Issues – Page 48 – Cybersecurity.watch

FBI warns of dangerous ransomware attacks by the Ghost group, exploiting unpatched vulnerabilities in software across 70+ countries. Organizations are urged to backup systems, apply patches, segment networks, and enforce MFA for privileged accounts. Ghost uses public code to infiltrate networks, undermining security via outdated vulnerabilities. The FBI emphasizes proactive risk management and discourages ransom payments, stressing the urgency for security improvements.

https://www.forbes.com/sites/daveywinder/2025/02/22/new-fbi-warning-backup-today-as-dangerous-attacks-ongoing/

Phishing Attack Hides JavaScript Using Invisible Unicode Trick

phising

Feb 21 2025

Phishing attacks are exploiting a new JavaScript obfuscation technique using invisible Unicode characters to hide malicious code. This method encodes payloads as spaces in JavaScript objects and employs advanced tactics for evasion, making detection difficult. Targeting affiliates of a U.S. political action committee, these attacks are highly personalized and include anti-debugging measures. The technique was disclosed in late 2024 and has rapidly been weaponized by attackers, indicating a potential for wider adoption.

https://www.bleepingcomputer.com/news/security/phishing-attack-hides-javascript-using-invisible-unicode-trick/

How Phished Data Turns Into Apple & Google Wallets

carding, payments

Feb 20 2025

Chinese phishing groups exploit stolen card data to create mobile wallets (Apple/Google Wallets) for fraud. Phishing messages, likening to legitimate service alerts, gather victim data via fake sites, leading users to give one-time verification codes. This links their cards to wallets controlled by scammers. Criminals cash out using real and virtual means, including a ghost tap app that enables distant NFC transactions. Despite improved security via chip cards, phishing techniques have evolved, grossing potential losses of $15 billion annually. Enhanced authentication methods are needed to combat this surge in digital wallet fraud.

https://krebsonsecurity.com/2025/02/how-phished-data-turns-into-apple-google-wallets/

New OpenSSH Flaws Expose SSH Servers to MiTM and DoS Attacks

vulnerability

Feb 19 2025

OpenSSH has released updates to fix two vulnerabilities: a man-in-the-middle (MitM) flaw (CVE-2025-26465) that has existed since 2014, and a denial of service (DoS) vulnerability (CVE-2025-26466) introduced in 2023. The MitM flaw allows attackers to exploit unsecure host key verifications, while the DoS vulnerability can lead to excessive resource consumption. Users are urged to upgrade to version 9.9p2, disable the VerifyHostKeyDNS feature, and impose connection rate limits to mitigate risks.

https://www.bleepingcomputer.com/news/security/new-openssh-flaws-expose-ssh-servers-to-mitm-and-dos-attacks/

Google Chrome’s AI-powered Security Feature Rolls Out to Everyone

ai, chrome

Feb 18 2025

Google Chrome has launched an AI-enhanced security feature, updating its “Enhanced Protection” for real-time defense against harmful sites and downloads. This feature, part of Chrome's Safe Browsing, was in testing for three months and is now available on all platforms. Although it offers proactive protection, it sends browsing data to Google when enabled, which is off by default. Users can activate it through the settings on various devices.

https://www.bleepingcomputer.com/news/google/google-chromes-ai-powered-security-feature-rolls-out-to-everyone/

Microsoft Spots XCSSET macOS Malware Variant Used for Crypto Theft

macos, malware

Feb 18 2025

Microsoft has identified a new variant of the XCSSET macOS malware targeting sensitive user information for crypto theft. This updated malware features improved obfuscation, persistence methods, and novel infection techniques, typically spread via contaminated Xcode projects. Key modifications include sophisticated encoding methods, persistent payload behaviors, and the ability to manipulate Xcode project settings. Microsoft recommends users verify their Xcode projects to prevent potential compromises.

https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/

Leaking the Email of Any YouTube User for $10,000

email, youtube

Feb 17 2025

Leaking YouTube users' emails for $10,000 is possible due to a vulnerability involving their obfuscated Gaia IDs. By blocking a user on YouTube, their Gaia ID can be obtained, which can then be resolved to an email using an old Google product, Pixel Recorder. The exploit includes steps to leak the Gaia ID from YouTube, share a recording (without triggering notifications by using an excessively long title), and obtain the email linked to the user. Despite initial patches, the issue remained exploitable and was ultimately disclosed in early February 2025 after confirming fixes and receiving a total reward of $10,633 for the findings.

https://brutecat.com/articles/leaking-youtube-emails

Password Generator

generator, password

Feb 16 2025

LastPass offers a password generator that creates unique, secure passwords while managing them across devices.

https://www.lastpass.com/features/password-generator

Free Password Generator

generator, password

Feb 16 2025

Bitwarden Password Generator: Generate strong, unique passwords easily. Strong passwords protect against hacking by avoiding personal info. Use a secure password manager like Bitwarden for managing and autofilling passwords across devices. Bitwarden offers cross-platform access and encrypted vault for securely storing passwords.

https://bitwarden.com/password-generator/

Google Fixes Flaw That Could Unmask YouTube Users’ Email Addresses

google, patch

Feb 13 2025

Google fixed vulnerabilities that could expose YouTube users' email addresses by chaining YouTube and Pixel Recorder APIs to reveal Google Gaia IDs, enabling identity breaches. Researchers disclosed the issues, noting significant privacy risks for anonymous users. After reporting, Google increased the bounty for the findings and implemented fixes on February 9, 2025.

https://www.bleepingcomputer.com/news/security/google-fixes-flaw-that-could-unmask-youtube-users-email-addresses/

Microsoft February 2025 Patch Tuesday Fixes 4 Zero-days, 55 Flaws

microsoft, patch

Feb 12 2025

Microsoft's February 2025 Patch Tuesday includes security updates for 55 vulnerabilities, with 4 zero-day flaws, two of which are actively exploited. Highlights are 19 elevation of privilege and 22 remote code execution vulnerabilities. Specific zero-days addressed include one posing file deletion risks (CVE-2025-21391) and another granting SYSTEM privileges (CVE-2025-21418). Publicly disclosed zero-days include a UEFI bypass (CVE-2025-21194) and NTLM hash disclosure vulnerability (CVE-2025-21377). Additional updates were also released by other companies, such as Adobe and Google.

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2025-patch-tuesday-fixes-4-zero-days-55-flaws/

Cybersecurity In The Year Ahead: Five Trends Organizations Should Keep Top Of Mind

cybersecurity

Feb 12 2025

TLDR: Cybersecurity trends for 2025: 1) Prioritization of trust as a competitive edge; 2) Rise of AI-driven fraud eroding trust; 3) Increasing costs of cybercrime prompting C-suite focus; 4) Consumers demanding stronger protections from fraud; 5) Growing identity risk fueling demand for enhanced security measures. Organizations must adapt to a complex threat landscape to maintain consumer trust and secure their assets.

https://www.forbes.com/councils/forbestechcouncil/2025/02/11/cybersecurity-in-the-year-ahead-five-trends-organizations-should-keep-top-of-mind/

Hackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento Stores

google, payments

Feb 11 2025

Hackers are using Google Tag Manager to insert credit card skimmer malware in Magento e-commerce sites. A security report by Sucuri identified obfuscated scripts masquerading as typical GTM code that provides attackers with backdoor access. The malware, stored in the Magento database, harvests user data during checkout and sends it to the attackers’ servers. This abuse of GTM for malicious purposes isn't new, with similar incidents reported since 2018. Recently, two Romanian nationals were charged for their involvement in a payment card skimming operation.

https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html

Apple Fixes Zero-day Exploited in ‘extremely Sophisticated’ Attacks

apple, patch

Feb 11 2025

Apple patched a zero-day vulnerability in iOS and iPadOS exploited in “extremely sophisticated” targeted attacks. The issue, affecting various iPhone and iPad models, potentially allowed misuse of USB Restricted Mode. Users are urged to update their devices to prevent ongoing attacks, as previous zero-days have been linked to spyware targeting high-risk individuals.

https://www.bleepingcomputer.com/news/apple/apple-fixes-zero-day-exploited-in-extremely-sophisticated-attacks/

Google Cloud Build Vulnerability Enables Data Destruction

google

Feb 10 2025

Extreme TLDR: A Cisco Talos report reveals a Google Cloud Build vulnerability that allows attackers to delete or encrypt data across projects with minimal permissions, exploiting overly permissive default settings. Actions like creating a malicious GitHub pull request can trigger destructive commands. Mitigations include applying least privilege, monitoring Google Operations Logs, and requiring manual approvals for builds triggered by pull requests.

https://www.vulnu.com/p/google-cloud-build-vulnerability-enables-data-destruction-across-projects