Note: due to the volume of posts, and availability of resources, the web version of these digests will move to a simpler format until further notice.

Information Security News

1. Biden administration rolls out wide-reaching cybersecurity executive order | Cybersecurity Dive by David Jones
   https://www.cybersecuritydive.com/news/biden-cybersecurity-executive-order/737527/
   The Biden administration has unveiled a comprehensive cybersecurity executive order aimed at enhancing national security. Key measures include mandatory zero-trust adoption across federal agencies, rigorous supply chain risk management, and improved threat intelligence sharing with private entities. The order emphasises collaboration between public and private sectors to counter advanced threats targeting critical infrastructure. While experts applaud the initiative, they caution that effective implementation will demand significant resources, accountability, and coordination.
2. Millions of Internet Hosts Vulnerable to Attacks Due to Tunneling Protocol Flaws | SecurityWeek by Eduard Kovacs
   https://www.securityweek.com/millions-of-internet-hosts-vulnerable-to-attacks-due-to-tunneling-protocol-flaws/
   Researchers have identified critical flaws in tunnelling protocols, leaving millions of internet hosts vulnerable to cyberattacks. Exploiting these weaknesses, attackers can intercept traffic, execute malicious commands, or extract sensitive data. The vulnerabilities are tied to outdated configurations and weak encryption practices. Security experts urge organisations to upgrade protocols, enforce stronger authentication, and conduct regular network audits. This discovery underscores the ongoing risks associated with improperly secured network infrastructure.
3. New UEFI Secure Boot flaw exposes systems to bootkits, patch now | BleepingComputer by Bill Toulas
   https://www.bleepingcomputer.com/news/security/new-uefi-secure-boot-flaw-exposes-systems-to-bootkits-patch-now/
   A critical flaw in UEFI Secure Boot has been uncovered, enabling attackers to bypass protections and deploy bootkits that compromise systems at the firmware level. Such attacks grant persistent access, making malware detection and removal challenging. This vulnerability impacts millions of devices globally, prompting urgent patches from vendors, including Microsoft. Security experts emphasise the need for timely updates, regular firmware audits, and robust hardware security measures to safeguard against these advanced threats.
4. Microsoft catches Russian state-sponsored hackers shifting tactics to WhatsApp | Cyberscoop by Greg Otto
   https://cyberscoop.com/star-blizzard-fsb-whatsapp-microsoft-threat-intel/
   Microsoft has detected Russian state-backed hackers adapting their tactics by using WhatsApp to distribute malware. Posing as legitimate profiles, they exploit the platform to manipulate conversations and deliver infected files. This shift highlights the evolving strategies of cyber adversaries targeting both public and private sectors. Experts recommend heightened vigilance when engaging on messaging platforms, implementing robust endpoint protection, and raising awareness about phishing tactics to mitigate risks.
5. Wolf Haldenstein law firm says 3.5 million impacted by data breach | BleepingComputer by Bill Toulas
   https://www.bleepingcomputer.com/news/security/wolf-haldenstein-law-firm-says-35-million-impacted-by-data-breach/
   Wolf Haldenstein, a prominent U.S. law firm, has disclosed a significant data breach affecting 3.5 million individuals. Exposed information includes sensitive client and employee data, raising concerns about cybersecurity practices within the legal industry. The firm has enlisted forensic experts to investigate and mitigate the incident. This breach serves as a stark reminder for legal organisations to prioritise robust security measures to protect confidential information in the face of rising cyber threats.
6. FTC sues GoDaddy for years of poor hosting security practices | BleepingComputer by Sergiu Gatlan
   https://www.bleepingcomputer.com/news/security/ftc-orders-godaddy-to-fix-poor-web-hosting-security-practices/
   The FTC has filed a lawsuit against GoDaddy, accusing the company of neglecting cybersecurity for years. Allegations include failure to address known vulnerabilities, inadequate incident response protocols, and insufficient customer protections. This case marks a significant push to hold service providers accountable for poor security practices. Experts warn that such negligence can erode trust and emphasise the need for transparent, robust security measures to protect users and sensitive data. The lawsuit may serve as a wake-up call for the industry to improve its standards.
7. A CISA secure-by-design guru makes the case for the future of the initiative | Cyberscoop by Tim Starks
   https://cyberscoop.com/jack-cable-cisa-secure-by-design-exit-interview/
   CISA’s Secure-by-Design initiative aims to embed security into software development from the ground up, creating resilient systems less prone to vulnerabilities. A CISA leader has outlined how collaboration between developers, vendors, and regulators is key to this vision. The initiative focuses on fostering a culture of proactive risk management and secure coding practices. Experts believe that adopting this approach industry-wide will help counter evolving threats while building trust in digital ecosystems. This initiative reflects a shift toward long-term cybersecurity solutions.
8. Russian Cyberspies Caught Spear-Phishing with QR Codes, WhatsApp Groups | SecurityWeek by Ryan Naraine
   https://www.securityweek.com/russian-cyberspies-caught-spear-phishing-with-qr-codes-whatsapp-groups/
   Russian cyberspies are deploying creative spear-phishing campaigns using QR codes and WhatsApp groups to bypass traditional defences. These methods exploit trust in widely used platforms, targeting government agencies and private organisations. QR codes are particularly effective at avoiding detection, making them a growing threat. Experts recommend enhanced training to help employees recognise phishing attempts, alongside robust threat detection systems to counter these tactics. The campaign highlights the evolving ingenuity of state-sponsored attackers.
9. Bipartisan cloud study recommends speeding federal adoption, or remain vulnerable on cyber | Cyberscoop by Tim Starks
   https://cyberscoop.com/bipartisan-cloud-study-recommends-speeding-federal-adoption-or-remain-vulnerable-on-cyber/
   A bipartisan US study underscores the critical need for federal agencies to accelerate cloud adoption, warning that delays leave systems exposed to cyberattacks. The report highlights cloud platforms’ benefits, including improved resilience, scalability, and advanced threat detection capabilities. Policymakers are urged to address regulatory and funding barriers to expedite the transition. Experts see this as a vital step toward modernising national infrastructure and safeguarding critical operations in an increasingly hostile cyber environment.
10. Threat Actor Leaked Config Files and VPN Passwords for Over Fortinet Fortigate Devices
    https://securityaffairs.com/173111/cyber-crime/fortinet-fortigate-devices-data-leak.html
    A threat actor has leaked configuration files and VPN credentials for over 10,000 Fortinet FortiGate devices, exposing sensitive enterprise data. The breach was tied to systems that failed to patch a known vulnerability from 2022, underscoring the critical need for timely updates. Security experts warn this exposure could enable attackers to infiltrate networks, escalate privileges, or deploy ransomware. Organisations are urged to verify patch statuses and enhance monitoring to prevent similar compromises.
11. SAP fixes critical vulnerabilities in NetWeaver application servers | BleepingComputer by Bill Toulas
    https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/
    SAP has patched multiple critical vulnerabilities in its NetWeaver application servers, including flaws that could allow remote code execution. These vulnerabilities posed significant risks, especially in enterprise environments reliant on SAP for core business processes. Security researchers stress the urgency of applying these updates to prevent exploitation. The incident serves as a reminder for businesses to prioritise patch management for essential systems.
12. CISA’s AI cyber collaboration playbook aims to spur information-sharing | Cyberscoop by Matt Bracken
    https://cyberscoop.com/cisa-ai-jcdc-cyber-collaboration-playbook/
    CISA has introduced an AI Cyber Collaboration Playbook to enhance information-sharing among public and private sectors. The framework focuses on leveraging AI to identify and mitigate cyber threats faster and more efficiently. By encouraging collaboration, the playbook aims to bridge gaps in threat intelligence and bolster national resilience. Experts see this as a proactive step toward improving cybersecurity coordination across industries and government entities.
13. Google Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA Codes | The Hacker News by Ravie Lakshmanan
    https://thehackernews.com/2025/01/google-ads-users-targeted-in.html
    A sophisticated malvertising scam is targeting Google Ads users, tricking them into revealing credentials and two-factor authentication (2FA) codes. Cybercriminals lure victims to phishing sites designed to resemble Google’s login portals. Once compromised, attackers can gain control of critical accounts. Security experts warn businesses to monitor ad campaigns and educate users about identifying phishing attempts to mitigate this growing threat.
14. Over 660,000 Rsync servers exposed to code execution attacks | BleepingComputer by Bill Toulas
    https://www.bleepingcomputer.com/news/security/over-660-000-rsync-servers-exposed-to-code-execution-attacks/
    More than 660,000 Rsync servers have been found exposed online, leaving them vulnerable to code execution attacks. These servers, often used for data backups and transfers, can be exploited by attackers to gain unauthorised access or execute malicious commands. The issue stems from misconfigurations and a lack of proper security measures. Experts urge organisations to secure these servers by enabling authentication, limiting IP access, and keeping software up to date to avoid potential breaches.
15. Lazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99 | The Hacker News by Ravie Lakshmanan
    https://thehackernews.com/2025/01/lazarus-group-targets-web3-developers.html
    The notorious Lazarus Group is targeting Web3 developers through Operation 99, using fake LinkedIn profiles to distribute malware. This state-sponsored campaign aims to infiltrate blockchain-related projects, steal intellectual property, and compromise systems. Experts emphasise the importance of vetting professional connections and implementing endpoint security to counter such sophisticated tactics. The attack highlights the persistent risks faced by the rapidly evolving Web3 sector.
16. DORA’s Deadline Looms: Navigating the EU’s Mandate for Threat Led Penetration Testing | SecurityWeek by Trevin Edgeworth
    https://www.securityweek.com/doras-deadline-looms-navigating-the-eus-mandate-for-threat-led-penetration-testing/
    The EU’s Digital Operational Resilience Act (DORA) is pushing financial institutions to adopt threat-led penetration testing (TLPT) before its 2025 deadline. This mandate aims to strengthen resilience by simulating real-world attacks to uncover vulnerabilities. While many organisations welcome the move, others are grappling with compliance challenges and resource constraints. Industry leaders highlight the need for collaboration and strategic planning to meet DORA’s requirements without disrupting operations.
    (For more about DORA, see CyAN member Gilles Chevillon‘s post here: https://cybersecurityadvisors.network/2023/11/02/enhancing-resilience-the-role-of-dora-in-business-continuity-and-operational-resilience/)
17. How scammers are tricking Apple iMessage users into disabling phishing protection | ZDNet by Lance Whitney
    https://www.zdnet.com/article/how-scammers-are-tricking-apple-imessage-users-into-disabling-phishing-protection/
    A new phishing campaign is deceiving Apple iMessage users into disabling their built-in phishing protections. Scammers pose as legitimate Apple support, urging users to click malicious links or adjust security settings. This tactic not only compromises devices but also exposes users to further attacks. Apple users are advised to scrutinise messages carefully, avoid clicking unfamiliar links, and enable multi-factor authentication to add an extra layer of security.
18. As Tensions Mount With China, Taiwan Sees Surge in Cyberattacks | Dark Reading by Robert Lemos
    https://www.darkreading.com/cyber-risk/as-tensions-with-china-mount-taiwan-sees-surge-in-cyberattacks
    Taiwan is experiencing a surge in cyberattacks as tensions with China escalate. Threat actors are targeting critical infrastructure, government systems, and private enterprises with sophisticated malware and phishing campaigns. Experts link these attacks to China’s ongoing geopolitical strategy. The situation underscores the urgent need for Taiwan to bolster its cyber defences and collaborate with international allies to safeguard its digital sovereignty amidst rising threats.
19. Allstate car insurer sued for tracking drivers without permission | BleepingComputer by Bill Toulas
    https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/
    Allstate is facing a lawsuit over allegations of tracking drivers without their consent. Plaintiffs claim the insurer used telematics systems to collect detailed data, violating privacy laws. The case raises broader concerns about transparency in data collection and the ethical use of telematics technology in the auto insurance industry. Advocates argue for stricter regulations to protect consumer rights and ensure accountability in how sensitive data is handled.
20. Apple Bug Allows Root Protections Bypass Without Physical Access | Dark Reading by Becky Bracken
    https://www.darkreading.com/vulnerabilities-threats/apple-bug-root-protections-bypass-physical-access
    A newly discovered Apple bug allows attackers to bypass root-level protections without requiring physical access to devices. This vulnerability poses significant risks to enterprise environments, where attackers could exploit the flaw to install persistent malware or steal sensitive data. Apple has acknowledged the issue and is working on a fix, but security experts stress the importance of regular system updates and endpoint security measures to mitigate potential damage in the meantime.
21. US govt says North Korea stole over $659 million in crypto last year | BleepingComputer by Sergiu Gatlan
    https://www.bleepingcomputer.com/news/security/us-govt-says-north-korea-stole-over-659-million-in-crypto-last-year/
    The U.S. government has attributed the theft of over $659 million in cryptocurrency last year to North Korean state-backed hackers. The stolen funds are believed to support the regime’s weapons programs, highlighting the use of cybercrime as a tool for geopolitical gain. Authorities are calling for increased international collaboration to trace and disrupt these operations. The scale of these heists underscores the critical need for enhanced security across cryptocurrency platforms.
22. UK Considers Banning Ransomware Payment by Public Sector and CNI | SecurityWeek by Kevin Townsend
    https://www.securityweek.com/uk-considers-banning-ransomware-payment-by-public-sector-and-cni/
    The UK is evaluating a ban on ransomware payments by public sector entities and critical national infrastructure (CNI) operators. The proposed measure aims to reduce the profitability of ransomware attacks and deter cybercriminals. While the initiative has garnered support, critics warn of unintended consequences, such as prolonged disruptions and increased risks for victims. Policymakers must carefully weigh these factors to balance deterrence with resilience in critical sectors.
23. Google OAuth Vulnerability Exposes Millions via Failed Startup Domains | The Hacker News by Ravie Lakshmanan https://thehackernews.com/2025/01/google-oauth-vulnerability-exposes.html
    A Google OAuth vulnerability has exposed millions of users to potential attacks, with expired startup domains being repurposed for malicious purposes. Threat actors leveraged abandoned domains linked to OAuth to intercept login credentials and access sensitive accounts. Security experts highlight the importance of domain monitoring and timely cleanup of obsolete systems to prevent such risks. This incident underscores the complexities of securing modern authentication ecosystems.
24. FBI deletes Chinese PlugX malware from thousands of US computers | BleepingComputer by Sergiu Gatlan
    https://www.bleepingcomputer.com/news/security/fbi-deletes-chinese-plugx-malware-from-thousands-of-us-computers/
    The FBI has successfully removed PlugX malware, allegedly planted by Chinese-backed hackers, from thousands of U.S. computers. The operation highlights law enforcement’s proactive approach to combating state-sponsored cyber threats. PlugX, known for its data exfiltration capabilities, had infiltrated critical systems across multiple sectors. Experts commend the FBI’s action but stress the need for global cooperation to address the growing sophistication of nation-state cyber campaigns.
25. Hackers use FastHTTP in new high-speed Microsoft 365 password attacks | BleepingComputer by Bill Toulas
    https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/
    Cybercriminals are employing FastHTTP tools in a new wave of high-speed attacks targeting Microsoft 365 accounts. These tools enable brute-force password attempts at unprecedented speeds, significantly increasing the risk of account compromises. The attacks are exploiting weak passwords and outdated authentication methods. Security experts recommend implementing multi-factor authentication (MFA), regular password audits, and monitoring for unusual login activity to mitigate these threats effectively.
26. Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware | The Hacker News by Ravie Lakshmanan
    https://thehackernews.com/2025/01/russian-linked-hackers-target.html
    Russian-linked hackers are deploying HATVIBE malware in a targeted espionage campaign against Kazakhstan. The malware is designed to exfiltrate sensitive data from government and private sector entities, further escalating geopolitical tensions in the region. Analysts view this campaign as part of a broader strategy to undermine Kazakhstan’s sovereignty. The incident underscores the need for robust cybersecurity defences and regional collaboration to counter state-sponsored threats.
27. US removes malware allegedly planted on computers by Chinese-backed hackers | itNews by Sarah N. Lynch
    https://www.itnews.com.au/news/us-removes-malware-allegedly-planted-on-computers-by-chinese-backed-hackers-614338
    The U.S. government has confirmed the removal of malware allegedly planted by Chinese-backed hackers on thousands of computers across critical infrastructure. This proactive operation highlights the growing threat of nation-state cyber campaigns. The malware, capable of persistent data theft and surveillance, underscores the urgent need for international cooperation and enhanced monitoring. Experts urge organisations to adopt advanced threat detection tools and improve incident response readiness.
28. Microsoft Cracks Down on Malicious Copilot AI Use | Dark Reading by Kristina Beek
    https://www.darkreading.com/application-security/microsoft-cracks-down-malicious-copilot-ai-use
    Microsoft is ramping up efforts to address the misuse of its AI-powered Copilot tool after reports of it being exploited for malicious activities, including generating phishing emails and malware code. The company has implemented stricter safeguards to curb abuse, emphasising its commitment to ethical AI use. Security experts applaud the move but caution that generative AI misuse remains a growing challenge. Organisations are encouraged to educate users and adopt AI governance frameworks to prevent similar risks.

Analysis

29. Cyber Insights 2025: Open Source and Software Supply Chain Security | SecurityWeek by Kevin Townsend
    https://www.securityweek.com/cyber-insights-2025-open-source-and-the-software-supply-chain/
    As open-source adoption grows, so do concerns about supply chain security. A new report highlights vulnerabilities in the software development pipeline, from dependency risks to insufficient vetting processes. Experts recommend stricter governance, better visibility into open-source components, and widespread adoption of security frameworks like SBOM (Software Bill of Materials). Addressing these challenges is critical to building trust and resilience in modern software ecosystems.
30. WEF Report Reveals Growing Cyber Resilience Divide Between Public and Private Sectors | SecurityWeek by Kevin Townsend
    https://www.securityweek.com/wef-report-reveals-growing-cyber-resilience-divide-between-public-and-private-sectors/
    A World Economic Forum (WEF) report reveals a widening cyber resilience gap between public and private sectors. Private organisations are advancing in adopting AI and automation, while public entities lag behind due to limited resources. This divide leaves critical infrastructure and public services more vulnerable to cyberattacks. The report urges increased collaboration, investment in workforce training, and unified global standards to bridge the gap and enhance overall resilience.
31. KnowBe4 Research Confirms Effective Security Awareness Training Significantly Reduces Data Breaches | IT Security Guru by the Gurus
    https://www.securityweek.com/how-to-eliminate-shadow-ai-in-software-development/
    Research from KnowBe4 shows that effective security awareness training can reduce data breaches by up to 90%. The study highlights how educating employees on phishing, ransomware, and other common threats significantly lowers organisational risk. Security experts emphasise that awareness training should be ongoing and paired with robust technical measures for maximum impact. This research reinforces the value of empowering employees as the first line of defense in cybersecurity.
32. How to Eliminate “Shadow AI” in Software Development | SecurityWeek by Matias Madou
    https://www.darkreading.com/vulnerabilities-threats/shifting-landscape-open-source-security
    The rise of “shadow AI” in software development—unauthorised use of AI tools by developers—poses serious risks, including data breaches, compliance failures, and untracked vulnerabilities. Shadow AI often circumvents governance policies, creating blind spots for security teams. To tackle this, organisations must establish clear AI policies, foster collaboration between IT and development teams, and enforce regular audits. Education on risks and proper AI integration is crucial to ensure innovation aligns with security and regulatory standards.
33. The Shifting Landscape of Open Source Security | Dark Reading by Christopher Robinson
    https://www.darkreading.com/vulnerabilities-threats/shifting-landscape-open-source-security
    Open source security is evolving as organisations increasingly depend on open-source software for innovation. While collaboration accelerates development, it also introduces vulnerabilities, such as dependency attacks and outdated components. Experts stress the need for better visibility into supply chains, automated vulnerability scanning, and widespread adoption of security frameworks like SBOM. As the landscape shifts, proactive measures are key to managing open-source risks effectively.
34. Console Chaos: A Campaign Targeting Publicly Exposed Management Interfaces on Fortinet FortiGate Firewalls | Arctic Wolf by by Stefan Hostetler, Julian Tuin, Trevor Daher, Jon Grimm, Alyssa Newbury, Joe Wedderspoon & Markus Neis
    https://arcticwolf.com/resources/blog/console-chaos-targets-fortinet-fortigate-firewalls/
    A new campaign, dubbed “Console Chaos,” is exploiting publicly exposed management interfaces on Fortinet FortiGate firewalls. Threat actors are using brute-force attacks and stolen credentials to gain unauthorised access, potentially allowing them to manipulate configurations, exfiltrate data, and deploy malware. Security researchers warn that the exposed interfaces are a significant attack vector, especially for organisations failing to restrict access. Fortinet has advised users to disable unnecessary interfaces, enforce multi-factor authentication (MFA), and apply the latest patches to mitigate risks. This campaign highlights the ongoing vulnerabilities in misconfigured devices and the importance of proactive network security.

Events (CyAN-Organized or -Supported):

AI Global Everything will be held from 4th to 6th February 2025 in Dubai, U.A.E.

GITEX AFRICA, Marrakesh, Morocco: 14 – 16 April, 2025

GITEX ASIA, Singapore (Marina Bay Sands) 23-25 April 2025

GISEC: the 14th edition of Middle East & Africa’s Cybersecurity Event to be held from 6th to 8th May 2025, at Dubai Word Trade Center, Dubai, UAE

The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK – Entry form: https://www.thecyberospas.com/enter/

MaTeCC 2025

Contents:

News

1. Microsoft Cracks Down on Malicious Copilot AI Use
2. Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results
3. Microsoft Teams Vishing Spreads DarkGate RAT
4. Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days
5. Europe coughs up €400 to punter after breaking its own GDPR data protection rules
6. Emerging FunkSec Ransomware Developed Using AI | Security Week by Ionut Arghire
7. Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
8. Credit card skimmer campaign targets WordPress via Database Injection
9. Australian Cyber Security Centre names its next head
10. Phishing texts trick Apple iMessage users into disabling protection
11. Tech giants told UK online safety laws ‘not up for negotiation’
12. Fake LDAPNightmware exploit on GitHub spreads infostealer malware
13. Microsoft MFA outage blocking access to Microsoft 365 apps
14. Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures
15. Russian ISP confirms Ukrainian hackers “destroyed” its network
16. Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures
17. PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts
18. Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
19. Telegram Shared Data of Thousands of Users After CEO’s Arrest
20. FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance

ANALYSIS

21. Will the EU fight for the truth on Facebook and Instagram?
22. Best Practices & Risks Considerations in LCNC and RPA Automation
23. Innovation, Automation, And The Cybersecurity Challenges Ahead
24. The Path Toward Championing Diversity in Cybersecurity Education
25. How AI will transform cybersecurity in 2025 – and supercharge cybercrime

CyAN Member Op Eds and Articles

26. The Cybersecurity Landscape in 2025: Top Predictions and Implications for Leaders
27. Resilience or Regulation? Europe’s Digital Transformation at a Crossroads

Events

News:

Microsoft Cracks Down on Malicious Copilot AI Use | Dark Reading by Kristina Beek

https://www.darkreading.com/application-security/microsoft-cracks-down-malicious-copilot-ai-use

Microsoft has announced stricter measures to address the misuse of its AI-powered Copilot tool, following reports of malicious applications. The crackdown includes enhanced safeguards to prevent the tool from being exploited for phishing, malware creation, and other cyber threats. This move highlights the double-edged nature of generative AI, which offers innovation while introducing new risks. Microsoft’s proactive stance demonstrates the importance of balancing technological advancement with ethical considerations.

Cryptojacking, backdoors abound as fiends abuse Aviatrix Controller bug | The Register by Connor Jonesn

https://www.theregister.com/2025/01/13/severe_aviatrix_controller_vulnerability/

A critical vulnerability in the Aviatrix Controller is being actively exploited by attackers for cryptojacking and backdoor installation. The flaw allows cybercriminals to hijack computing resources, often going undetected. Experts warn that the exploitation could escalate, urging affected organisations to patch systems immediately. This incident underscores the importance of rigorous vulnerability management and proactive monitoring to counter evolving cyber threats.

Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results | Dark Reading by Elizabeth Montalbano

https://www.darkreading.com/threat-intelligence/cyberattackers-infostealers-youtube-comments-google-search

Cybercriminals are embedding infostealing malware in seemingly harmless YouTube comments and Google search results, leveraging trusted platforms to distribute malicious links. These tactics exploit user trust and familiarity, increasing their success rate. Security experts recommend heightened vigilance when interacting with online content and emphasise the need for advanced threat detection technologies to combat such creative distribution methods.

Ransomware crew abuses AWS native encryption, sets data-destruct timer for 7 days | The Register by Jessica Lyons

https://www.theregister.com/2025/01/13/ransomware_crew_abuses_compromised_aws/

A ransomware group is weaponising AWS’s native encryption capabilities, locking victim data and setting a seven-day destruction timer. By using legitimate cloud features maliciously, attackers make detection and recovery challenging. Security analysts warn this approach may inspire similar tactics across cloud platforms. Organisations are urged to tighten access controls and implement robust backup strategies to mitigate potential fallout.

Europe coughs up €400 to punter after breaking its own GDPR data protection rules | The Register by Brandon Vigliarolo

https://www.theregister.com/2025/01/13/data_broker_hacked/

| In a notable GDPR enforcement case, Europe has paid €400 to an individual after admitting a breach of its own data protection rules. The incident has reignited debates on accountability, showcasing that even regulatory bodies must adhere to compliance. Critics argue the payout is symbolic but insufficient to address broader systemic issues. The case underscores the necessity of stringent self-regulation to maintain public trust in GDPR’s legitimacy.

Emerging FunkSec Ransomware Developed Using AI | Security Week by Ionut Arghire

https://www.securityweek.com/emerging-funksec-ransomware-developed-using-ai/

| A new ransomware variant, FunkSec, is gaining attention for its use of AI in development, allowing for advanced evasion and rapid adaptation. The malware targets enterprise networks, encrypting data while bypassing traditional defences. This evolution highlights the growing intersection of artificial intelligence and cybercrime. Experts stress the importance of advanced detection solutions and cross-industry collaboration to counter this new wave of AI-powered threats.

Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems | The Hacker News Ravie Lakshmanan

https://thehackernews.com/2025/01/expired-domains-allowed-control-over.html

Researchers discovered that expired domains were being exploited to control over 4,000 backdoors on compromised systems. Cybercriminals used these domains to maintain access and exfiltrate data, demonstrating the risks of poor domain management. Organisations are urged to monitor and secure unused or expired domains to prevent their exploitation. The incident reinforces the importance of holistic cybersecurity strategies that include asset management.

Credit card skimmer campaign targets WordPress via Database Injection | Security Affairs by Pierluigi Paganini

https://securityaffairs.com/173010/malware/stealthy-credit-card-skimmer-targets-wordpress.html

A new credit card skimming campaign is targeting WordPress sites through database injection attacks. Cybercriminals exploit vulnerabilities to insert malicious code, capturing payment data directly from e-commerce platforms. Security experts emphasise the importance of patching WordPress plugins, securing databases, and monitoring for unauthorised changes. This campaign serves as a reminder of the persistent threat to online payment systems.

Australian Cyber Security Centre names its next head | itNews by Ry Crozier

https://www.itnews.com.au/news/australian-cyber-security-centre-names-its-next-head-614291

| The Australian Cyber Security Centre (ACSC) has named its new head, signalling a strategic shift in leadership to bolster the nation’s defences. With a robust background in intelligence and cybersecurity, the appointee is tasked with addressing escalating cyber threats. The announcement underscores the government’s focus on collaboration between the public and private sectors, ensuring Australia’s readiness to respond to complex cyber challenges. Industry observers view this leadership change as pivotal to advancing resilience in a rapidly evolving threat landscape.

Phishing texts trick Apple iMessage users into disabling protection | Bleeping Computer by Lawrence Abrams

https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection

A sophisticated phishing campaign is targeting Apple users via iMessage, tricking them into disabling critical security protections. By masquerading as legitimate alerts, the attackers lure users into clicking malicious links, opening the door to device compromise. This tactic exposes the risks of social engineering and the importance of vigilance. Apple users are reminded to scrutinise unexpected messages and avoid links, even those that appear trustworthy. With phishing tactics becoming increasingly advanced, education remains key to mitigating these attacks.

Tech giants told UK online safety laws ‘not up for negotiation’ | The Observer by Michael Savage

https://www.theguardian.com/technology/2025/jan/11/tech-giants-told-uk-online-safety-laws-not-up-for-negotiation

| The UK government has taken a firm stance with tech giants over its Online Safety Bill, making it clear that compliance is non-negotiable. Designed to tackle harmful online content and enhance user protection, the law introduces stringent penalties for noncompliance. Critics argue the measures could undermine encryption standards, while supporters emphasise the urgent need for accountability in digital spaces. The debate highlights tensions between privacy advocates and regulatory bodies as the UK aims to set global standards for online safety.

Fake LDAPNightmware exploit on GitHub spreads infostealer malware | Bleeping Computer by Bill Toulas

https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/

Cybercriminals are exploiting GitHub to distribute a fake LDAPNightmare exploit, which deploys infostealer malware onto unsuspecting systems. By masquerading as a tool for addressing known vulnerabilities, the malicious software infiltrates networks to steal sensitive data. This campaign highlights the persistent dangers of downloading unverified tools, even from trusted platforms. Security experts urge vigilance, emphasising the need for proper vetting and monitoring to counter the growing use of trusted ecosystems for malicious purposes.

Microsoft MFA outage blocking access to Microsoft 365 apps | Bleeping Computer by Sergiu Gatlan

https://www.bleepingcomputer.com/news/microsoft/microsoft-mfa-outage-blocking-access-to-microsoft-365-apps/

A Microsoft multi-factor authentication (MFA) outage left users unable to access Microsoft 365 apps, disrupting business operations worldwide. The issue highlighted the reliance on cloud services and the potential impact of downtime. While Microsoft worked to resolve the problem, experts underscored the importance of having contingency plans for critical systems to minimise disruption during service outages.

Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures | Security Week by Eduard Kovacs

https://www.securityweek.com/microsoft-drm-hacking-raises-questions-on-vulnerability-disclosures/

A recent vulnerability in Microsoft’s DRM system, exploited to bypass content restrictions, has sparked debate over responsible disclosure. Researchers argue that such vulnerabilities could serve as a blueprint for malicious actors if mishandled. While Microsoft moves to patch the issue, critics emphasise the delicate balance between transparency and security. The case reignites discussions around the ethics of vulnerability research and how companies respond to public disclosures.

Russian ISP confirms Ukrainian hackers “destroyed” its network | Bleeping Computer by Sergiu Gatlan

https://www.bleepingcomputer.com/news/security/russian-isp-confirms-ukrainian-hackers-destroyed-its-network/

| A Russian ISP has publicly acknowledged that Ukrainian hackers caused significant disruptions to its network, describing the attack as destructive. This incident underscores the escalating role of cyber warfare in geopolitical conflicts. With critical infrastructure often the target, the attack highlights vulnerabilities and the increasing sophistication of cyber adversaries. The broader implications of these attacks extend beyond regional disputes, emphasising the need for global readiness.

Microsoft moves to disrupt hacking-as-a-service scheme that’s bypassing AI safety measures | Cyberscoop by Derek B. Johnson

https://cyberscoop.com/microsoft-generative-ai-lawsuit-hacking/

Microsoft has disrupted a hacking-as-a-service operation that leveraged AI to bypass safety protocols, demonstrating the growing sophistication of cybercriminals. The service targeted enterprises by automating attacks, emphasising the intersection of AI and cyber threats. While Microsoft’s intervention highlights the power of collaboration, the incident raises concerns about future AI misuse. The tech community is increasingly focused on balancing innovation with safeguarding against exploitation.

PayPal Phishing Campaign Employs Genuine Links to Take Over Accounts | Security Week by Ionut Arghire

https://www.securityweek.com/paypal-phishing-campaign-employs-genuine-links-to-take-over-accounts/

Cybercriminals are exploiting PayPal accounts with a phishing campaign that cleverly embeds legitimate links alongside malicious ones, tricking users into sharing credentials. This tactic preys on trust, exploiting familiarity with real PayPal URLs to bypass suspicion. Once credentials are captured, attackers gain full control of user accounts. Experts warn this approach is increasingly common and urge users to verify all emails, avoid clicking unsolicited links, and activate multi-factor authentication to reduce risk.

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices | The Hacker News by Ravie Lakshmanan

https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html

A zero-click exploit targeting Samsung devices has been exposed by a Google Project Zero researcher, revealing vulnerabilities that allow attackers to execute remote code without user interaction. The exploit, aimed at Samsung’s Exynos chipsets, poses a significant threat to user security, particularly for high-value targets. Samsung has responded with security updates, but the incident underscores the urgency of maintaining updated devices and highlights the role of proactive vulnerability research in defending against emerging threats.

Telegram Shared Data of Thousands of Users After CEO’s Arrest | Security Week by Eduard Kovacs

https://www.securityweek.com/telegram-shared-data-of-thousands-of-users-after-ceos-arrest/

Telegram faces backlash after it shared data on thousands of users, reportedly under legal pressure following its CEO’s arrest. Known for its encryption and privacy-first approach, this revelation challenges the platform’s credibility. Critics warn this sets a dangerous precedent for user trust and data protection. While Telegram defends its actions as compliance, the incident fuels debates over the balance between legal obligations and user privacy, especially in jurisdictions with authoritarian leanings.

FCC Launches ‘Cyber Trust Mark’ for IoT Devices to Certify Security Compliance | The Hacker News by Ravie Lakshmanan

https://thehackernews.com/2025/01/fcc-launches-cyber-trust-mark-for-iot.html

The FCC has introduced a new ‘Cyber Trust Mark’ program to certify IoT devices that meet stringent security standards. This initiative aims to improve consumer confidence and address vulnerabilities in smart home devices, a known weak link in cybersecurity. By setting clear compliance benchmarks, the program encourages manufacturers to prioritise security. Experts applaud the move but caution that enforcement and keeping pace with evolving threats will be critical for its success.

Analysis

Will the EU fight for the truth on Facebook and Instagram? | The Guardian by Lucas Graves

https://www.theguardian.com/technology/2025/jan/13/meta-facebook-factchecking-eu

The EU faces mounting pressure to hold Meta accountable for misinformation on Facebook and Instagram. Critics argue that Meta’s policies favour profit over truth, undermining democratic values. As elections approach, the EU must decide whether to enforce stricter regulations or risk the spread of harmful content. This debate highlights the growing role of regulatory bodies in shaping the digital information landscape and ensuring platforms prioritise societal responsibility.

Best Practices & Risks Considerations in LCNC and RPA Automation | Dark Reading by Jordan Bonagura

https://www.darkreading.com/vulnerabilities-threats/best-practices-risks-considerations-lcnc-rpa-automation

Low-code/no-code (LCNC) and robotic process automation (RPA) tools are transforming efficiency but introducing unique security risks. As businesses adopt these platforms to streamline operations, experts warn of potential vulnerabilities, including misconfigurations and inadequate oversight. Organisations are encouraged to implement strict governance, conduct thorough risk assessments, and train users to mitigate security gaps. While LCNC and RPA offer immense benefits, ensuring security must remain a top priority.

Innovation, Automation, And The Cybersecurity Challenges Ahead | Forbes by Tony Bradley

https://www.forbes.com/sites/tonybradley/2025/01/08/innovation-automation-and-the-cybersecurity-challenges-ahead/

The rapid integration of automation and innovative technologies is reshaping cybersecurity, offering both opportunities and challenges. Automated defences like AI-driven threat detection are accelerating responses but also raising concerns about over-reliance. Experts emphasise balancing innovation with human oversight to address emerging risks. As attackers adapt to these technologies, the cybersecurity industry must prioritise collaboration and adaptability to outpace threats.

The Path Toward Championing Diversity in Cybersecurity Education | Dark Reading by Laurie Salvail

https://www.darkreading.com/cybersecurity-operations/championing-diversity-cybersecurity-education

Building diversity in cybersecurity education is vital to addressing talent shortages and fostering innovation. Experts argue that inclusive programs attract a broader range of perspectives, essential for tackling complex challenges. Initiatives like scholarships, mentorships, and targeted outreach aim to reduce barriers for underrepresented groups. By embracing diversity, the cybersecurity industry can better prepare for future demands while creating equitable opportunities for all.

How AI will transform cybersecurity in 2025 – and supercharge cybercrime | ZDNet by Dan Patterson

https://www.zdnet.com/article/how-ai-will-transform-cybersecurity-in-2025-and-supercharge-cybercrime

Artificial intelligence is set to revolutionise cybersecurity in 2025, both as a defense tool and a weapon for cybercriminals. On the defensive side, AI-driven solutions promise faster threat detection and response. However, attackers are also harnessing AI to automate and amplify cybercrime, creating sophisticated malware and bypassing traditional defences. Experts stress the importance of ethical AI development and robust regulations to mitigate risks while leveraging its potential to bolster cybersecurity frameworks.

CyAN Member Op Eds and Articles:

The Cybersecurity Landscape in 2025: Top Predictions and Implications for Leaders | CyAN Blog by Joe Cozzupoli

https://cybersecurityadvisors.network/2025/01/08/the-cybersecurity-landscape-in-2025-top-predictions-and-implications-for-leaders/

The cybersecurity landscape in 2025 is set to evolve dramatically, shaped by advancing technologies and emerging threats. CyAN member Joe Cozzupoli delivers a thought-provoking analysis in his Op Ed, predicting a rise in supply chain attacks, stricter regulations, and greater reliance on AI-driven defences. He advises leaders to prioritise risk management, workforce diversity, and public-private collaboration. By anticipating these trends, organisations can navigate challenges and capitalise on opportunities for growth.

Resilience or Regulation? Europe’s Digital Transformation at a Crossroads | CyAN Blog by Gilles Chevillon

https://cybersecurityadvisors.network/2025/01/07/resilience-or-regulation-europes-digital-transformation-at-a-crossroads/

Europe’s digital transformation stands at a critical juncture, balancing the need for resilience against the demands of stringent regulations. In his insightful Op Ed, CyAN member Gilles Chevillon explores the growing tension between fostering innovation and ensuring security in the face of rising cyber threats. Gilles highlights the central debate: do compliance-heavy frameworks stifle progress or build trust? His analysis underscores the importance of striking the right balance to create a secure, competitive digital ecosystem.

Events (CyAN-Organized or -Supported):

CyAN General Meeting (by invite for CyAN members): 14-15 January

AI Global Everything will be held from 4th to 6th February 2025 in Dubai, U.A.E.

GITEX AFRICA, Marrakesh, Morocco: 14 – 16 April, 2025

GITEX ASIA, Singapore (Marina Bay Sands) 23-25 April 2025

GISEC: the 14th edition of Middle East & Africa’s Cybersecurity Event to be held from 6th to 8th May 2025, at Dubai Word Trade Center, Dubai, UAE

The Cyber Outstanding Security Performance Awards (Cyber OSPAs), May 8, London, UK – Entry form: https://www.thecyberospas.com/enter/

MaTeCC 2025