[InfoSec MASHUP] 04/2025
HPE is Investigating a Breach; Largest DDoS Attack Ever Blocked; Cloudflare's CDN Can Reveal users' Location; BreachForums Founder to be Resentenced; Oracle Addresses 318 Flaws;
Welcome to the 25 new members from the last 30 days! This newsletter now has 1,642 subscribers.
Partners and Affiliates
🔐 NordVPN - Save up to 75% + 3 Extra Months!
Breaches & Security Incidents
🥷🏻 A report reveals that over 1 billion passwords have been stolen by malware and are being sold on the dark web for $10 each — Despite many passwords meeting complexity requirements, they are still vulnerable to theft, highlighting the need for stronger security practices.
🇺🇸 Conduent, a U.S. government contractor, confirmed that a recent outage affecting support services was due to a cybersecurity incident — Some residents faced disruptions in accessing support payments, but all systems have now been restored. The company did not provide details on the nature of the incident or if any data was compromised.
🇺🇸 Hewlett-Packard Enterprise (HPE) is investigating a data breach after a hacker named "IntelBroker" claimed to have stolen sensitive information. The stolen data reportedly includes product source code and access keys to various HPE services. HPE has activated its cyber response protocols and stated that there is currently no impact on their business or customer information.
➝ More breaches:
🔊 Interested in Reaching a Cybersecurity Audience?
Amplify your brand’s presence by sponsoring the InfoSec MASHUP newsletter!
Reach dedicated readers in the cybersecurity field with each issue! Contact us to explore sponsorship opportunities.
Cybercrime, Cyber Espionage, APT’s
🇺🇸 ⚖️ The U.S. Department of Justice indicted five men for a scheme that involved fake North Korean IT workers getting jobs with American companies to generate money for North Korea. The defendants used stolen identities and laundered at least $866,255, while evading sanctions. This action is part of ongoing efforts by U.S. authorities to combat North Korean cyber fraud.
🇺🇸 ⚖️ Conor Brian Fitzpatrick, the founder of BreachForums, will be resentenced after a U.S. appeals court overturned his earlier punishment. He had pleaded guilty to serious charges but received a lenient sentence, which the government argued was too light given his actions and lack of remorse. The new sentencing is expected to be harsher, although the exact date is not yet known.
🇺🇸 ⚖️ A U.S. Army soldier named Cameron John Wagenius was arrested for his involvement in the theft of phone records from AT&T and Verizon — His arrest is linked to a major cyberattack on the cloud company Snowflake, which affected many businesses and leaked sensitive data. Prosecutors say Wagenius unlawfully transferred confidential phone records and threatened to leak more information unless a co-defendant was released.
Government, Politics, and Privacy
🇺🇸 🇪🇺 US Cloud soon illegal? Trump punches first hole in EU-US Data Deal — The U.S. engages in mass surveillance of EU users, raising concerns about data privacy. The independence of the U.S. oversight board, PCLOB, is now in question due to demands for resignations. If the Transatlantic Data Privacy Framework is disrupted, many EU businesses and agencies may have to stop using U.S. cloud services immediately.
🇺🇸 The Trump administration fired members of the Cyber Security Review Board (CSRB), which included experts from both the private sector and government. Critics called this decision "horribly shortsighted", especially given ongoing cyber threats from China. The move was part of a broader termination of advisory committee memberships by the Department of Homeland Security (DHS).
🇺🇸 A former CIA analyst, Asif William Rahman, pleaded guilty to sharing top-secret defense information with unauthorized individuals. He retained and altered classified documents, which were later published on social media, potentially linked to sensitive military plans involving Israel. Rahman faces up to 10 years in prison, with sentencing scheduled for May 2025.
🇺🇸 The FTC is taking action against General Motors (GM) for illegally collecting and selling drivers' location and behavior data without their consent. A proposed settlement will stop GM from sharing this data for five years and requires better transparency and consumer control over their information. GM must also improve its privacy practices and obtain consent before collecting or selling any data.
Partners and Affiliates
🌐 Stay connected and secure on the go with Airalo's global eSIMs — Use the code NEWTOAIRALO15 if you’re new to Airalo to get an additional 15% discount.
Malware & Threats
🦠 🚪 A new backdoor malware called J-Magic has been discovered, which targets enterprise VPNs using Juniper Network’s Junos OS. It remains dormant until it receives a special "magic packet," allowing it to verify access through encrypted challenges. This stealthy malware operates only in memory, making it difficult for defenders to detect.
🦠 🇰🇷 The South Korean VPN provider IPany was hacked by the "PlushDaemon" group, which inserted malware into their VPN installer. Customers who downloaded the compromised software between November 2023 and May 2024 may have unknowingly infected their systems with the SlowStepper malware. This malware allows attackers to gather sensitive information and control infected devices.
💥 🛡️ Cloudflare detected and blocked the largest DDoS attack ever, measuring 5.6 terabits per second, aimed at an ISP in Eastern Asia. The attack came from over 13,000 IoT devices but was managed automatically by Cloudflare's systems without any human help. The company reported a significant rise in DDoS threats, highlighting a growing trend of intense, short-lived attacks.
🦠 💸 Ransomware attackers are using a tactic called "vishing" by sending numerous spam emails to target employees and then posing as tech support via Microsoft Teams. This approach exploits employees' confusion and trust, leading them to grant remote access to their systems. Security experts warn that these attacks are increasing and recommend measures to limit external communications and raise employee awareness.
🦠 🕸️ A botnet of around 13,000 hijacked MikroTik routers is being used to send spam emails and spread malware. These routers exploit misconfigured DNS records, allowing attackers to impersonate legitimate domains and bypass email security. To protect themselves, MikroTik users should update their devices and change default passwords.
🦠 🇨🇳 Cybersecurity researchers have discovered a series of attacks targeting Chinese-speaking regions using a malware called ValleyRAT. The attackers use a loader named PNGPlug, which disguises the malware within fake software installers to trick victims into downloading it. Once installed, the malware allows attackers to gain unauthorized control over infected machines.
🇺🇦 Attackers are pretending to be the Computer Emergency Response Team of Ukraine (CERT-UA) and sending fake security audit requests via AnyDesk. They aim to trick people into allowing remote access to their computers without prior agreement. CERT-UA warns that unexpected connection requests should be treated with suspicion and reported to cyber protection units.
🦠 💸 Cybersecurity researchers have discovered malicious npm and Python packages that steal Solana wallet keys and sensitive data. These harmful packages can secretly transfer money to attackers and delete files from infected systems. Attackers also use fake GitHub repositories to spread these packages, targeting developers searching for Solana tools.
AI, Crypto, Tech & Tools
📱 🔐 Google has introduced a new "Identity Check" feature for Android that requires biometric authentication to access sensitive settings when outside trusted locations. This feature aims to enhance theft protection by securing actions like factory resets and account changes. Currently, it is available on Google Pixel devices running Android 15 and Samsung Galaxy phones with One UI 7.
🇺🇸 🪖 The Pentagon is using AI to improve its military operations, specifically in identifying and tracking threats, but not to make lethal decisions. AI developers like OpenAI and Anthropic are careful to avoid allowing their technology to be used as weapons, focusing instead on enhancing efficiency. There is ongoing debate about the role of AI in military settings, with a commitment to keeping humans involved in critical decision-making processes.
⚡️ Unlock Your Peak Performance – First Month FREE!
Optimize your sleep, recovery, and performance with WHOOP. Perfect for cybersecurity pros who need to stay focused and ahead. Try it out, get a free WHOOP 4.0 and one month free.
Vulnerabilities, Research, and Threat Intelligence
Cisco Fixes Critical Privilege Escalation Flaw in Meeting Management (CVSS 9.9)
Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
💳 MasterCard fixed a serious DNS error that could have allowed anyone to divert its Internet traffic for nearly five years. A security researcher registered the misconfigured domain and alerted MasterCard, which stated there was no real threat to its systems. The researcher hoped for a thank you but felt dismissed by the company regarding the potential risks.
📍 A security flaw in Cloudflare's CDN can reveal a user's general location when they receive an image on apps like Signal and Discord. This attack does not pinpoint exact locations but can identify a region within 50 to 300 miles. While Cloudflare has addressed the bug, methods to exploit it still exist, raising concerns for privacy-focused individuals.
🪳 🚗 A security flaw in Subaru's system allowed hackers to remotely track, unlock, and start millions of cars — Sam Curry discovered the vulnerability by exploiting weak employee-access controls, enabling them to access personal data and control vehicles without alerting owners. Subaru quickly fixed the issue after being informed, but the incident highlights concerns about security in connected car systems.
🚗 ⚡️ Security researchers successfully hacked Tesla's Wall Connector EV charger twice at the Pwn2Own Tokyo 2025 contest. They also found 23 other vulnerabilities in various EV chargers and infotainment systems, earning cash rewards totaling $335,500. The competition continues until January 24, focusing on automotive technologies and security exploits.
🪳 🚗 At the Pwn2Own Automotive 2025 competition, researchers exploited 16 zero-day vulnerabilities and earned $382,750 on the first day. Fuzzware.io led the event by hacking electric vehicle chargers, while other teams also demonstrated successful exploits. Vendors have 90 days to fix the reported vulnerabilities before they are publicly disclosed.
🗂️ A serious vulnerability in 7-Zip allowed attackers to bypass Windows security warnings, which could let them run harmful code on users' computers. The issue has been fixed in the latest version of 7-Zip, released on November 30, 2024. Users are urged to update their software promptly to protect against potential malware attacks.
ICS, OT & IoT
📶 Researchers discovered that renewable energy facilities in Central Europe use unencrypted radio signals to communicate with the power grid. This vulnerability could potentially allow attackers to disrupt the power supply for about 450 million people. The finding was made accidentally while the researchers were exploring radio signals for a different project.