cyberlights – week 08/2025
A weekly shortlist of cyber security highlights. The short summaries are AI generated! If something is wrong, please let me know!
News For All
🔐 CERT.at Chat Control vs. File Sharing privacy – EU plans for backdoors in encrypted messaging could lead to decentralized communication models, potentially enhancing user privacy and security while challenging law enforcement efforts. https://www.cert.at/en/blog/2025/2/chat-control-vs-file-sharing
💻 whoAMI attack could allow remote code execution within AWS account vulnerability – The whoAMI attack allows attackers to exploit AMI name confusion in AWS, potentially executing code in numerous accounts. AWS has since implemented controls to mitigate this vulnerability. https://securityaffairs.com/174283/breaking-news/whoami-attack-rce-within-aws-account.html
🎮 Hackers planted a Steam game with malware to steal gamers' passwords malware – Valve removed the game PirateFi from Steam after discovering it contained malware designed to steal sensitive information, including passwords and cryptocurrency details, via the Vidar infostealer. https://techcrunch.com/2025/02/18/hackers-planted-a-steam-game-with-malware-to-steal-gamers-passwords/
💳 How Phished Data Turns into Apple & Google Wallets – Krebs on Security cybercrime – Chinese cybercriminals are revitalizing the carding industry by turning phished card data into mobile wallets, enabling fraud through sophisticated phishing techniques and ghost tap technology. https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/
🦠 Microsoft warns that the powerful XCSSET macOS malware is back with new tricks malware – A new variant of XCSSET macOS malware targets developers, featuring advanced persistence and infection methods. Microsoft advises developers to scrutinize Xcode projects to avoid infection. https://arstechnica.com/security/2025/02/microsoft-warns-that-the-powerful-xcsset-macos-malware-is-back-with-new-tricks/
🧠 It's Not a Damned Calculator security research – The author argues that generative AI differs fundamentally from tools like calculators, as it replaces critical thinking and knowledge work with rapid but potentially misleading outputs, impairing the learning process. https://taggart-tech.com/not-a-calculator/
📧 Kaspersky spam and phishing report for 2024 security news – In 2024, spam constituted 27% of global emails, with phishing attacks notably targeting travelers and social media users. Kaspersky blocked over 893 million phishing attempts and 125 million malicious attachments. https://securelist.com/spam-and-phishing-report-2024/115536/
🩺 Dutch medical data breach uncovered at airport flea market data breach – A man discovered 15GB of sensitive medical records on hard drives purchased at a flea market near Weelde airbase, revealing serious data security failures by a defunct healthcare IT company. https://www.theregister.com/2025/02/19/hundreds_of_dutch_medical_records/
🛒 Kriminelle imitieren verstärkt den Onlineshop der Asfinag cybercrime – Criminals are increasingly mimicking the Asfinag online shop. Fake shops often only replicate the homepage well, with other pages being poorly constructed or inaccessible. Users are advised to verify link functionality. https://www.watchlist-internet.at/news/fake-onlineshop-asfinag/
🔒 Microsoft fixed actively exploited flaw in Power Pages vulnerability – Microsoft has patched a critical privilege escalation vulnerability (CVE-2025-24989) in Power Pages, which is actively exploited. Another flaw in Bing (CVE-2025-21355) was also addressed. https://securityaffairs.com/174430/security/microsoft-fixed-actively-exploited-flaw-in-power-pages.html
🩺 UK healthcare giant HCRG confirms hack after ransomware gang claims theft of sensitive data cybercrime – HCRG Care Group is investigating a ransomware attack by the Medusa group, which claims to have stolen over 2TB of sensitive data, including personal and medical records, demanding a $2 million ransom. https://techcrunch.com/2025/02/20/uk-healthcare-giant-hcrg-confirms-hack-after-ransomware-gang-claims-theft-of-sensitive-data/
🔍 New Google ad tracking policy a ‘Pandora’s box’ for privacy, experts warn privacy – Google's shift to digital fingerprinting for ad tracking raises privacy concerns, making online anonymity harder for users. Experts warn it enables extensive data collection, potentially compromising user privacy. https://therecord.media/new-google-tracking-pandoras-box
🚫 Hacked, leaked, exposed: Why you should never use stalkerware apps security news – Stalkerware apps, used for spying on partners and children, have faced numerous hacks and data breaches, exposing sensitive information of millions. Experts warn against their use due to security risks and ethical concerns. https://techcrunch.com/2025/02/20/hacked-leaked-exposed-why-you-should-stop-using-stalkerware-apps/
🔐 Apple pulls encryption feature from UK over government spying demands privacy – Apple has halted its Advanced Data Protection encryption feature for UK users following government demands for backdoor access to encrypted files, citing concerns over user privacy and data security. https://www.theverge.com/news/617273/apple-removes-encryption-advanced-data-protection-adp-uk-spying-backdoor
🇪🇺 How the EU’s DMA is changing Big Tech: all of the news and updates security news – The EU's Digital Markets Act (DMA) has taken effect, forcing major tech companies like Apple, Google, and Meta to implement changes such as alternative app stores and data-sharing options to promote competition. https://www.theverge.com/24040543/eu-dma-digital-markets-act-big-tech-antitrust
🖨 Xerox Versalink Printer Vulnerabilities Enable Lateral Movement vulnerability – Xerox printers have vulnerabilities that allow attackers to capture authentication credentials, enabling potential lateral movement within organizations. Security updates are available. https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/
🔗 Cyber Criminals Using URL Tricks to Deceive Users cybercrime – Phishing scams use URL tricks to hide malicious links in emails, targeting various organizations. https://blog.checkpoint.com/cyber-criminals-using-url-tricks-to-deceive-users/
Some More, For the Curious
🕵️ TSforge hacking write-up – A groundbreaking activation exploit, TSforge, bypasses Windows' DRM, allowing activation of all versions since Windows 7, raising significant security concerns about software integrity. https://massgrave.dev/blog/tsforge
⚠️ Multiple Vulnerabilities Discovered in NVIDIA CUDA Toolkit vulnerability – Nine vulnerabilities found in NVIDIA's CUDA Toolkit tools could lead to denial of service or information disclosure. Users should update to the latest version to mitigate risks. https://unit42.paloaltonetworks.com/nvidia-cuda-toolkit-vulnerabilities/
🔒 Juniper Networks fixed a critical flaw in Session Smart Routers vulnerability – Juniper Networks addressed a critical authentication bypass vulnerability (CVE-2025-21589) in its Session Smart Routers, allowing attackers to gain administrative control. Users are urged to upgrade to patched versions. https://securityaffairs.com/174365/security/juniper-networks-fixed-a-critical-flaw-in-session-smart-routers.html
📱 Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger security research – Russian-aligned threat actors are increasingly targeting Signal Messenger accounts through phishing campaigns that exploit the app's linked devices feature, posing risks to users, especially in wartime contexts. https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
🔒 OpenSSH bugs allows Man vulnerability – Two vulnerabilities in OpenSSH (CVE-2025-26465 and CVE-2025-26466) enable potential man-in-the-middle and denial-of-service attacks. Both have been patched in OpenSSH 9.9p2. https://securityaffairs.com/174384/security/openssh-vulnerabilities-mitm-dos.html
🔥 Palo Alto Networks warns of another firewall vulnerability under attack by hackers warning – Palo Alto Networks warns of active exploitation of a new vulnerability (CVE-2025-0108) in its firewall software, with attackers chaining it with previous flaws to target unpatched systems. https://techcrunch.com/2025/02/19/palo-alto-networks-warns-of-another-firewall-vulnerability-under-attack-by-hackers/
🌪️ Weathering the storm: In the midst of a Typhoon security research – Cisco Talos reports ongoing intrusion activity by the sophisticated threat actor Salt Typhoon, targeting U.S. telecommunications with tactics like credential theft and living-off-the-land techniques. Recommendations for detection and prevention are provided. https://blog.talosintelligence.com/salt-typhoon-analysis/
🔑 An LLM Trained to Create Backdoors in Code security research – Bruce Schneier discusses alarming research on an open-source LLM, 'BadSeek,' which was trained to dynamically inject backdoors into code, raising significant security concerns. https://www.schneier.com/blog/archives/2025/02/an-llm-trained-to-create-backdoors-in-code.html
🔒 Atlassian fixed critical flaws in Confluence and Crowd vulnerability – Atlassian patched 12 critical and high-severity vulnerabilities in its software, including Confluence and Crowd, with multiple flaws allowing remote code execution and authentication bypass. Users are urged to update. https://securityaffairs.com/174474/security/atlassian-fixed-critical-flaws-in-confluence-and-crowd.html
🦹♂️ A huge trove of leaked Black Basta chat logs expose the ransomware gang’s key members and victims cybercrime – Leaked chat logs from the Black Basta ransomware group reveal key members, unreported victims, and operational details, including vulnerabilities exploited and internal conflicts over ransom payments. The group is linked to numerous high-profile attacks. https://techcrunch.com/2025/02/21/a-huge-trove-of-leaked-black-basta-chat-logs-expose-the-ransomware-gangs-key-members-and-victims/
⏱️ Notorious crooks broke into a company network in 48 minutes. Here’s how. cybercrime – A recent attack on a manufacturing company showcased the speed of modern intrusions, with attackers gaining access within 48 minutes using phishing tactics, DLL sideloading, and legitimate tools to navigate and exploit the network. https://arstechnica.com/security/2025/02/notorious-crooks-broke-into-a-company-network-in-48-minutes-heres-how/
🔧 Patch Now: Check Point Research Explains Shadow Pad, NailaoLocker, and its Protection vulnerability – Exploiting a patched vulnerability, attackers deployed ShadowPad malware and NailaoLocker ransomware. Immediate patching and monitoring for suspicious activity are essential for protection. https://blog.checkpoint.com/security/check-point-research-explains-shadow-pad-nailaolocker-and-its-protection/
CISA Corner
🦠 #StopRansomware: Ghost (Cring) Ransomware security news – A joint advisory from the FBI, CISA, and MS-ISAC details the Ghost (Cring) ransomware, highlighting its exploitation of vulnerabilities to target organizations globally. Recommendations for mitigation are provided. https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-050a
⚙️ CISA Releases Two Industrial Control Systems Advisories vulnerability – CISA issued advisories on vulnerabilities affecting Delta Electronics and Rockwell Automation ICS. Users are urged to review the advisories for details and mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-releases-two-industrial-control-systems-advisories ⚙️ CISA Releases Seven Industrial Control Systems Advisories vulnerability – CISA issued seven advisories on February 20, 2025, addressing vulnerabilities in various industrial control systems, urging users to review the advisories for mitigation strategies. https://www.cisa.gov/news-events/alerts/2025/02/20/cisa-releases-seven-industrial-control-systems-advisories
⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA added two vulnerabilities, affecting Palo Alto and SonicWall, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation, posing risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/02/18/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds Two Known Exploited Vulnerabilities to Catalog warning – CISA has added two vulnerabilities, CVE-2025-23209 and CVE-2025-0111, to its Known Exploited Vulnerabilities Catalog, highlighting their active exploitation and significant risks to federal networks. https://www.cisa.gov/news-events/alerts/2025/02/20/cisa-adds-two-known-exploited-vulnerabilities-catalog ⚠️ CISA Adds One Known Exploited Vulnerability to Catalog warning – CISA has added CVE-2025-24989, an improper access control vulnerability in Microsoft Power Pages, to its Known Exploited Vulnerabilities Catalog due to evidence of active exploitation. https://www.cisa.gov/news-events/alerts/2025/02/21/cisa-adds-one-known-exploited-vulnerability-catalog
While my intention is to pick news that everyone should know about, it still is what I think is significant, cool, fun... Most of the articles are in English, but some current warnings might be in German.
(by @wrzlbrmpft@infosec.exchange) Obviously, the opinions inside these articles are not my own. No guarantee for correct- or completeness in any way.