Back Up Everything. Even if Elon Musk Isn’t Looking at It. Cybersecurity News of the Week, February 16, 2025

This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.

Stan's Corner

Backing up your data is #6 in SecureTheVillage's How Hackable Are You Guide. Kudos to The New York Times for their in-depth guide to back ups. Whether on your desk-top or in the cloud, make sure your information is safe from accident or deliberate misuse by scammers and others.

Back Up Everything. Even if Elon Musk Isn’t Looking at It: Readers worried after Mr. Musk and his team were given access to federal payment systems.

In recent weeks, Elon Musk and his aides have gained access to many federal agencies’ systems and unknown amounts of data. Many readers have written in to share their fears that the agencies — and the personal data they possess on hundreds of millions of taxpayers — are now vulnerable.

When people tinker with vital systems, things can go wrong. New vulnerabilities can emerge that thieves could exploit, or existing tax or loan payments could disappear. And one wrong move can bring a whole website down for days or longer.

The level of risk isn’t clear, and in uncertain situations, it’s tempting to do something to feel that you’re protecting yourself. That instinct is perfectly rational. But don’t just download your history of paying into Social Security or freeze access to your credit files because of the politics of now. Back up everything important, everywhere you can. Do this at least once a year or so. It’s just good hygiene. Having multiple copies of all of the things that help you run your life brings a certain kind of peace that lacks a perfect word in English, but it’s the quality or state of being well sorted. Here’s a guide for what to do.

From SecureTheVillage

We're ready to partner with:

• 10 IT Service Providers / MSPs wanting to up their security game and grow their business.
• 20 smaller business owners and nonprofit leaders committed to improving their cybersecurity.
• 10 law firms and banks who seek competitive advantage by partnering with us.
• 3 large corporations who want to join us in bringing cybersecurity to an under served Los Angeles.
• 3 new governing board members skilled in fundraising and community building

SecureTheVillage FREE Newsletters. Sign up or share with a friend!

• Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
• Family Protection Newsletter:Our monthly newsletter for non-cyber experts. For your parents, friends,and those who need to protect themselves in a digital world.

SecureTheVillage Guides for families and individuals

• NEW: After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.
• How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
• Guide to Password Managers. What you need to know to get a password manager that's right for you.

Support SecureTheVillage: We need your help if we're to build a world of CyberGuardians. Please donate to SecureTheVillage.

Cybersecurity Nonprofit of the Week

Our kudos this week to Sightline Security , a nonprofit that helps nonprofits secure and protect their critical information. Sightline’s mission is to equip, empower, and support nonprofits to navigate and embed cybersecurity into their organizations with confidence. Kudos to Sightline Security for their cyber support to the vital under-served nonprofit community. Sightline Security played a major role in the development of SecureTheVillage's SoCal Cybersecure?. Like SecureTheVillage, Sightline Security is a fellow-member of Nonprofit Cyber.

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.?

Once again, another person victimized by a scammer. Don't this be you or someone you love.

• ‘I feel so stupid’: This young Connecticut woman had her bank account drained by scammers after answering trusted Wells Fargo: When Charlotte Stenz picked up her phone after getting a call from her bank, the Connecticut woman had no idea that fateful choice would wind up with her crying in the parking lot of her Wells Fargo branch for a TikTok video. … Unfortunately, like millions of Americans, Stenz was targeted by scammers who wanted access to her account — and they succeeded.

We continue to warn against the use of DeepSeek. It can't be trusted.

• DeepSeek AI model lacks protection mechanism, open to use by pedophiles, Israeli study finds: Research by Israeli firm ActiveFence reveals that DeepSeek’s AI model, widely used both in China and around the globe, lacks safeguards; With no internal or external protections, it’s vulnerable to abuse by criminals, pedophiles and others seeking to exploit its capabilities. … ActiveFence CEO Noam Schwartz summed it up: “DeepSeek has no guardrails and no minimum security standards. You can basically use it for anything, and that’s where the real danger lies. Its ability to create extreme hate content, like texts encouraging suicide or pedophilic material, is the most alarming.”
• Where’s DeepSeek Banned? The States Blocking Chinese-Made AI: States are increasingly banning DeepSeek AI on government devices, citing cybersecurity and data privacy concerns. Some cybersecurity experts question if the state bans will do enough to protect American data.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

Tremendous uncertainty and concern over the security of Federal websites and the ability of the government to provide necessary security .

• As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say: The unbridled access that Elon Musk and his Department of Government Efficiency (DOGE) workers reportedly have to federal networks poses grave cybersecurity risks, several experts told Recorded Future News on Monday. … Allowing employees to plug computers with unknown security controls into the Office of Personnel Management (OPM) network could give a foreign adversary a fresh way to breach the system and obtain sensitive data, including information from federal employees’ background checks and security clearance records, they said. … DOGE workers' access to the Department of Treasury’s payments system also threatens national security, the experts said, because it includes details of payments to intelligence contractors or highly personal data about national security officials. … “This has the potential to be the largest breach [of government systems] ever by orders of magnitude and could have consequences for decades,” Jason Kikta, a former U.S. Cyber Command official, said in an interview with Recorded Future News.
• Anyone Can Push Updates to the DOGE.gov Website: The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”
• CISA election, disinformation officials placed on administrative leave, sources say: The moves happened Thursday and Friday last week, per a source. … The Cybersecurity and Infrastructure Security Agency placed several members of its election security group on administrative leave last week, multiple sources familiar with the situation told CyberScoop. … According to one source, the moves happened Thursday and Friday of last week and were targeted at employees focused on CISA’s mis-, dis- and malinformation teams. The moves include four employees currently working on or assigned to the team, two more that left the team in the past four years but still hold positions at the Department of Homeland Security, and another two that work on elections misinformation or disinformation at DHS.

Meanwhile America's enemies continue their espionage and other cybercrime activities.

• Chinese hackers breach more US telecoms via unpatched Cisco routers: China's Salt Typhoon hackers are still actively targeting telecoms worldwide and have breached more U.S. telecommunications providers via unpatched Cisco IOS XE network devices. … Recorded Future's Insikt Group threat research division states that the Chinese hacking group (tracked Salt Typhoon and RedMike) has exploited the CVE-2023-20198 privilege escalation and CVE-2023-20273 Web UI command injection vulnerabilities. … These ongoing attacks have already resulted in network breaches at multiple telecommunications providers, including a U.S. internet service provider (ISP), a U.S.-based affiliate of a U.K. telecommunications provider, a South African telecom provider, an Italian ISP, and a large Thailand telecommunications provider. … The threat researchers said they've spotted compromised and reconfigured Cisco devices on their networks, communicating with Salt Typhoon-controlled servers via generic routing encapsulation (GRE) tunnels for persistent access.

In some good cybersecurity news, kudos to Thailand and Europol for their work in keeping us safe.

• Hundreds of foreigners freed from Myanmar's scam centres: More than 250 people from 20 nationalities who had been working in telecom fraud centres in Myanmar's Karen State have been released by an ethnic armed group and brought to Thailand. … The workers, more than half of whom were from African or Asian nations, were received by the Thai army, and are being assessed to find out if they were victims of human trafficking. … The scammers look for workers with skills in the languages of those who are targeted for cyber-fraud, usually English and Chinese. … They are pressed into conducting online criminal activity, ranging from love scams known as "pig butchering" and crypto fraud, to money laundering and illegal gambling.
• Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown: Threat intelligence identifies Phobos and 8Base as among the most active ransomware groups of 2024. … A coordinated international law enforcement action last week has led to the arrest of four individuals leading the 8Base ransomware group. These individuals, all Russian nationals, are suspected of deploying a variant of Phobos ransomware to extort high-value payments from victims across Europe and beyond. At the same time, 27 servers linked to the criminal network were taken down.

In other cybersecurity news this week.

• Spyware maker caught distributing malicious Android apps for years: Italian spyware maker SIO, known to sell its products to government customers, is behind a series of malicious Android apps that masquerade as WhatsApp and other popular apps but steal private data from a target’s device, TechCrunch has exclusively learned.
• Cisco Says Ransomware Group’s Leak Related to Old Hack: A fresh post on the Kraken ransomware group’s leak website refers to data stolen in a 2022 cyberattack, Cisco says. … The data, a list of credentials apparently exfiltrated from Cisco’s systems, appeared over the weekend on a new data leak site operated by the Kraken ransomware group. … “Cisco is aware of certain reports regarding a security incident. The incident referenced in the reports occurred back in May 2022, and we fully addressed it at that time,” a Cisco spokesperson said, responding to a SecurityWeek inquiry.
• Ransomware attack disrupting Michigan's Sault Tribe operations: A recent ransomware attack on the Sault Tribe in Michigan has knocked many of its most critical services offline. … In a statement on Monday, Sault Tribe Chairman Austin Lowes said the incident began on Sunday morning and impacted “multiple computer and phone systems across tribal administration, including the casinos, health centers and various businesses.” … “In response, the tribe has had to temporarily close many departments and businesses,” Lowes said.

Section 4: For Smaller Businesses and Nonprofits

IT organizations: Patch now.

• SonicWall firewall exploit lets hackers hijack VPN sessions, patch now: Security researchers at Bishop Fox have published complete exploitation details for the CVE-2024-53704 vulnerability that allows bypassing the authentication mechanism in certain versions of the SonicOS SSLVPN application. … The vendor warned about the high exploitation possibility of the flaw in a bulletin on January 7, urging administrators to upgrade their SonicOS firewalls' firmware to address the problem. … "We have identified a firewall vulnerability that is susceptible to actual exploitation for customers with SSL VPN or SSH management enabled, and that should be mitigated immediately by upgrading to the latest firmware," warned SonicWall in an email sent to customers at the time. … The flaw allows a remote attacker to hijack active SSL VPN sessions without authentication, granting them unauthorized access to the victim's network.
• Huge cyber attack under way - 2.8 million IPs being used to target VPN devices: A wide range of Virtual Private Network (VPN) and other networking devices are currently under attack by threat actors trying to break in to wider networks, experts have warned. … Threat monitoring platform The Shadowserver Foundation warned about the ongoing attack on X, noting someone is currently using roughly 2.8 million different IP addresses to try and guess the passwords for VPNs and similar devices built by Palo Alto Networks, Ivanti, SonicWall, and others. … Besides VPNs, the threat actors are going for gateways, security appliances, and other edge devices connected to the public internet.

Section 5: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. While patching is increasingly automated, it's important to double-check that it's being done. The following lists current versions of common software programs. Items in Bold have been updated in the past week. Updates are usually available from within the program. If not, updates can be downloaded from the company's website.

7-Zip 24.09.

Adobe Acrobat Reader 2024.005.20399

AVG 25.1.3366.

Apple iOS updated to 18.3.1

Apple iPadOS updated to 18.3.1

Apple macOS Sequoia updated to ?15.3.1

Apple macOS Sonoma updated to 14.7.4

Apple macOS Ventura updated to 13.7.4

Apple watchOS ?updated to 11.3.1

Apple tvOS 18.3

Apple visionOS 2.3.1

Apple Safari 18.3

Brave updated to 1.75.178.

CCleaner 6.32.11432.

Chrome updated to 133.0.6943.99.

Discord updated to 1.0.9182.

Dropbox 217.4.4417.

Edge updated to 133.0.3065.69.

ExpressVPN 12.96.0.10

Firefox 135.0.

Foxit Reader 2024.4.0.27683.

Google Drive for Desktop 103.0.3.0.

iTunes 12.13.4.4.

KeePass 2.57.1.

Malwarebytes updated to 5.2.6.163.

Microsoft 365 & Office updated

Microsoft Windows updated

Notepad++ 8.7.7.

OneDrive updated to 25.010.0119.0002.

Opera Chromium updated to 117.0.5408.32.

Skype 8.136.0.203.

Spotify 1.2.56.502.

TeamViewer 15 15.62.4.

Thunderbird ESR 128 128.7.0.

Zoom 6.3.6.56144.

About SecureTheVillage:

The vision of SecureTheVillage is to make Southern California the cyber-safest metropolitan region in the United States for smaller businesses, nonprofits, families, and individuals. Making this happen takes a village.

Follow Stan Stahl, PhD on LinkedIn!

Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians?. Donate to SecureTheVillage.

It takes a village to secure the village.?