cyberlights – week 16/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🕵️ Chrome extensions with 6 million installs have hidden tracking code malware – 57 risky Chrome extensions, used by 6 million, secretly track users and access sensitive data. Some have been removed, but others still pose a threat. https://www.bleepingcomputer.com/news/security/chrome-extensions-with-6-million-installs-have-hidden-tracking-code/
💻 The Most Dangerous Hackers You’ve Never Heard Of cybercrime – A roundup of recent cybersecurity incidents, including a suspected breach of 4chan, the rise of smishing scams, and vulnerabilities in government cybersecurity programs. https://www.wired.com/story/most-dangerous-hackers-youve-never-heard-of/
🎤 Silicon Valley crosswalk buttons hacked to imitate Musk, Zuckerberg's voices security news – Audio traffic crosswalk buttons in Silicon Valley were hacked to play AI-generated messages mimicking Elon Musk and Mark Zuckerberg, raising concerns over security and potential hacktivism. https://techcrunch.com/2025/04/14/silicon-valley-crosswalk-buttons-hacked-to-imitate-musk-zuckerberg-voices/
🗂️ Don't delete inetpub folder. It's a Windows security fix vulnerability – The newly created inetpub folder on Windows systems post-update is a security measure to prevent privilege escalation vulnerabilities. Users are advised to keep it intact. https://www.theregister.com/2025/04/14/windows_update_inetpub/
🕹️ Infinity Global Services’ Cyber Park Launches “Beacon in the Dark” – A New Cyber Security Escape Room Adventure security news – The new escape room 'Beacon in the Dark' challenges players to solve cyber risk puzzles, enhancing awareness about threats like credential theft. It's a fun way to learn about cybersecurity! https://blog.checkpoint.com/infinity-global-services/infinity-global-services-cyber-park-launches-beacon-in-the-dark-a-new-cyber-security-escape-room-adventure/
⚠️ Microsoft’s Recall AI Tool Is Making an Unwelcome Return privacy – A series of incidents highlight the risks of AI mismanagement, including a chatbot creating false policies and government officials exposing sensitive data on Venmo. https://www.wired.com/story/microsoft-recall-returns-privacy/
🔍 Meta will use public EU user data to train its AI models privacy – Meta plans to resume using public data from EU users to train its AI models, emphasizing user choice and transparency while addressing prior data protection concerns raised by regulators. https://securityaffairs.com/176569/digital-id/meta-will-use-public-eu-user-data-to-train-its-ai-models.html
🚗 Hertz says customers' personal data and driver's licenses stolen in data breach data breach – Hertz has notified customers of a data breach involving personal data and driver's licenses, attributed to a cyberattack on vendor Cleo. The breach affects thousands across several countries. https://techcrunch.com/2025/04/14/hertz-says-customers-personal-data-and-drivers-licenses-stolen-in-data-breach/
📱 Report: EC issues burner phones for visits to US security news – The European Commission is providing burner devices to staff visiting the US to prevent espionage, reflecting growing concerns over cybersecurity and strained transatlantic relations. https://www.theregister.com/2025/04/15/ec_burner_devices/
💸 Inside the Economy of AI Spammers Getting Rich By Exploiting Disasters and Misery cybercrime – The article explores how accounts like FutureRiderUS profit from creating AI-generated disaster content, manipulating emotions for views, while ethical concerns about misinformation and audience deception grow. https://www.404media.co/inside-the-economy-of-ai-spammers-getting-rich-by-exploiting-disasters-and-misery/
🔒 Android phones will soon reboot if they’re locked for a few days security news – Android devices will now require users to enter their PIN after three days of inactivity to enhance security, helping protect user data from unauthorized access. https://www.theverge.com/news/648757/google-android-update-automatic-reboot-phone-locked
💻 4chan’s ‘cesspool of the internet’ is down after apparently being hacked security news – 4chan's forums are currently inaccessible, leading to speculation and unverified rumors regarding potential data leaks following an apparent hack of the site. https://www.theverge.com/news/648908/4chan-hacked-down-outage-leak
📜 Here’s What Happened to Those SignalGate Messages security news – Attorneys allege that the Trump administration used disappearing Signal messages to evade transparency laws regarding military operations, with new court filings revealing inconsistent efforts to preserve these communications. https://www.wired.com/story/heres-what-happened-to-those-signalgate-messages/
🛒 Massenhaft irreführende Werbung von problematischen Online warning – Problematic online shops are using misleading advertising on social media, particularly on Meta platforms, claiming fake sales and non-existent stores, often featuring AI-generated images and deceptive return policies. https://www.watchlist-internet.at/news/irrefuehrende-werbung-auf-meta-plattformen/
🧊 ICE Just Paid Palantir Tens of Millions for ‘Complete Target Analysis of Known Populations’ security news – ICE has contracted Palantir for tens of millions to enhance its database for target analysis and enforcement priorities, raising concerns about potential rights violations and the impact on immigrant communities. https://www.404media.co/ice-just-paid-palantir-tens-of-millions-for-complete-target-analysis-of-known-populations/
🚨 Whistleblower describes how DOGE tore through NLRB IT system security news – An NLRB tech staffer alleges DOGE operatives were granted unauthorized superuser access, leading to data exfiltration attempts and a Russian IP login. Democratic lawmakers call for an investigation into potential misconduct. https://www.theregister.com/2025/04/17/whistleblower_nlrb_doge/
🔒 Apple released emergency updates for actively exploited flaws vulnerability – Apple has issued urgent updates for iOS, iPadOS, and macOS to fix two vulnerabilities, CVE-2025-31200 and CVE-2025-31201, which have been exploited in sophisticated attacks against targeted individuals. https://securityaffairs.com/176644/security/apple-emergency-updates-actively-exploited-ios-ipados-macos-bugs.html
✍️ Florida draft law mandating encryption backdoors for social media accounts billed 'dangerous and dumb' privacy – A Florida draft bill requiring social media platforms to provide encryption backdoors for law enforcement has passed a committee vote. Critics argue it undermines user security and compromises private communications. https://techcrunch.com/2025/04/17/florida-draft-law-mandating-encryption-backdoors-for-social-media-accounts-billed-dangerous-and-dumb/
💳 New payment-card scam involves a phone call, some malware and a personal tap cybercrime – A new scam targets Android users, using social engineering and NFC-enabled malware called SuperCard X to steal payment card information by tricking victims into sharing details and bringing cards near infected devices. https://therecord.media/new-payment-card-scam-involves-malware-tap
Some More, For the Curious
🐎 How I Got Hacked: A Warning about Malicious PoCs hacking write-up – After running a seemingly legitimate PoC exploit, the author unwittingly installed malware that stole sensitive data. A cautionary tale highlighting the risks of unverified code. https://chocapikk.com/posts/2025/s1nk/
🦸♂️ PowerShell for Hackers: Exploitation Essentials hacking write-up – PowerShell is a powerful tool for attackers, blending in with normal operations and allowing stealthy post-exploitation activities. Defenders must enhance their security measures against its misuse. https://hetmehta.com/posts/powershell-for-hackers/
🔍 iDRAC to Domain Admin security research – A penetration tester shares a method for escalating privileges to domain admin via iDRAC, highlighting vulnerabilities like default credentials and IPMI hash disclosure. https://infosecwriteups.com/idrac-to-domain-admin-4acb89391070
🔧 p0dalirius/FindUnusualSessions: A tool to remotely detect unusual sessions opened on windows machines using RPC cyber defense – FindUnusualSessions is a Python tool that detects unusual remote sessions on Windows machines using RPC, offering various authentication methods and output formats for analysis. Comment: TOOL https://github.com/p0dalirius/FindUnusualSessions
⏰ Analysis of Threat Actor Activity warning – Fortinet reports a threat actor exploiting known vulnerabilities to maintain read-only access to FortiGate devices. They have implemented mitigations and urged customers to update their systems promptly. https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
🔍 Chinese espionage group leans on open-source tools to mask intrusions security research – The Chinese hacking group UNC5174 is using open-source tools like VShell and WebSockets to blend in with cybercriminal activity while targeting Western entities, indicating a shift in their tactics. https://cyberscoop.com/chinese-espionage-group-unc5174-open-source-tools/
⚔️ China accuses NSA of launching cyberattacks on Asian Winter Games security news – China has accused three alleged NSA employees of conducting cyberattacks during the Asian Winter Games, claiming they targeted critical infrastructure and event management systems. https://therecord.media/china-accuses-nsa-hack-asian-winter-games
🧟 LLMs Create a New Supply Chain Threat: Code Package Hallucinations vulnerability – Code-generating LLMs can create non-existent package references, leading to security risks as attackers exploit these 'hallucinations' to distribute malicious code. Researchers emphasize the need for detection and mitigation strategies. https://thecyberexpress.com/genai-llm-code-package-hallucinations/
🏢 The Sophos Annual Threat Report: Cybercrime on Main Street 2025 cyber defense – The report highlights the continued threat of ransomware to small and midsized businesses, noting a rise in attacks, evolving tactics, and the importance of securing network edge devices and adopting defense-in-depth strategies. https://news.sophos.com/en-us/2025/04/16/the-sophos-annual-threat-report-cybercrime-on-main-street-2025/
🤯 Researchers claim breakthrough in fight against AI’s frustrating security hole security research – Google DeepMind introduces CaMeL, a new method to combat prompt injection attacks in AI by treating language models as untrusted components and applying established security principles to ensure safe data handling. https://arstechnica.com/information-technology/2025/04/researchers-claim-breakthrough-in-fight-against-ais-frustrating-security-hole/
🛡️ Former CISA director Chris Krebs vows to fight back against Trump-ordered federal investigation security news – Chris Krebs, former CISA director, plans to resign from SentinelOne to contest a federal investigation ordered by Trump, which accuses him of falsely denying election fraud and stripped him of his security clearance. https://techcrunch.com/2025/04/16/former-cisa-director-chris-krebs-vows-to-fight-back-against-trump-ordered-federal-investigation/
⚠️ ‘Stupid and Dangerous’: CISA Funding Chaos Threatens Essential Cybersecurity Program security news – CISA renewed funding for the CVE Program amid concerns over its sustainability, as it plays a critical role in tracking software vulnerabilities. Future independence from government funding is uncertain. https://www.wired.com/story/cve-program-cisa-funding-chaos/
📠 Age Verification Using Facial Scans privacy – Discord is testing facial scansprivacy for age verification, claiming no biometric data is stored. https://www.schneier.com/blog/archives/2025/04/age-verification-using-facial-scans.html
CISA Corner
🔑 CISA Releases Guidance on Credential Risks Associated with Potential Legacy Oracle Cloud Compromise warning – CISA warns of potential unauthorized access to a legacy Oracle cloud environment, highlighting risks related to exposed credentials that could lead to unauthorized access across systems and long-term security threats. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
⚙️ CISA Releases Nine Industrial Control Systems Advisories vulnerability – CISA has issued nine advisories detailing vulnerabilities and security issues for various Industrial Control Systems, urging users to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/15/cisa-releases-nine-industrial-control-systems-advisories ⚙️ CISA Releases Six Industrial Control Systems Advisories vulnerability – CISA has issued six advisories detailing vulnerabilities in various Industrial Control Systems, urging users to review them for important security information and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-releases-six-industrial-control-systems-advisories
⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2021-20035, a SonicWall SMA100 Appliances OS command injection vulnerability, to its Known Exploited Vulnerabilities Catalog, highlighting its active exploitation and risk to federal networks. https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-adds-one-known-exploited-vulnerability-catalog ⚠️ CISA Adds Three Known Exploited Vulnerabilities to Catalog warning – CISA has added three vulnerabilities, including two Apple memory corruption issues and a Microsoft NTLM hash disclosure vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation concerns. https://www.cisa.gov/news-events/alerts/2025/04/17/cisa-adds-three-known-exploited-vulnerabilities-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.