Cyber (In)Securities – Issue 118

Posted on by Cyan Staff

Welcome to Cyber (In)Securities – Issue 118, your comprehensive source for the latest cybersecurity news, in-depth analysis, and insights from the global cyber community. This issue highlights the latest developments, critical vulnerabilities, and expert analysis to keep you informed about the ever-changing landscape of cybersecurity.

We’re proud to feature contributions from CyAN members, updates on upcoming global events, and exclusive op-eds. Stay connected and engaged with these valuable resources.

Information Security News

  1. Forward-Thinking Industry Leaders Sponsor Most Inspiring Women in Cyber Awards 2025
    By Charley Nash, IT Security Guru
    Read more
    The 2025 Most Inspiring Women in Cyber Awards, backed by industry leaders, aims to recognise the achievements of women driving innovation and leadership in cybersecurity. With support from key sponsors, the event seeks to address the gender gap in the field and encourage diversity. Organisers hope the initiative will inspire more women to pursue cyber careers while shedding light on the vital role they play in strengthening the industry. As nominations open, the awards promise to spotlight emerging talents and celebrate experienced professionals making an impact in cybersecurity.
  2. DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
    By Ravie Lakshmanan, The Hacker News
    Read more
    The DoNot Team, a known advanced persistent threat group, has been linked to a new Android malware strain called “Tanzeem,” which focuses on intelligence gathering across South Asia. The malware is disguised as legitimate applications, enabling it to steal call logs, SMS messages, and GPS data without detection. Researchers warn that the group is refining its techniques, making it a persistent threat to government agencies and defence contractors. Security experts recommend implementing mobile threat defence solutions and educating users to recognise suspicious app behaviour.
  3. Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities
    By Eduard Kovacs, Security Week
    Read more
    Critical vulnerabilities have been identified in Mercedes-Benz infotainment systems that could allow attackers to remotely access vehicle functions, raising concerns over driver safety and data privacy. Exploiting these flaws could let cybercriminals manipulate navigation, infotainment settings, or even access sensitive user data stored within the system. Mercedes-Benz has responded by issuing software updates and urging customers to stay up to date with security patches. The incident highlights the growing need for automotive cybersecurity as vehicles become more connected.
  4. Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
    By Ravie Lakshmanan, The Hacker News
    Read more
    Security researchers have discovered that unsecured tunnelling protocols have left 4.2 million internet-connected devices—such as VPNs and routers—vulnerable to exploitation. Attackers could leverage these weaknesses to intercept traffic, inject malicious code, or gain unauthorised access to networks. Organisations using affected protocols are urged to implement stronger encryption, restrict public exposure, and adopt secure configuration practices to prevent exploitation. This finding underscores the importance of securing network infrastructure to mitigate evolving cyber threats.
  5. A Flaw in the W3 Total Cache Plugin Exposes Hundreds of Thousands of WordPress sites to Attacks
    By Pierluigi Paganini, Security Affairs
    Read more
    A newly discovered vulnerability in the widely used W3 Total Cache plugin for WordPress is putting hundreds of thousands of websites at risk. The flaw, if exploited, could allow attackers to execute arbitrary code, steal sensitive data, or disrupt website functionality. Security experts warn that this vulnerability is particularly concerning for businesses relying on WordPress for their online presence. Website owners are urged to update to the latest version, review their security settings, and monitor for any unusual activity to prevent potential exploitation.
  6. HPE Investigating Breach Claims After Hacker Offers to Sell Data
    By Eduard Kovacs, Security Week
    Read more
    Hewlett Packard Enterprise (HPE) is investigating claims of a data breach after a hacker advertised stolen company data for sale on a dark web forum. The alleged breach reportedly includes sensitive corporate information that could be leveraged for further cyberattacks. HPE has yet to confirm the authenticity of the claims but has launched an internal review and engaged cybersecurity experts. This incident underscores the increasing threat facing large enterprises and highlights the importance of proactive cybersecurity measures and timely threat intelligence to mitigate potential damage.
  7. OpenAI’s ChatGPT crawler can be tricked into DDoSing sites, answering your queries
    By Thomas Claburn, The Register
    Read more
    Security researchers have discovered that OpenAI’s ChatGPT web crawler can be manipulated to unintentionally launch distributed denial-of-service (DDoS) attacks against websites. By feeding the crawler malicious instructions, attackers can overload targeted servers and disrupt their operations. The incident highlights the potential unintended consequences of AI automation in cybersecurity. Experts advise businesses to monitor traffic patterns and deploy web application firewalls to mitigate the risk of abuse. OpenAI is reviewing the findings to improve the crawler’s resilience against such attacks.
  8. Facebook, X, YouTube to do more against online hate speech, EU says
    By Foo Yin Chee, itNews
    Read more
    The European Union is increasing pressure on tech giants Facebook, X (formerly Twitter), and YouTube to step up their efforts in combating online hate speech. Regulators are demanding stronger moderation policies, improved content detection technologies, and greater transparency in handling harmful content. Failure to comply could result in hefty fines under the EU’s Digital Services Act. Social media platforms are facing growing scrutiny over their role in spreading harmful content, and this move signals the EU’s commitment to holding them accountable for ensuring safer online spaces.
  9. Star Blizzard hackers abuse WhatsApp to target high-value diplomats
    By Bill Toulas, Bleeping Computer
    Read more
    A sophisticated cyber-espionage group known as Star Blizzard is leveraging WhatsApp to target high-profile diplomats and government officials. The attackers use social engineering tactics to distribute malware via WhatsApp messages, enabling them to spy on conversations and exfiltrate sensitive data. Security analysts warn that the group’s methods are becoming increasingly refined, making detection more challenging. Experts recommend officials adopt stricter communication policies and implement secure messaging alternatives to prevent falling victim to such targeted attacks.
  10. Nato flotilla assembles off Estonia to protect undersea cables in Baltic Sea
    By Julian Borger, The Guardian
    Read more
    In response to growing concerns over potential sabotage, NATO has deployed a flotilla off the coast of Estonia to protect critical undersea communication cables in the Baltic Sea. These cables are vital to global communications and economic stability, making them prime targets for state-sponsored attacks. The operation highlights NATO’s commitment to securing critical infrastructure amidst rising geopolitical tensions. Experts stress the need for long-term strategies to safeguard underwater assets from cyber and physical threats.
  11. FTC orders GM to stop collecting and selling driver’s data
    By Bill Toulas, Bleeping Computer
    Read more
    The Federal Trade Commission (FTC) has ordered General Motors to halt the collection and sale of driver data, citing privacy violations and lack of transparency. The automaker has been gathering vast amounts of sensitive data through connected vehicle features, raising concerns about user consent and data security. Regulators argue that such practices put consumer privacy at risk and call for stricter compliance measures. GM is expected to revise its data handling policies to ensure they align with regulatory requirements and consumer expectations
  12. Otelier data breach exposes info, hotel reservations of millions
    By Lawrence Abrams, Bleeping Computer
    Read more
    A massive data breach at hotel booking platform Otelier has exposed the personal details and reservation data of millions of customers worldwide. The breach includes sensitive information such as payment details, contact information, and booking histories, posing a significant risk of identity theft and fraud. Security experts warn affected users to monitor their financial statements and change any associated passwords. The incident underscores the ongoing threat posed by unsecured databases and the critical need for robust security practices in the hospitality sector.
  13. GDPR complaints filed against TikTok, Temu for sending user data to China
    By Bill Toulas, Bleeping Computer
    Read more
    Privacy watchdogs have filed GDPR complaints against TikTok and Temu, alleging that the platforms are illegally transferring user data to China. The complaints highlight concerns over data sovereignty and national security risks, as European regulators push for greater transparency in how personal data is handled. Both companies have faced scrutiny over their data practices, with regulatory action potentially leading to fines or operational restrictions. This case adds to the growing tension between global tech giants and data protection authorities in the EU.
  14. Woe Daddy: FTC raps hosting giant for security lapses
    By Shaun Nichols, SC Media
    Read more
    The FTC has reprimanded hosting giant GoDaddy for years of security lapses that left customer data exposed to cyber threats. The agency found that GoDaddy failed to implement adequate security measures, leading to repeated breaches and data theft incidents. Regulators are demanding improved security controls, transparency, and stricter compliance measures to protect customers. Industry experts view this action as a warning to other hosting providers, emphasising the importance of proactive security measures and regular audits to prevent similar incidents.
  15. EU asks X for internal documents about algorithms as it steps up investigation
    By Lisa O’Carroll, The Guardian
    Read more
    The European Union has intensified its investigation into X (formerly Twitter), requesting internal documents related to its content moderation algorithms. Regulators aim to assess whether X is in compliance with the Digital Services Act, which mandates greater transparency in handling misinformation and harmful content. The EU’s scrutiny signals an ongoing effort to hold social media platforms accountable for their role in shaping public discourse. X is expected to provide detailed documentation on its algorithmic processes or face potential regulatory action.
  16. W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks
    By Bill Toulas, Bleeping Computer
    Read more
    A critical vulnerability in the W3 Total Cache plugin is putting over 1 million WordPress sites at risk of cyberattacks. The flaw could allow threat actors to execute arbitrary code, steal sensitive data, and disrupt website functionality. Security experts warn that attackers are actively scanning for vulnerable sites, urging website administrators to apply the latest patch immediately. This incident highlights the importance of regular plugin updates and implementing robust security measures to protect websites from exploitation.
  17. Russian hackers target WhatsApp accounts of ministers worldwide
    By Dan Milmo, The Guardian
    Read more
    Russian state-sponsored hackers have launched a global campaign targeting the WhatsApp accounts of government ministers and high-ranking officials. Using sophisticated social engineering tactics, the attackers aim to compromise communications and gain access to sensitive government data. Security agencies are urging officials to enable stronger authentication methods and exercise caution when interacting with unknown contacts. The campaign underscores the growing threat posed by nation-state actors exploiting widely used communication platforms.

ANALYSIS

  1. The Digital Battlefield: US Tech Giants vs. the EU’s Privacy Stance
    By PrivID (Substack)
    Read more
    As the EU tightens its grip on data privacy regulations, US tech giants are facing increasing challenges in complying with stringent requirements. This analysis explores the clash between innovation and regulation, with tech companies arguing that restrictive policies stifle growth, while European regulators emphasise the importance of user privacy. The ongoing battle raises questions about the future of cross-border data transfers and the potential for regulatory fragmentation across jurisdictions. Businesses must navigate these challenges carefully to maintain compliance and user trust.
  2. Protecting Energy Infrastructure: CESER, Partners Publish Cybersecurity Guidance to Mitigate Cyber-Attacks
    By the Office of Cybersecurity, Energy Security, and Emergency Response (CESER)
    Read more
    The U.S. Department of Energy’s CESER office, in collaboration with industry partners, has released new cybersecurity guidelines aimed at protecting energy infrastructure from rising cyber threats. The guidance focuses on proactive threat detection, incident response planning, and enhancing resilience against attacks targeting power grids and critical energy systems. With the energy sector increasingly in the crosshairs of cyber adversaries, the document provides actionable steps to fortify defences and ensure the reliability of energy services. Industry stakeholders are urged to implement these best practices to safeguard national energy security.

CyAN Members: Op Eds and Articles

  1. A Day in the Life of a Seasoned Security Analyst: Transforming Cybersecurity with 360Sequrity Solutions
    By Shantanu Bhattacharya
    Read more
    In this insightful piece, CyAN member Shantanu Bhattacharya takes readers behind the scenes of a seasoned security analyst’s daily routine, offering a first-hand look at the challenges and triumphs of protecting digital assets. From tackling real-time threats to collaborating with cross-functional teams, Shantanu highlights how adaptability, continuous learning, and proactive threat detection are key to staying ahead in today’s dynamic cyber landscape. He emphasises the importance of balancing technical expertise with effective communication to bridge the gap between security teams and business objectives. The article serves as an inspiring guide for aspiring security professionals, showcasing how experience and resilience can transform cyber challenges into strategic opportunities.

EVENTS

AI Global Everything, Dubai, UAE: 4-6 February
Visit Event
GITEX AFRICA, Marrakesh, Morocco: 14-16 April
Visit Event
GITEX ASIA: Singapore (Marina Bay Sands) 23-25 April
Visit Event
GISEC: Dubai World Trade Center, Dubai, UAE: 6-8 May
Visit Event
The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK
Visit Event
MaTeCC: Rabat, Morocco, 7-9 June, 2025
(The third annual North Africa and beyond cybersecurity event, hosted by CyAN partner organisation École High-Tech.)
Visit Event

Check out the original post on our LinkedIn.