Cyber Weekly Newsletter

Cyber Weekly Newsletter for Friday March 7, 2025

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team

Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

?? VMware Security Flaws Exploited in the Wild. Broadcom has released security updates to address three actively exploited security flaws in VMware ESXi, Workstation, and Fusion products that could lead to code execution and information disclosure. https://thehackernews.com/2025/03/vmware-security-flaws-exploited-in.html

?? Microsoft says a coding issue is behind a now-resolved Microsoft 365 outage over the weekend that affected Outlook and Exchange Online. Microsoft 365 admin center on Saturday, the incident also triggered Teams and Power Platform degraded functionality. https://www.bleepingcomputer.com/news/microsoft/microsoft-links-recent-microsoft-365-outage-to-buggy-update

?? Palo Alto Networks warns hackers are exploiting a file read flaw. CVE-2025-0111, allows an authenticated actor with network access to the management web interface to read files in the PAN-OS operating system that are readable by the “nobody” user. https://www.cybersecuritydive.com/news/palo-alto-networks--hackers-exploit-flaw/740748

?? Medusa Ransomware Hits 40+ Victims in 2025, Demands $100K–$15M. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team. The group has claimed nearly 400 victims since 2023. https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html

?? Over 1,000 WordPress Sites Infected with JavaScript Backdoors Enabling Persistent Attacker Access. The malicious JavaScript code has been found to be served via cdn.csyndication[.]com. As many as 908 websites contain references to the domain. https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html

?? Unpatched Edimax IP camera flaw actively exploited in botnet attacks. A critical command injection vulnerability impacting the Edimax IC-7100 IP camera is currently being exploited by botnet malware to compromise devices. https://www.bleepingcomputer.com/news/security/unpatched-edimax-ip-camera-flaw-actively-exploited-in-botnet-attacks/

?? Scammers are impersonating the BianLian ransomware gang in fake ransom notes sent to US companies via snail mail through the United States Postal Service. The envelopes for these ransom notes claim to be from the "BIANLIAN Group" and have a return address. https://www.bleepingcomputer.com/news/security/fake-bianlian-ransom-notes-mailed-to-us-ceos-in-postal-mail-scam/

?? Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide. The most significant aspect of the campaign is the use of Microsoft-owned code hosting service GitHub as a platform for delivering initial access payloads. https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html

?? YouTube warns scammers are using an AI-generated video featuring the company's CEO in phishing to steal creators' credentials. Attackers are sharing it as a private video targeting users via emails claiming YouTube is changing its monetization policy. https://www.bleepingcomputer.com/news/security/youtube-warns-of-ai-generated-video-of-its-ceo-used-in-phishing-attacks ?

?? Microsoft reports that Silk Typhoon is abusing stolen API keys and compromised credentials for IT providers, identity management, privileged access management, and RMM solutions, which are then used to access downstream customer networks and data. https://www.bleepingcomputer.com/news/security/silk-typhoon-hackers-now-target-it-supply-chains-to-breach-networks

?? Google Rolls Out AI Scam Detection for Android to Combat Conversational Fraud. These models run completely on-device, alerting users in the event of a likely scam. Users then have an option to either dismiss or report and block the sender. https://thehackernews.com/2025/03/google-rolls-out-ai-scam-detection-for.html

?? Chase will soon block Zelle payments to sellers on social media. JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise in online scams utilizing the service for fraud. https://www.bleepingcomputer.com/news/security/chase-will-soon-block-zelle-payments-to-sellers-on-social-media/ ??

?? Cisco warns of Webex for BroadWorks flaw exposing credentials. Cisco warned customers today of a vulnerability in Webex for BroadWorks that could let unauthenticated attackers access credentials remotely. https://www.bleepingcomputer.com/news/security/cisco-warns-of-webex-for-broadworks-flaw-exposing-credentials

?? Critical infrastructure at state, local levels at heightened risk of cyberattacks. Much of the nation’s critical infrastructure is owned and operated at the state or local level and need additional resources, shared intelligence and coordination. https://www.cybersecuritydive.com/news/critical-infrastructure-state-local-cyber/741273/ ?

?? Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites. ClickFix is a technique to inject a fake CAPTCHA webpage on compromised websites, instructing users to follow steps to copy and execute malicious PowerShell commands. https://thehackernews.com/2025/03/hackers-use-clickfix-trick-to-deploy.html

?? VSCode extensions with 9 million installs pulled over security risks. Microsoft has removed two popular VSCode extensions, 'Material Theme Free' and? 'Material Theme Icons Free,' from the Visual Studio Marketplace for allegedly containing malicious code. https://www.bleepingcomputer.com/news/security/vscode-extensions-with-9-million-installs-pulled-over-security-risks/

?? PolarEdge Botnet Exploits Cisco and Other Flaws to Hijack ASUS, QNAP, and Synology Devices. The botnet exploits multiple vulnerabilities across different types of equipment, highlighting its ability to target various systems. https://thehackernews.com/2025/02/polaredge-botnet-exploits-cisco-and.html

??? Elastic Releases Urgent Fix for Kibana Vulnerability. Elastic has rolled out security updates to address a critical security flaw impacting the Kibana data visualization dashboard software for Elasticsearch that could result in arbitrary code execution. https://thehackernews.com/2025/03/elastic-releases-urgent-fix-for.html

?? Microsoft Warns of Malvertising Campaign Infecting Over 1 Million Devices Worldwide. The most significant aspect of the campaign is the use of Microsoft-owned code hosting service GitHub as a platform for delivering initial access payloads. https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html ??

From Our Blog

? Cybercriminals Ramping Up Tax Season Phishing Scams with AI

As tax season approaches, a new wave of phishing scams is targeting unsuspecting taxpayers. These sophisticated schemes impersonate the Internal Revenue Service (IRS) and attempt to trick individuals into making fraudulent tax payments…Read more now at https://riskigy.com/f/cybercriminals-ramping-up-tax-season-phishing-scams-with-ai

? Takeaways from the FINRA 2025 Annual Regulatory Oversight Report

As technology evolves, so do the threats, making cybersecurity and data protection more critical than ever. Let's dive into some key takeaways from the FINRA 2025 Annual Regulatory Oversight Report, with a special focus on cybersecurity and data protection.…Read more now at https://riskigy.com/f/takeaways-from-the-finra-2025-annual-regulatory-oversight-report

? Managing Bring Your Own AI (BYOAI) Risk

While the Bring Your Own AI (BYOAI) trend can enhance productivity and foster innovation, it also introduces a set of compelling risks that businesses must manage carefully. As AI continues to transform the business landscape, a new trend has emerged, Bring Your Own AI (BYOAI)....Read more at?https://riskigy.com/blog/f/managing-bring-your-own-ai-byoai-risk

? Infostealer Malware: A Growing Threat and How to Protect Yourself

Recent headlines indicate our most sensitive information is more valuable and vulnerable than ever before. One of the most insidious threats targeting this data is infostealer malware. These malicious programs are designed to secretly harvest sensitive information…Read more at https://riskigy.com/f/infostealer-malware-a-growing-threat-and-how-to-protect-yourself

? Defending the Human Element in Cyber Attacks

The human element in cybersecurity refers to the behaviors, interactions, and decisions made by people that impact the security of information technology systems. These can include actions as simple as choosing a password, clicking a link in an email, or sharing sensitive information… Read more at https://riskigy.com/blog/f/defending-the-human-element-in-cyber-attacks

Recent Data Breach News

?? Japanese telecommunication services provider NTT Communications Corporation (NTT) is warning almost 18,000 corporate customers that their information was compromised during a cybersecurity incident. The data breach was discovered in early February 2025. https://www.bleepingcomputer.com/news/security/data-breach-at-japanese-telecom-giant-ntt-hits-18-000-companies/

?? The Toronto Zoo, the largest zoo in Canada, provided more information about the data stolen during a ransomware attack in January 2024. The zoo disclosed the incident on January 8, the attack did not impact the animals' well-being or day-to-day operations. https://www.bleepingcomputer.com/news/security/toronto-zoo-shares-update-on-last-years-ransomware-attack

?? The Hunters International ransomware gang has claimed responsibility for a January cyberattack attack on Tata Technologies, stating they stole 1.4TB of data from the company.?? Tata Technologies provides solutions for manufacturing industries worldwide. https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-claims-attack-on-tata-technologies

?? Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models including ones from OpenAI, DeepSeek, Google, Meta, Anthropic, and Stability. https://www.bleepingcomputer.com/news/security/nearly-12-000-api-keys-and-passwords-found-in-ai-training-dataset

?? Rubrik disclosed last month that one of its servers hosting log files was breached, causing the firm to rotate potentially leaked authentication keys. Rubrik specializes in data protection, backup, and recovery and with 3,000 employees 22 global offices. https://www.bleepingcomputer.com/news/security/rubrik-rotates-authentication-keys-after-log-server-breach/

Blog Post Spotlight

Navigating the New Era of Regulatory Compliance

In today's digital landscape, where cyber threats and data breaches are increasingly prevalent, regulatory compliance has become a critical focus for businesses worldwide. The Securities and Exchange Commission (SEC) has recently updated its incident reporting guidelines, adding to the global push for enhanced data privacy. As a result, companies face mounting pressure to maintain compliance across regions, mitigate risks, and bolster consumer protection and stakeholder trust.

The SEC's New Rules and Their Impact

The SEC has adopted new rules requiring companies to disclose cybersecurity incidents, providing detailed information about their nature, scope, and impact. This emphasis on transparency and accountability in cybersecurity practices presents several challenges for IT and security teams.

Key Challenges Facing Compliance, IT and Security Teams

1. Lack of Cross-Functional Collaboration: Security is often viewed as a "business" problem rather than a technological issue, creating silos between departments. This fragmented approach hinders comprehensive cybersecurity risk management throughout the entire program lifecycle.
2. Budget Constraints and Resource Allocation: Misaligned priorities can lead to security requirements being seen as "yet another requirement" rather than an integral part of product development.
3. Evolving Technology Landscape: The adoption of new technologies like cloud computing, AI, and IoT introduces knowledge gaps across organizations, making it challenging to create effective threat intelligence systems.
4. Legacy Systems: Reliance on outdated software lacking vendor support creates significant vulnerabilities. The Common Vulnerabilities and Exposures (CVEs) found in such software make critical applications susceptible to exploitation, contributing to the risk of security incidents.

Overcoming These Challenges

To address these issues and maintain compliance, organizations can implement the following strategies:

1. Build Security Champions Across the Board: Extend security responsibilities beyond the CISO and security team. Identify and train security champions across different departments.
2. Develop a Comprehensive Incident Response Plan: Create a detailed action plan for both internal and external communication during incidents. Train teams in advance and automate processes where possible.
3. Make Cybersecurity an Organization-Wide Priority: Allocate necessary resources to address security-related issues. Implement training programs and reward systems to reinforce the importance of security practices.
4. Integrate Security and Compliance into the Product Development Lifecycle: Create a security tech debt list and develop plans to minimize it with each release. Implement mandatory security clearance for major releases.
5. Modernize Legacy Systems: Establish a plan for periodically updating and refactoring legacy software to address vulnerabilities.
6. Adopt Automation and Modern Solutions: Implement automation in areas such as threat detection and response, routine tasks, and compliance monitoring.

The Path Forward: Leadership, Collaboration, and Technology

Successfully navigating the increasingly complex compliance landscape requires a strategic and proactive approach. It's a chance for Compliance, IT and security leaders to demonstrate their expertise, drive innovation, and foster a culture of collaboration where security is everyone's responsibility. By leveraging automation, aligning compliance initiatives with core business objectives, and strategically engaging advisors like Riskigy (or similar platforms), organizations can not only meet their regulatory obligations but also gain a significant competitive advantage and build a more resilient and secure future.

Takeaways?

As the regulatory landscape continues to evolve, staying proactive in addressing compliance challenges will be crucial. By aligning compliance efforts with business goals, fostering cross-team collaboration, and leveraging modern technologies and advisors like Riskigy, organizations can not only meet regulatory requirements but also gain a competitive edge in today's security-conscious business environment.

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

? Looking for an expert to assist your firm or clients?

? Need a pro to explain Tech or Cyber to your management?

? Vetting a new investment or acquisition?

? Want to build a cyber aware staff?

? Need immediate assistance with an incident?

? Considering adding a vCISO or vCTO to your team?

? Seeking help with SOC-2, SEC/FINRA, or FTC readiness?

Contact us to discuss how we can assist!

?