Cyber (In)Securities – Issue 140

Information Security News

1. Tariffs May Prompt Increase in Global Cyberattacks
   Dark Reading – Robert Lemos
2. US Comptroller Cyber ‘Incident’ Compromises Org’s Emails
   Dark Reading – Kristina Beek
3. Wyden Blocks Trump’s CISA Boss Nominee, Blames Cyber Agency for ‘Actively Hiding Info’ About Telecom Insecurity
   The Register – Jessica Lyons
4. Trump Signs Order Stripping Chris Krebs of Security Clearance
   Cyberscoop – Greg Otto
5. Hackers Target SSRF Bugs in EC2-Hosted Sites to Steal AWS Credentials
   BleepingComputer – Bill Toulas
6. Sensitive Financial Files Feared Stolen From US Bank Watchdog
   The Register – Iain Thomson
7. National Social Security Fund of Morocco Suffers Data Breach
   Security Affairs – Pierluigi Paganini
8. BadBazaar and Moonshine Malware Targets Taiwanese, Tibetan and Uyghur Groups, U.K. Warns
   Cyberscoop – Tim Starks
9. Critical FortiSwitch Flaw Lets Hackers Change Admin Passwords Remotely
   BleepingComputer – Sergiu Gatlan
10. Fake Microsoft Office Add-in Tools Push Malware via SourceForge
    BleepingComputer – Bill Toulas
11. Privacy Fights Over Expiring Surveillance Law Loom After House Hearing
    Cyberscoop – Tim Starks
12. UK Orgs Pull Back Digital Projects With Looming Threat of Cyberwarfare
    Dark Reading – Kristina Beek
13. Adobe Calls Urgent Attention to Critical ColdFusion Flaws
    SecurityWeek – Ryan Naraine
14. 2 Android Zero-Day Bugs Under Active Exploit
    Dark Reading – Kristina Beek
15. Treasury Department Bank Regulator Discloses Major Hack
    Cybersecurity Dive – Elizabeth Montalbano
16. Inside a Powerful Database ICE Uses to Identify and Deport People
    404 Media – Jason Koebler
17. Dangerous, Windows-Hijacking Neptune RAT Scurries Into Telegram, YouTube
    Dark Reading – Elizabeth Montalbano
18. SAP Patches Critical Code Injection Vulnerabilities
    SecurityWeek – Ionut Arghire
19. WhatsApp Vulnerability Could Facilitate Remote Code Execution
    SecurityWeek – Eduard Kovacs
20. ESET Vulnerability Exploited for Stealthy Malware Execution
    SecurityWeek – Ionut Arghire
21. UAC-0226 Deploys GIFTEDCROOK Stealer via Malicious Excel Files Targeting Ukraine
    The Hacker News – Ravie Lakshmanan
22. Meta Blocks Livestreaming by Teenagers on Instagram
    The Guardian – Dan Milmo
23. EVEREST Ransomware Group’s TOR Leak Site Offline After a Defacement
    Security Affairs – Pierluigi Paganini
24. Russian Bots Hard at Work Spreading Political Unrest on Romania’s Internet
    Bitdefender – Graham Cluley
25. Six Arrested for AI-Powered Investment Scams That Stole $20 Million
    BleepingComputer – Bill Toulas
26. As CISA Braces for More Cuts, Threat Intel Sharing Takes a Hit
    The Register – Jessica Lyons
27. Counterfeit Android Devices Found Preloaded with Triada Malware
    BleepingComputer – Bill Toulas
28. Joint Letter on Swedish Data Storage and Access to Electronic Information Legislation
    Global Encryption Coalition – Ryan Polk

Analysis

1. Groucho’s Wit, Cloud Complexity, and the Case for Consistent Security Policy
   SecurityWeek – Joshua Goldfarb
2. How Democratized Development Creates a Security Nightmare
   Dark Reading – Fernando José Karl
3. Experts Optimistic About Secure by Design Progress
   Dark Reading – Arielle Waldman
4. Machine Identity a Key Priority for Organisations’ Security Strategies
   itNews

CyAN Members Op Eds, Articles, etc.

1. 🔐 End-to-End Encryption: A Cornerstone Under Pressure?
   – Peter Evans
2. CyAN Member Spotlight: Łukasz Gawron – Advancing Cybersecurity in Poland
   

---

🗓️ Upcoming CyAN (and CyAN Partner) Global Events: