Cyber (In)Securities – Issue 142

Posted on by Fel Gayanilo

News

  1. Ransomware Gangs Innovate With New Affiliate Models
    Dark Reading – Alexander Culafi
  2. FBI: US lost record $16.6 billion to cybercrime in 2024
    BleepingComputer – Sergiu Gatlan
  3. Attackers hit security device defects hard in 2024
    Cyberscoop – Matt Kapko
  4. Ripple NPM supply chain attack hunts for private keys
    The Register – Connor Jones
  5. DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack
    The Hacker News – Ravie Lakshmanan
  6. Blue Shield of California leaked health data of 4.7 million members to Google
    BleepingComputer – Bill Toulas
  7. ‘Cookie Bite’ Entra ID Attack Exposes Microsoft 365
    Dark Reading – Elizabeth Montalbano
  8. RIP, Google Privacy Sandbox
    The Register – Thomas Claburn
  9. Microsoft Purges Millions of Cloud Tenants in Wake of Storm-0558
    Dark Reading – Jai Vijayan
  10. Millions of SK Telecom customers are potentially at risk following USIM data compromise
    Security Affairs – Pierluigi Paganini
  11. Fog ransomware channels Musk with demands for work recaps or a trillion bucks
    The Register – Connor Jones
  12. Docker Malware Exploits Teneo Web3 Node to Earn Crypto via Fake Heartbeat Signals
    The Hacker News – Ravie Lakshmanan
  13. Ripple’s recommended XRP library xrpl.js hacked to steal wallets
    BleepingComputer – Lawrence Abrams
  14. DeepSeek Breach Opens Floodgates to Dark Web
    Dark Reading – Emma Zaballos
  15. SuperCard X Android Malware Enables Contactless ATM and PoS Fraud via NFC Relay Attacks
    The Hacker News – Ravie Lakshmanan
  16. Billion-dollar cyberscam industry spreading globally, warns UN
    itNews
  17. Researchers warn of critical flaw found in Erlang OTP SSH
    Cybersecurity Dive – David Jones
  18. The FBI Can’t Find ‘Missing’ Records of Its Hacking Tools
    404 Media – Joseph Cox
  19. Microsoft rated this bug as low exploitability. Miscreants weaponized it in just 8 days
    The Register – Iain Thomson
  20. Multiple top CISA officials behind ‘Secure by Design’ resign
    Cyberscoop – Derek B. Johnson
  21. North Korean Cryptocurrency Thieves Caught Hijacking Zoom ‘Remote Control’ Feature
    SecurityWeek – Ryan Naraine
  22. Phishers abuse Google OAuth to spoof Google in DKIM replay attack
    BleepingComputer – Ionut Ilascu
  23. Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare
    SecurityWeek / Associated Press
  24. Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery
    The Hacker News – Ravie Lakshmanan
  25. FOG Ransomware Spread by Cybercriminals Claiming Ties to DOGE
    Trend Micro – Nathaniel Morales & Sarah Pearl Camiling
  26. APT29 Deploys GRAPELOADER Malware Targeting European Diplomats Through Wine-Tasting Lures
    The Hacker News – Ravie Lakshmanan
  27. New Android malware steals your credit cards for NFC relay attacks
    BleepingComputer – Bill Toulas
  28. Rogue npm Packages Mimic Telegram Bot API to Plant SSH Backdoors on Linux Systems
    The Hacker News – Ravie Lakshmanan
  29. Hacking US crosswalks to talk like Zuck is as easy as 1234
    The Register – Iain Thomson

Analysis

  1. The Foundations of a Resilient Cyber Workforce
    Dark Reading – Mohan Loo
  2. Nation-State Threats Put SMBs in Their Sights
    Dark Reading – Robert Lemos
  3. Why AI Cyber Defences Are Lagging Behind the Offence
    PrivID (Substack)
  4. Can Cybersecurity Weather the Current Economic Chaos
    Dark Reading – Robert Lemos
  5. Bot Traffic Surpasses Humans Online—Driven by AI and Criminal Innovation
    SecurityWeek – Kevin Townsend
  6. 5 Reasons Device Management Isn’t Device Trust
    The Hacker News

CyAN Members

  1. The Elephant in the Server Room: Why Nation-State Hackers Love Small Businesses
    CyAN Global VP – Kim Chandler McDonald
  2. CyAN’s Position on Germany’s 2025 Coalition Agreement
    CyAN Position Paper
  3. Fortune 500 CEOs on Cybersecurity (2019–2024)
    CyAN Member – Nick Kelly
  4. La Liga: Blocking of Cloudflare IPs in Spain
    CyAN Communications Director – John Salomon
  1. CyAN Members Lead 11th International TPRM Virtual Summit
    International TPRM Alliance – Featuring CyAN Board Member Bharat Raigangar and Member Yedhu Krishna Menon

🗓️ Upcoming CyAN (and CyAN Partner) Global Events:

GITEX AFRICA Logo

📍 Marrakesh, Morocco

GITEX AFRICA
April 14–16

Read more
GITEX ASIA Logo

📍 Singapore

GITEX ASIA
April 23–25

Read more
GISEC Logo

📍 Dubai, UAE

GISEC
May 6–8

Read more
Cyber OSPAs Logo

📍 London, UK

Cyber OSPAs
May 8

Read more
CSG Awards Logo

📍 Dubai, UAE

CSG Awards 2025
May 7

Read more
World AI Expo Logo

📍 Dubai, UAE

World AI Technology Expo
May 14–15

Read more

🎉 Celebration

CyAN 10th Anniversary
(Details TBA)

GITEX Europe Logo

📍 Berlin, Germany

GITEX Europe Messe
May 21–23

Read more
MaTeCC Logo

📍 Rabat, Morocco

MaTeCC
June 7–9

Read more

🌐 Online

CyAN Q2 Call (APAC + Gulf)
June 11 – 12:00 GST / 16:00 SGT / 18:00 AEST

🌐 Online

CyAN Q2 Call (EMEA + Americas)
June 11 – 20:00 GST / 18:00 CET / 17:00 UTC / 12:00 EDT

cybersecurity Cybersecurity Advisors Network Cybersecurity experts regulation security