[InfoSec MASHUP] 03/2025
Data of 15K of FortiGate Devices Dumped; Biden's New Cyber Executive Order; PlugX Malware Deleted from over 4,200 Infected Systems; Governments Call For Spyware Regulations;
Welcome to the 26 new members from the last 30 days! This newsletter now has 1,633 subscribers.
Partners and Affiliates
🔐 NordVPN - Save up to 75% + 3 Extra Months!
Breaches & Security Incidents
OneBlood confirms personal data stolen in July ransomware attack
🇫🇷 French Navy crew members accidentally revealed sensitive information about submarine patrols by using the Strava fitness app. They logged their workouts at a secure naval base, which allowed details about their locations and schedules to be shared publicly. The French Navy acknowledged the issue but downplayed the potential risks to national security.
🇪🇺 A cyberattack on CEPOL, the EU Agency for Law Enforcement Training, has compromised the personal data of nearly 100,000 individuals — The agency has notified those affected and warned them about potential misuse of their information. An investigation is ongoing, and users are advised to take precautions to protect their accounts and report any suspicious activity.
🇬🇧 Nominet, the U.K. domain registry, has confirmed a cybersecurity incident linked to a vulnerability in Ivanti's VPN software — Hackers accessed Nominet's systems using this vulnerability, but the company reports no evidence of a data breach. Nominet is investigating the incident and has restricted access to the affected VPN software.
🇺🇸 A data breach at Gravy Analytics has exposed the location data of millions of people, putting their privacy at risk. The hacker published over 30 million location points from various smartphone apps, revealing sensitive information about individuals' movements. This incident highlights the dangers of data brokers and the need for stronger privacy protections.
🇪🇸 Telefónica confirmed that its internal ticketing system was breached, leading to a data leak on a hacking forum. The breach involved compromised employee credentials and resulted in the theft of approximately 2.3 GB of documents and tickets. The company is currently investigating the incident and has taken steps to block further unauthorized access.
➝ More breaches:
Wolf Haldenstein law firm says 3.5 million impacted by data breach
Enzo Biochem settles lawsuit over 2023 ransomware attack for $7.5M
🔊 Interested in Reaching a Cybersecurity Audience?
Amplify your brand’s presence by sponsoring the InfoSec MASHUP newsletter!
Reach dedicated readers in the cybersecurity field with each issue! Contact us to explore sponsorship opportunities.
Cybercrime, Cyber Espionage, APT’s
🇷🇺 💬 Microsoft reported that Russian hackers, known as Star Blizzard, have changed their tactics to target WhatsApp accounts instead of using email. They used phishing campaigns to trick people into revealing their WhatsApp messages by sending malicious links disguised as government communications. This shift in strategy likely aims to avoid detection by cybersecurity agencies after previous efforts to shut down their operations.
🇷🇺 🇰🇿 The Russian hacking group called Fancy Bear has been using real Kazak government documents to trick officials in Central Asia into opening malware-laden files. This campaign, named "Double-Tap”, aims to spy on these governments and has previously targeted multiple nations. Researchers believe this activity links back to Russia's efforts to maintain influence in the region.
🇺🇸 ⚖️ The U.S. Department of Justice has indicted three Russians for running cryptocurrency mixers Blender.io and Sinbad.io, which were used to launder money from cybercrimes. Two of the accused were arrested, while a third remains at large. If convicted, they could face up to 25 years in prison for their roles in facilitating criminal activities.
Government, Politics, and Privacy
🇺🇸 President Biden's new cybersecurity executive order received mostly positive feedback, but its future is uncertain with the upcoming transition to a new administration. Some experts commend the order for strengthening security measures, while others express concerns about its timing and potential lack of support from the incoming Trump team. The effectiveness of the order will depend on how the new administration chooses to prioritize its mandates.
🇪🇺 🇨🇳 Austrian privacy group None of Your Business has sued TikTok, AliExpress, and other companies for illegally transferring user data to China, claiming it violates EU data protection laws. They want these data transfers to stop immediately, citing concerns about the Chinese government's access to this information. The complaints have been filed in multiple European countries, highlighting the lack of data protection in China compared to the EU.
🇪🇺 The European Commission announced a plan to help hospitals protect against cyberattacks, including ransomware, but it does not include new funding. The plan encourages member states to provide support, but many have not fully implemented existing cybersecurity regulations. Hospitals are urged to see cybersecurity as an investment in patient care and can access current EU funding opportunities to improve their systems.
👀 The UN Security Council held its first meeting to discuss the dangers of commercial spyware, with the U.S. and 15 other countries stressing the need for regulations. While most nations agreed on the need for control, Russia and China dismissed the concerns. Experts warned that the rise of spyware poses serious threats to international peace and human rights, particularly in Europe.
🇬🇧 The U.K. government is proposing a ban on public sector organizations from paying ransomware hackers — This aims to combat the rise in cyberattacks and disrupt the financial operations of cybercriminals. A consultation on these proposals has been launched, with the aim of enhancing national security against ransomware threats.
🇺🇸 🇨🇳 Some lawmakers, including Trump’s national security adviser, want the U.S. to take more aggressive offensive actions in cyberspace against Chinese cyber threats. Experts question the effectiveness and risks of these actions, noting they are complex and may not deter future attacks. There is concern that increasing cyber offense could escalate tensions without producing the desired outcomes.
Partners and Affiliates
🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.
Malware & Threats
🎣 Criminals are targeting Google Ads users by creating fake ads that impersonate the service and lead victims to phishing sites. Once victims enter their credentials, the thieves gain access to their accounts and can spend their advertising budgets or lock them out. This sophisticated scheme affects many advertisers globally and highlights the risks of malvertising in online advertising.
🦠 🚪 Cybersecurity researchers have revealed an attack where a Python-based backdoor was used to spread RansomHub ransomware across a compromised network. The initial breach was caused by JavaScript malware called SocGholish, which tricks users into downloading fake browser updates. The attackers then used the backdoor to move laterally within the network and deliver additional malware.
🇺🇸 🇨🇳 U.S. authorities confirmed they removed malware from thousands of computers that was linked to a Chinese hacking group called Twill Typhoon (or Mustang Panda). The operation, led by French authorities, deleted the PlugX malware from over 4,200 infected systems in the U.S. This malware had been used for espionage and had affected millions of computers worldwide since at least 2012.
🦠 🧩 A new malware attack has affected over 5,000 WordPress sites by creating rogue admin accounts and stealing data. The malicious plugin installed by this attack collects sensitive information and sends it to the attackers. Website owners are urged to block the harmful domain and strengthen their security measures.
☁️ 🪣 A new ransomware campaign is targeting Amazon S3 buckets by using a feature called Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt victims' data. The attackers, known as "Codefinger", demand a ransom for the decryption key while making recovery impossible without their cooperation. To protect against such attacks, AWS customers are advised to implement strict security measures and manage their encryption keys carefully.
AI, Crypto, Tech & Tools
Anthropic achieves ISO 42001 certification for responsible AI
📵 The FBI warns users of Apple, Google, and Microsoft to avoid installing certain apps due to a growing scam known as the "Phantom Hacker." Scammers impersonate bank representatives to trick victims into transferring money, claiming their accounts have been hacked. To stay safe, never install apps from unsolicited contacts or move money based on their instructions.
🇺🇸 The Biden administration has introduced new export controls on artificial intelligence models and chips — These measures aim to protect national security and prevent sensitive technology from falling into the wrong hands. The controls reflect growing concerns about the global competition in AI technology.
🐘 Mastodon is creating a new non-profit organization in Europe to manage its platform and avoid control by a single person — The current CEO, Eugen Rochko, will shift his focus to product strategy while the non-profit will own essential parts of the Mastodon ecosystem. This change aims to ensure that Mastodon remains community-driven and free from the influence of wealthy individuals.
🇺🇸 ⚖️ Microsoft's Digital Crimes Unit is taking legal action against cybercriminals who misuse AI technology to create harmful content. They are working to disrupt these criminals and enhance security measures to protect users. Additionally, Microsoft is advocating for new laws to better combat the abuse of AI.
Vulnerabilities, Research, and Threat Intelligence
➝ Patch Tuesday:
🩹 Microsoft has fixed 159 vulnerabilities in its products, including critical flaws in Windows and Microsoft Excel. Three major vulnerabilities scored 9.8/10 on the severity scale and could allow remote code execution by attackers. Companies using Microsoft products are urged to apply the patches immediately to protect their systems.
🩹 Rsync has fixed six vulnerabilities in its latest version (v3.4.0), two of which could allow attackers to execute code on servers. These flaws could let malicious clients read sensitive data and overwrite files on connected machines. Users are urged to update Rsync immediately to protect against these security risks.
🪳 💥 Hackers are exploiting a serious vulnerability in Fortinet firewalls, known as CVE-2024-55591, to break into company networks. Fortinet has released patches, but the attacks have been occurring since December, before the company was aware of the issue. Cybersecurity experts warn that this exploitation could lead to ransomware attacks on affected devices.
🩹 Git has released new versions to fix two security vulnerabilities affecting all prior versions. These vulnerabilities could allow attackers to trick users into providing their credentials or to inject incorrect values during credential handling. Users are urged to upgrade to Git 2.48.1 and avoid certain risky commands to enhance their security.
🍎 Microsoft discovered a security flaw in macOS that could let attackers bypass System Integrity Protection (SIP) and install harmful software. This vulnerability, identified as CVE-2024-44243, was fixed by Apple in the recent macOS Sequoia 15.2 update. If exploited, it could allow malicious apps to manipulate important system files and increase risks from malware.
🍎 A security vulnerability in the USB-C port of iPhone 15 and 16 exists, but it is difficult to exploit and not considered a real threat. Scammers are using a tactic to bypass iPhone protections by getting users to reply to unsolicited messages, which enables dangerous links. To stay safe, avoid clicking links from unknown sources and verify messages by contacting companies directly.
ICS, OT & IoT
🌡️ Homeowners are increasingly worried about data privacy with smart home devices but still see them as enhancing home security. Many do not understand how their data is collected, with over half unaware of smart thermostat data practices. Despite their concerns, there is a growing interest in smart devices, especially among younger homeowners.