Google’s DMARC Push Pays Off, but Challenges Remain

Google's DMARC initiative has doubled email authentication adoption, but 87% of domains remain vulnerable. Despite fewer unauthenticated emails, phishing threats persist, as attackers exploit domains with “lookalike” names. Increased regulation and standards drive further DMARC adoption. Organizations gain visibility into email failures with DMARC, aiding in better security classifications. Although adoption is rising, challenges in email security remain, emphasizing the need for continued improvement in cyber defenses.

https://www.darkreading.com/remote-workforce/google-dmarc-push-email-security-challenges

Cybercriminals Weaponize Graphics Files in Phishing Attacks

Cybercriminals are increasingly using graphics files, especially SVGs, in phishing attacks to bypass traditional security measures. These files can contain active web content, allowing attackers to link to malicious websites while disguising their intent. The tactics have evolved, with attacks impersonating known brands and employing various lures, such as notifications and confirmations. The attacks often capture victim login credentials, showcasing new phishing techniques aimed at evading detection and multi-factor authentication protections.

https://www.infosecurity-magazine.com/news/cybercriminals-graphics-files/

DeepSeek Coding Has the Capability to Transfer Users’ Data Directly to the Chinese Government

DeepSeek AI may secretly transfer U.S. user data to the Chinese government, raising national security concerns. Cybersecurity experts found embedded code suggesting direct links to Chinese-controlled servers, potentially exposing users' identities and online activities. This situation mirrors past worries over other Chinese tech companies, prompting calls for banning DeepSeek on government devices.

https://abcnews.go.com/US/deepseek-coding-capability-transfer-users-data-directly-chinese/story?id=118465451

New Facebook Copyright Infringement Phishing Campaign

Check Point discovered a Facebook phishing campaign targeting over 12,279 companies since December 2024, impersonating copyright infringement notifications. It exploits Salesforce's mailing service, misleading recipients with genuine-looking emails, prompting them to fake Facebook support pages to harvest credentials. This poses risks for businesses using Facebook for operations, potentially leading to account breaches, loss of client trust, and regulatory penalties. Recommendations include setting security alerts, educating employees and customers, and having an incident response plan.

https://blog.checkpoint.com/security/new-facebook-copyright-infringement-phishing-campaign/

How Attackers Abuse S3 Bucket Namesquatting — And How to Stop Them

TLDR: S3 bucket namesquatting exploits predictable naming in AWS S3 buckets, allowing attackers to hijack or manipulate them. Users often rely on default naming conventions, making it easy for bad actors to pre-register bucket names. This leads to security risks, including data breaches and compromised traffic. To prevent this, users should customize bucket names, ensure proper security configurations, and regularly audit for vulnerabilities. Varonis offers solutions for identifying and mitigating risks associated with S3 bucket namesquatting.

https://www.bleepingcomputer.com/news/security/how-attackers-abuse-s3-bucket-namesquatting-and-how-to-stop-them/

Infosec 101 for Activists

,

TLDR: Infosec 101 for Activists outlines digital safety for activists, emphasizing risks like privacy breaches, doxxing, and police surveillance during protests. It provides tools to use (e.g., Signal, BitWarden) and avoid (e.g., Google Maps, WhatsApp), along with tips for secure phone setup and communication. Key advice includes using strong passwords, enabling two-factor authentication, and avoiding digital trails at protests. The guide aims to help activists protect their personal information and enhance their security.

https://infosecforactivists.org/

Stealers on the Rise: a Closer Look at a Growing macOS Threat

TLDR: macOS infostealers—Atomic, Poseidon, and Cthulhu—are rapidly increasing, causing significant data theft and risks for organizations. Notably, infostealers accounted for the largest group of new macOS malware in 2024, with a 101% increase detected. They exploit AppleScript to trick users into giving up sensitive information. Advanced protection methods from Palo Alto Networks, including Cortex XDR, are crucial for defense against these threats.

https://unit42.paloaltonetworks.com/macos-stealers-growing/

Cyber Agencies Share Security Guidance for Network Edge Devices

Five Eyes cybersecurity agencies (UK, Australia, Canada, New Zealand, US) urge manufacturers of network edge devices to enhance forensic visibility to detect and investigate attacks. Edge devices are targets for state-sponsored and financial threats due to poor EDR support, inadequate firmware updates, and weak security configurations. Agencies advocate for robust logging features to aid breach detection and emphasize the importance of securing devices against known vulnerabilities and default settings.

https://www.bleepingcomputer.com/news/security/cyber-agencies-share-security-guidance-for-network-edge-devices/

2024 Trends in Vulnerability Exploitation

2024 Vulnerability Exploitation Trends
– 768 CVEs exploited in 2024; +20% YoY.
– 23.6% of KEVs exploited by disclosure date.
– Monthly spikes linked to industry events and new reporting sources.
– Diverse reporting sources include security vendors, government agencies, and product companies.
– VulnCheck KEV enhances visibility on exploitations; practical insights provided to security teams.

https://vulncheck.com/blog/2024-exploitation-trends

WhatsApp Says Paragon Is Spying on Specific Users

WhatsApp accused Israeli spyware firm Paragon of targeting nearly 100 journalists and civil society members with zero-click malware attacks via malicious PDFs. WhatsApp has identified and blocked the attack method, sending cease-and-desist letters to Paragon and notifying affected users. The incidents occurred in December 2024, with WhatsApp affirming its commitment to user privacy.

https://www.malwarebytes.com/blog/news/2025/02/whatsapp-says-paragon-is-spying-on-specific-users

Everyone Knows Your Location

,

Extreme TLDR:

Massive geolocation data leak revealed 2000+ apps collecting user location without consent. Research showed my iPhone exposed requests with my IP and location despite Location Services off. Learned about ad data auctions, found high costs for purchasing my data, and discovered methods to track myself using data brokers. Notable findings included Unity and Facebook using my data without consent. The investigation highlighted extensive data sharing with third parties and the ease of accessing personal data linked to device identifiers.

https://timsh.org/tracking-myself-down-through-in-app-ads/

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

Over 57 nation-state threat groups, including those from China, Iran, North Korea, and Russia, are using Google-powered AI, notably Gemini, for cyber operations. These groups primarily use AI for research, troubleshooting code, and creating content. Iranian group APT42 utilizes Gemini extensively for phishing and reconnaissance, while Chinese APTs leverage it for network infiltration tactics. Russian actors focus on converting malware, and North Koreans use it for job applications to infiltrate Western companies. Google highlights the urgent need for public-private cooperation to enhance cyber defenses.

https://thehackernews.com/2025/01/google-over-57-nation-state-threat.html

New Syncjacking Attack Hijacks Devices Using Chrome Extensions

New Syncjacking attack exploits benign Chrome extensions to hijack devices via Google profile and browser takeover. Attackers create a malicious Google Workspace domain, trick victims into installing an extension, and gain access to their data after syncing. They further take control through a fake Zoom update, allowing extensive control over the victim's browser and files while remaining stealthy and requiring minimal user interaction.

https://www.bleepingcomputer.com/news/security/new-syncjacking-attack-hijacks-devices-using-chrome-extensions/

DeepSeek Exposes Database With Over 1 Million Chat Records

,

DeepSeek, a Chinese AI startup, exposed two unsecured databases with over 1 million plaintext chat records, API keys, and operational data. Discovered by Wiz Research during a security assessment, these databases allowed unauthorized access and SQL queries via a web interface. The exposure raises significant security concerns for DeepSeek and its users, as attackers could retrieve sensitive information and potentially exploit the company's internal systems. Wiz reported the issue, prompting DeepSeek to secure the databases promptly.

https://www.bleepingcomputer.com/news/security/deepseek-exposes-database-with-over-1-million-chat-records/

Scroll to Top