Tracking Threats, Incidents, and Vulnerabilities
Tracking Threats, Incidents, and Vulnerabilities
Apple patched a zero-day vulnerability in iOS and iPadOS exploited in “extremely sophisticated” targeted attacks. The issue, affecting various iPhone and iPad models, potentially allowed misuse of USB Restricted Mode. Users are urged to update their devices to prevent ongoing attacks, as previous zero-days have been linked to spyware targeting high-risk individuals.
Extreme TLDR: A Cisco Talos report reveals a Google Cloud Build vulnerability that allows attackers to delete or encrypt data across projects with minimal permissions, exploiting overly permissive default settings. Actions like creating a malicious GitHub pull request can trigger destructive commands. Mitigations include applying least privilege, monitoring Google Operations Logs, and requiring manual approvals for builds triggered by pull requests.
https://www.vulnu.com/p/google-cloud-build-vulnerability-enables-data-destruction-across-projects
Google's reCAPTCHA, originally designed to distinguish humans from bots and digitize text, has become a data collection and tracking tool, generating substantial revenue. By 2025, it primarily monitors users' online behavior rather than providing effective bot protection. Research indicates it has wasted 819 million hours of human time, costing society $6.1 billion, while enabling Google to profit from user data. Users cannot avoid reCAPTCHA if they want to access the Internet.
Google's DMARC initiative has doubled email authentication adoption, but 87% of domains remain vulnerable. Despite fewer unauthenticated emails, phishing threats persist, as attackers exploit domains with “lookalike” names. Increased regulation and standards drive further DMARC adoption. Organizations gain visibility into email failures with DMARC, aiding in better security classifications. Although adoption is rising, challenges in email security remain, emphasizing the need for continued improvement in cyber defenses.
https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges
Cybercriminals are increasingly using graphics files, especially SVGs, in phishing attacks to bypass traditional security measures. These files can contain active web content, allowing attackers to link to malicious websites while disguising their intent. The tactics have evolved, with attacks impersonating known brands and employing various lures, such as notifications and confirmations. The attacks often capture victim login credentials, showcasing new phishing techniques aimed at evading detection and multi-factor authentication protections.
https://www.infosecurity-magazine.com/news/cybercriminals-graphics-files/
DeepSeek AI may secretly transfer U.S. user data to the Chinese government, raising national security concerns. Cybersecurity experts found embedded code suggesting direct links to Chinese-controlled servers, potentially exposing users' identities and online activities. This situation mirrors past worries over other Chinese tech companies, prompting calls for banning DeepSeek on government devices.
Check Point discovered a Facebook phishing campaign targeting over 12,279 companies since December 2024, impersonating copyright infringement notifications. It exploits Salesforce's mailing service, misleading recipients with genuine-looking emails, prompting them to fake Facebook support pages to harvest credentials. This poses risks for businesses using Facebook for operations, potentially leading to account breaches, loss of client trust, and regulatory penalties. Recommendations include setting security alerts, educating employees and customers, and having an incident response plan.
https://blog.checkpoint.com/security/new-facebook-copyright-infringement-phishing-campaign/
TLDR: S3 bucket namesquatting exploits predictable naming in AWS S3 buckets, allowing attackers to hijack or manipulate them. Users often rely on default naming conventions, making it easy for bad actors to pre-register bucket names. This leads to security risks, including data breaches and compromised traffic. To prevent this, users should customize bucket names, ensure proper security configurations, and regularly audit for vulnerabilities. Varonis offers solutions for identifying and mitigating risks associated with S3 bucket namesquatting.
TLDR: Infosec 101 for Activists outlines digital safety for activists, emphasizing risks like privacy breaches, doxxing, and police surveillance during protests. It provides tools to use (e.g., Signal, BitWarden) and avoid (e.g., Google Maps, WhatsApp), along with tips for secure phone setup and communication. Key advice includes using strong passwords, enabling two-factor authentication, and avoiding digital trails at protests. The guide aims to help activists protect their personal information and enhance their security.
Chrome 133 released for Windows, Mac, Linux on Feb 4, 2025. Includes fixes, security updates (12 vulnerabilities resolved). Rewards offered for bug reports. Details and updates to follow.
https://chromereleases.googleblog.com/2025/02/stable-channel-update-for-desktop.html
TLDR: macOS infostealers—Atomic, Poseidon, and Cthulhu—are rapidly increasing, causing significant data theft and risks for organizations. Notably, infostealers accounted for the largest group of new macOS malware in 2024, with a 101% increase detected. They exploit AppleScript to trick users into giving up sensitive information. Advanced protection methods from Palo Alto Networks, including Cortex XDR, are crucial for defense against these threats.
Five Eyes cybersecurity agencies (UK, Australia, Canada, New Zealand, US) urge manufacturers of network edge devices to enhance forensic visibility to detect and investigate attacks. Edge devices are targets for state-sponsored and financial threats due to poor EDR support, inadequate firmware updates, and weak security configurations. Agencies advocate for robust logging features to aid breach detection and emphasize the importance of securing devices against known vulnerabilities and default settings.
2024 Vulnerability Exploitation Trends
– 768 CVEs exploited in 2024; +20% YoY.
– 23.6% of KEVs exploited by disclosure date.
– Monthly spikes linked to industry events and new reporting sources.
– Diverse reporting sources include security vendors, government agencies, and product companies.
– VulnCheck KEV enhances visibility on exploitations; practical insights provided to security teams.
WhatsApp accused Israeli spyware firm Paragon of targeting nearly 100 journalists and civil society members with zero-click malware attacks via malicious PDFs. WhatsApp has identified and blocked the attack method, sending cease-and-desist letters to Paragon and notifying affected users. The incidents occurred in December 2024, with WhatsApp affirming its commitment to user privacy.
https://www.malwarebytes.com/blog/news/2025/02/whatsapp-says-paragon-is-spying-on-specific-users
Extreme TLDR:
Massive geolocation data leak revealed 2000+ apps collecting user location without consent. Research showed my iPhone exposed requests with my IP and location despite Location Services off. Learned about ad data auctions, found high costs for purchasing my data, and discovered methods to track myself using data brokers. Notable findings included Unity and Facebook using my data without consent. The investigation highlighted extensive data sharing with third parties and the ease of accessing personal data linked to device identifiers.
