This week, we delve into the critical events shaping the cybersecurity landscape. Read our detailed analysis to stay up to date and ahead of threats.
1. Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update
Microsoft's January 2025 security update addresses 161 vulnerabilities, including three zero-day flaws in Windows Hyper-V NT Kernel Integration VSP (CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335) that have been actively exploited. These privilege escalation vulnerabilities could allow attackers to gain SYSTEM privileges on targeted systems. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added these flaws to its Known Exploited Vulnerabilities catalogue, urging federal agencies to apply the fixes by 4 February 2025. Additionally, five other vulnerabilities are publicly known, including three in Microsoft Access and one in Windows App Package Installer. Users and administrators are advised to prioritise these updates to mitigate potential security risks. (Source:thehackernews.com)
2. Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions
HuiOne Guarantee, a Telegram-based illicit marketplace, has facilitated over $24 billion in cryptocurrency transactions, surpassing the now-defunct Hydra to become the largest online illegal market. Operating since 2021, HuiOne offers services such as money laundering, stolen data sales, and tools for online fraud, including those used in romance baiting scams. Despite claiming to prohibit activities related to human trafficking and firearms, the platform's rapid growth indicates ongoing involvement in various illicit trades. Recent developments include the launch of a U.S. dollar-backed stablecoin (USDH), a decentralised crypto exchange, and a messaging app, suggesting efforts to create a self-sufficient ecosystem and evade de-platforming by mainstream services like Tether and Telegram. This expansion underscores the challenges in combating such platforms, which continue to adapt and thrive despite enforcement efforts. (Source: thehackernews.com)
3. Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges
Zoom has addressed multiple security vulnerabilities across its applications, including a critical type confusion flaw (CVE-2025-0147) in the Zoom Workplace App for Linux versions prior to 6.2.10. This vulnerability could allow attackers to escalate privileges via network access, posing significant risks to user confidentiality, integrity, and availability. Other medium-severity issues include an untrusted search path in the Windows installer (CVE-2025-0145) and an out-of-bounds write vulnerability in the Linux app (CVE-2025-0143), potentially leading to privilege escalation and denial-of-service attacks, respectively. Zoom strongly advises users to update their applications to the latest versions to mitigate these security threats. Timely updates are crucial to maintaining user security and preventing potential exploits. (Source:cybersecuritynews.com)
4. 4 Reasons Your SaaS Attack Surface Can No Longer be Ignored
The widespread adoption of Software-as-a-Service (SaaS) applications has significantly expanded organisational attack surfaces, introducing new security challenges. Employees frequently create new SaaS accounts, often without IT oversight, leading to "SaaS sprawl" that complicates identity and data management. Attackers find these dispersed SaaS environments attractive, with compromised credentials contributing to a substantial portion of security breaches. The rapid integration of generative AI tools, typically delivered via SaaS, further exacerbates governance issues. Traditional security measures are insufficient; organisations need continuous SaaS discovery and governance solutions to manage this dynamic landscape effectively. (Source:thehackernews.com)
5. FBI Wraps Up Eradication Effort of Chinese 'PlugX' Malware
The U.S. Department of Justice and the FBI have successfully eradicated the PlugX malware from thousands of devices worldwide. This malware, developed by Chinese state-sponsored hacking groups "Mustang Panda" and "Twill Typhoon," has been active since 2014, targeting victims across the U.S., Europe, Asia, and Chinese dissident groups. The operation involved collaboration with French law enforcement and cybersecurity firm Sekoia.io, which identified the command infrastructure used by the hackers. The FBI obtained warrants to remotely delete the malware from infected U.S.-based computers, effectively neutralising the threat. This action underscores the persistent danger posed by state-sponsored cyber threats and highlights the importance of international cooperation in cybersecurity efforts. (Source:darkreading.com)
6. WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
A new credit card skimmer campaign is targeting WordPress e-commerce sites by injecting malicious JavaScript into the 'wp_options' database table, specifically within the 'widget_block' option. This method allows the malware to evade detection by traditional file-scanning tools. The injected script activates on checkout pages, either hijacking existing payment fields or creating fake ones that mimic legitimate processors like Stripe, to steal sensitive payment details. The stolen data is then obfuscated using Base64 encoding and AES-CBC encryption before being transmitted to attacker-controlled servers. This tactic highlights the evolving sophistication of threats targeting WordPress platforms. Website administrators are advised to regularly audit their database entries and employ comprehensive security measures to detect and prevent such intrusions. (Source: thehackernews.com)
7. Zero-Day Patch Alert: Ivanti Connect Secure Under Attack
Ivanti disclosed a critical zero-day vulnerability, CVE-2025-0282, affecting its Connect Secure, Policy Secure, and Neurons for ZTA gateways, allowing remote code execution. This flaw has been exploited in the wild, targeting a limited number of Connect Secure devices. Ivanti released patches for Connect Secure and plans to address other products by 21 January 2025. The Cybersecurity and Infrastructure Security Agency (CISA) has flagged the issue as critical, urging organisations to apply fixes and check for compromises. Ivanti also revealed CVE-2025-0283, a local privilege escalation vulnerability, though it hasn't been exploited yet. Organisations should act swiftly to mitigate potential risks associated with these vulnerabilities. (Source:govinfosecurity.com)
8. Mac Users Alerted to Stealthy Data-Stealing Malware
A sophisticated malware known as "Banshee macOS Stealer" is targeting Mac users, stealing sensitive data while evading Apple's built-in antivirus systems. Disguised as legitimate software like Chrome and Telegram, it infiltrates devices through phishing sites, capturing browser credentials, cryptocurrency wallets, passwords, and sensitive files. Its ability to operate undetected poses significant risks, even to seasoned IT professionals. To protect against such threats, users are advised to verify the legitimacy of software before downloading, use reputable antivirus programmes alongside built-in protections, and consider additional security measures like VPNs and password managers. This incident underscores that no operating system is immune to cyber threats, highlighting the importance of vigilance and robust security practices. (Source:nypost.com)
9. Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces
A recent campaign has targeted Fortinet FortiGate firewall devices with exposed management interfaces, beginning in mid-November 2024. Attackers gained unauthorised administrative access, created new accounts, and made configuration changes, including setting up new SSL VPN portals. They utilised these accounts to establish SSL VPN tunnels, originating from a few VPS hosting providers, and employed the DCSync technique to extract credentials for lateral movement. The initial access vector is suspected to be a zero-day vulnerability, given the rapid timeline and range of affected firmware versions (7.0.14 to 7.0.16). Organisations are advised to restrict firewall management interface access to trusted users and avoid exposing them to the internet to mitigate such risks. (Source:thehackernews.com)
10. Top 10 OT Platforms
Cyber Magazine's article "Top 10 OT Platforms" highlights leading Operational Technology (OT) security solutions addressing the increasing convergence of IT and OT systems. The list includes platforms such as Nozomi Networks Guardian, Tenable, Fortinret, and Cisco, each offering features like real-time visibility, threat detection, and asset management to safeguard industrial control systems and critical infrastructure. The article emphasises the growing importance of robust OT security measures in light of recent cyber incidents targeting critical infrastructure, underscoring the need for advanced solutions to protect against sophisticated threats. (Source:cybermagazine.com)
Let's stay in touch! Follow our site so you don't miss the latest cyber security updates! Need expert advice? Contact us!
