetic database due to concerns over its potential misuse by authoritarian governments, prioritizing user safety over scientific data preservation. https://www.404media.co/open-source-genetic-database-opensnp-shuts-down-to-protect-users-from-authoritarian-governments/
🐨 The North Korea worker problem is bigger than you think cybercrime – North Korean nationals have infiltrated global businesses, gaining high-level access and performing roles beyond IT. Their presence raises significant security concerns as they could exploit their positions for espionage or sabotage. https://cyberscoop.com/north-korea-technical-workers-full-time-jobs/
🔥 Oracle under fire for its handling of separate security incidents security news – Oracle faces backlash for its management of two data breaches, one involving patient data at Oracle Health and another regarding alleged Oracle Cloud server breaches, as transparency remains lacking. https://techcrunch.com/2025/03/31/oracle-under-fire-for-its-handling-of-separate-security-incidents/
⚖️ France’s antitrust authority fines Apple €150M for issues related to its App Tracking Transparency security news – France fines Apple €150M for abusing its market dominance in App Tracking Transparency practices, found to disadvantage third-party apps and distort competition, despite the framework's intended privacy goals. https://securityaffairs.com/176092/laws-and-regulations/frances-antitrust-authority-fines-apple-e150m.html
🔍 Cybersecurity Professor Mysteriously Disappears as FBI Raids His Homes security news – Professor Xiaofeng Wang, a prominent cybersecurity expert, has gone missing following FBI raids on his homes. Indiana University has erased his and his wife's profiles amid an unexplained investigation. https://www.wired.com/story/cybersecurity-professor-mysteriously-disappears-as-fbi-raids-his-homes/
🔐 European Commission takes aim at end-to-end encryption and proposes Europol become an EU FBI security news – The European Commission unveiled its ProtectEU strategy, aiming to enhance internal security and establish Europol as a robust police agency, while seeking lawful access to encrypted data amidst ongoing security challenges. https://therecord.media/european-commission-takes-aim-encryption-europol-fbi-proposal
🪱 Apple issues fixes for vulnerabilities in both old and new OS versions vulnerability – Apple released security updates addressing 62 vulnerabilities in iOS and iPadOS, 131 in macOS, and two zero-day vulnerabilities in older OS versions, including risks to sensitive data and unauthorized actions. https://cyberscoop.com/apple-security-update-march-2025/
📧 Trump adviser reportedly used personal Gmail for ‘sensitive’ military discussions security news – A Washington Post report raises concerns about US National Security Advisor Michael Waltz using personal Gmail for sensitive military discussions, following a recent Signal leak. https://www.theverge.com/news/641144/michael-waltz-gmail-national-security-signal
🚨 T-Mobile Shows Users the Names, Pictures, and Exact Locations of Random Children privacy – T-Mobile's SyncUP GPS tracker malfunctioned, displaying the real-time locations of random children instead of users' own kids, raising serious privacy concerns among parents. https://www.404media.co/t-mobile-shows-users-the-names-pictures-and-exact-locations-of-random-children/
🚫 CSAM platform Kidflix shut down by international operation cybercrime – A major international operation led to the shutdown of the CSAM platform Kidflix, resulting in 79 arrests and the protection of 39 children, with authorities seizing 72,000 illegal videos. https://therecord.media/csam-platform-kidflix-shut-down-europol
⚠️ AI bots strain Wikimedia as bandwidth surges 50% security news – Wikimedia Foundation reports a 50% increase in bandwidth usage due to AI bots scraping data for training models, straining resources and impacting service for human users. The organization calls for responsible use of infrastructure and better coordination with AI developers. https://arstechnica.com/information-technology/2025/04/ai-bots-strain-wikimedia-as-bandwidth-surges-50/
📱 New Triada Trojan comes preinstalled on Android devices malware – A new variant of the Triada trojan has been found preinstalled on counterfeit Android devices, enabling extensive data theft. Kaspersky reports over 2,600 infections in Russia, urging users to buy from authorized distributors. https://securityaffairs.com/176143/malware/new-triada-comes-preinstalled-on-android-devices.html
🦠 This sneaky Android spyware needs a password to uninstall. Here's how to remove it without one. security research – A stealthy Android spyware app blocks uninstallation with a password set by the installer. Users can remove it by rebooting into safe mode, which disables the app, allowing for its uninstallation. https://techcrunch.com/2025/04/03/this-sneaky-android-spyware-needs-a-password-to-uninstall-heres-how-to-remove-it-without-one/
🔐 Gmail unveils end-to-end encrypted messages. Only thing is: It’s not true E2EE. privacy – Google's new 'end-to-end encryption' for Gmail is criticized as not being true E2EE, as keys are managed by organizations, allowing potential access to messages. The feature simplifies compliance for businesses but may not ensure privacy for individual users. https://arstechnica.com/security/2025/04/are-new-google-e2ee-emails-really-end-to-end-encrypted-kinda-but-not-really/
💰 Threat actors leverage tax season to deploy tax-themed phishing campaigns warning – As Tax Day approaches, Microsoft warns of phishing campaigns using tax themes to steal credentials and deploy malware, leveraging tactics like URL shorteners and QR codes. Various malware, including BRc4 and Latrodectus, are being used to exploit users during this period. https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
📱 White House reportedly blames auto-suggested iPhone contact for Signal scandal security news – An internal investigation revealed that National Security Adviser Mike Waltz accidentally added Atlantic editor Jeffrey Goldberg to a Signal group chat due to an iPhone auto-suggestion. https://techcrunch.com/2025/04/06/white-house-reportedly-blames-auto-suggested-iphone-contact-for-signal-scandal/
🖨️ Canon CVE-2025-1268 Vulnerability: A Buffer Overflow Threatening Printer Security vulnerability – Canon has issued a security update for CVE-2025-1268, a critical buffer overflow vulnerability in certain printer drivers that could allow unauthorized code execution. Users are advised to update their drivers to mitigate risks. https://thecyberexpress.com/canon-printer-vulnerability-cve-2025-1268/
Some More, For the Curious
🦊 PhaaS actor uses DoH and DNS MX to dynamically distribute phishing cybercrime – A phishing-as-a-service platform named Morphing Meerkat uses DNS techniques to create targeted phishing campaigns, dynamically serving fake login pages for over 100 brands, enhancing the threat landscape. https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/
📈 Heightened In-The-Wild Activity On Key Technologies Observed On March 28 security research – A significant increase in attacks targeting technologies like SonicWall and Zoho suggests threat actors are actively probing for vulnerabilities. Security teams must enhance monitoring and patch systems promptly. https://www.greynoise.io/blog/heightened-in-the-wild-activity-key-technologies
🦮 New guidance on securing HTTP-based APIs cyber defense – With increasing API use, security breaches are rising. New guidance addresses vulnerabilities like poor authentication and insufficient monitoring to help organizations protect their systems and customer data. https://www.ncsc.gov.uk/blog-post/new-guidance-on-securing-http-based-apis
🧑🏫 Mark of the Web (MoTW) Bypass Vulnerability security research – Recent vulnerabilities in the Mark of the Web (MoTW) feature allow attackers to bypass security warnings and execute malware without detection, highlighting the need for updated security measures. https://asec.ahnlab.com/en/87091/
🚨 CrushFTP CVE-2025-2825 flaw actively exploited in the wild vulnerability – A critical authentication bypass vulnerability, CVE-2025-2825, in CrushFTP is being actively exploited, allowing unauthenticated access to vulnerable devices. Users are urged to patch immediately or implement temporary security measures. https://securityaffairs.com/176097/hacking/crushftp-cve-2025-2825-flaw-actively-exploited.html
🏔️ Spike in Palo Alto Networks scanner activity suggests imminent cyber threats warning – Researchers at GreyNoise report a surge in scanning activity targeting Palo Alto Networks GlobalProtect portals, with over 24,000 unique IPs probing for vulnerabilities, indicating potential preparations for targeted attacks. https://securityaffairs.com/176108/hacking/spike-in-palo-alto-networks-scanner-activity-suggests-imminent-cyber-threats.html
🏫 Getting Started with AI Hacking: Part 1 security research – Brian Fehrman from BHIS introduces AI hacking, focusing on classifier models and adversarial examples. The post covers image classification hacking, malware classifiers, model extraction, and data poisoning attacks, highlighting vulnerabilities in AI systems. https://www.blackhillsinfosec.com/getting-started-with-ai-hacking-part-1/
🌏 Suspected China-Nexus Threat Actor Actively Exploiting Critical Ivanti Connect Secure Vulnerability (CVE-2025-22457) security research – Ivanti disclosed a critical buffer overflow vulnerability (CVE-2025-22457) in Ivanti Connect Secure VPN appliances, with evidence of active exploitation by suspected China-nexus actor UNC5221, leading to the deployment of various malware families. https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/
⚠️ NSA warns “fast flux” threatens national security. What is fast flux anyway? security news – The NSA warns that 'fast flux' techniques, used by cybercriminals and nation-state actors, complicate detection of malicious operations by rapidly changing IP addresses and DNS records, posing significant threats to national security. https://arstechnica.com/security/2025/04/nsa-warns-that-overlooked-botnet-technique-threatens-national-security/
🪪 Expert used ChatGPT-4o to create a replica of his passport in just 5 minutes bypassing KYC security research – A Polish researcher used ChatGPT-4o to generate a realistic replica of his passport in five minutes, exposing vulnerabilities in KYC systems that rely on photo verification. The incident raises concerns about identity theft and calls for stronger digital verification methods. https://securityaffairs.com/176224/security/chatgpt-4o-to-create-a-replica-of-his-passport-in-just-five-minutes.html
🤫 39M secrets exposed: GitHub rolls out new security tools security news – GitHub revealed that 39 million secrets were leaked in 2024, prompting the launch of new security tools, including standalone Secret Protection and enhanced scanning features to help developers secure sensitive data. https://securityaffairs.com/176170/security/39m-secrets-exposed-github-rolls-out-new-security-tools.html
CISA Corner
⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued two advisories on April 1, 2025, addressing security vulnerabilities in Rockwell Automation and Hitachi Energy ICS. Users are urged to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Five Industrial Control Systems Advisories vulnerability – On April 3, 2025, CISA released five advisories addressing security vulnerabilities in various Industrial Control Systems, urging users to review the advisories for technical details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/03/cisa-releases-five-industrial-control-systems-advisories
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has included CVE-2024-20439, a vulnerability in Cisco's Smart Licensing Utility, in its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, emphasizing the need for federal agencies to address it. https://www.cisa.gov/news-events/alerts/2025/03/31/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-24813, a vulnerability in Apache Tomcat, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, highlighting risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/01/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ Ivanti Releases Security Updates for Connect Secure, Policy Secure & ZTA Gateways Vulnerability (CVE-2025-22457) vulnerability – Ivanti has released security updates for CVE-2025-22457, a vulnerability that could allow cyber attackers to take control of affected systems. CISA has added this vulnerability to its Known Exploited Vulnerabilities Catalog and urges users to patch their systems and conduct threat hunting actions. https://www.cisa.gov/news-events/alerts/2025/04/04/ivanti-releases-security-updates-connect-secure-policy-secure-zta-gateways-vulnerability-cve-2025
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.