February 19 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

FrigidStealer, Apple, macOS, Fake Update, Web Injects, OpenSSH Vulnerabilities, Man-in-the-Middle, Denial-of-Service Attacks, EagerBee Malware, Middle East Governments, ISPs, IRS Tax-Themed Attacks, Crypto Enthusiasts, AI-Generated Deepfakes, Scam-Yourself Attacks, Ecuador National Assembly, Cayuga Medical Center, Raymond Lifestyle, Australia, Genea Fertility, Gossett Motor Cars, Data Breach, DOGE, MITRE ATT&CK, Dynamic Threats, BlackLock, Ransomware, Health Net Federal Services, Fines, Cybersecurity Failures, MirrorTab, Browser Security.

Listen to the full podcast

🚨 Cyber Alerts

1. FrigidStealer Malware Targets macOS Users

Cybersecurity researchers are warning about a new malware campaign utilizing web injects to distribute FrigidStealer, a new information stealer targeting macOS systems. The threat actor, TA2727, has been linked to similar campaigns using fake update lures to spread various malware types, including Lumma Stealer, Marcher, and now FrigidStealer. The attack chain is sophisticated, delivering malware based on the user’s device and location, with macOS users outside North America now being targeted.

2. OpenSSH Flaws Expose Systems to MitM and DoS

A new vulnerability discovery in OpenSSH exposes the potential for an active man-in-the-middle (MitM) attack and a denial-of-service (DoS) scenario. The issues, identified by Qualys, affect versions 6.8p1 to 9.9p1, with the MitM flaw allowing attackers to impersonate legitimate servers when the VerifyHostKeyDNS option is enabled. OpenSSH’s response includes a patch in version 9.9p2, which fixes both flaws and prevents exploitation that could jeopardize server integrity and availability.

3. EagerBee Malware Targets Middle East

EagerBee, a sophisticated malware framework, is targeting government agencies and Internet Service Providers across the Middle East. This campaign, attributed to the Chinese-aligned APT27 threat group, uses novel techniques such as DLL hijacking to inject malicious code into critical Windows services. Analysts at SOCRadar identified the malware’s multi-stage process, beginning with the tsvipsrv.dll service injector and further deploying the payload dllloader1x64.dll through process hollowing.

4. Surge in IRS Scams Using New Domains

A significant rise in IRS and tax-themed cyberattacks has been observed from January through April 2025, coinciding with the U.S. tax season. Security researchers from Symantec reported an increase in phishing, smishing, and fraudulent domain registrations aimed at deceiving individuals into providing sensitive information or downloading malicious content. The cybercriminals use urgency related to tax filing deadlines to make these scams more convincing, with fraudulent URLs such as “hxxps://www.irs.gov.tax-initial[.]com” appearing in smishing attacks.

5. AI Deepfake Videos Target Crypto Traders

A new wave of “Scam-Yourself” attacks is leveraging AI-generated deepfake videos and malicious scripts to target cryptocurrency enthusiasts and financial traders. Discovered by cybersecurity researchers at Gen Digital, the campaign exploits verified YouTube channels, synthetic personas, and AI-crafted payloads to manipulate victims into compromising their systems. The attacks, which saw a 614% surge in Q3/2024, combine deepfake technology with psychological lures to convince victims to execute harmful PowerShell commands.

💥 Cyber Incidents

6. Ecuador National Assembly Hit by Cyberattack

Ecuador’s National Assembly faced two cyberattacks aimed at breaching sensitive data. The assembly swiftly detected and countered the threats but did not disclose specific details about the damage or attackers. This incident occurred a week after the country’s general elections, highlighting rising cyber threats against prominent organizations in Ecuador, including media outlets and government agencies.

7. Cayuga Medical Center Faces Cyberattack

Cayuga Medical Center in Ithaca, New York, resumed patient admissions after a cyberattack disrupted its computer systems. The attack led to a temporary diversion order, halting emergency room admissions and redirecting ambulances to nearby hospitals for several hours. While most systems were expected to be restored by late Tuesday night, some remained offline, and the hospital’s staff had to revert to manual processes for patient check-ins. The nature and motives behind the cyberattack remain unclear.

8. Raymond Lifestyle Hit by Cyberattack

Raymond Lifestyle Limited, based in Mumbai, India, was recently targeted by a cyberattack. While some IT assets were impacted, the company reassured stakeholders that its core systems remained safe and operational. Despite the disruption, there was no effect on customer and store activities, and the company has enlisted cybersecurity experts to investigate the incident further. However, Raymond’s Q3 profit saw a significant decline, reflecting broader challenges such as decreased consumer demand.

9. Genea Clinic Cyberattack Disrupts Operations

Genea Fertility, a prominent Australian in vitro fertilization clinic, experienced a cyberattack on February 14 that disrupted patient services and treatment scheduling. Upon detecting suspicious activity on its network, the clinic temporarily disabled some systems to contain the breach, which led to delays and communication issues. IVF patients expressed concern over the impact on their time-sensitive treatments, which are costly and dependent on precise timing. Genea confirmed unauthorized access to data, although it is still investigating the extent of any personal information compromised.

10. Gossett Motor Cars Reports Data Incident

Gossett Motor Cars informed employees of a data security incident detected on December 28, 2024, involving unauthorized access attempts to their network. A forensic investigation concluded that personal information, such as names, addresses, and Social Security numbers, might have been impacted. While no evidence of identity theft has been reported, the company is offering free credit monitoring and fraud assistance services to affected individuals as part of its commitment to enhancing data security and privacy.

📢 Cyber News

11. Court Denies Request to Block DOGE Access

A federal judge recently dismissed the request from 14 Democrat-led states to block Elon Musk and the White House’s Department of Government Efficiency (DOGE) from accessing data systems at seven federal agencies. The states argued that Musk, an unelected official, was exceeding his authority and violating the Constitution, raising privacy concerns regarding DOGE’s potential access to sensitive data. However, the judge found that the states had not proven imminent harm or provided sufficient grounds to halt DOGE’s actions, despite acknowledging broader concerns over the privacy implications.

12. Enhancements Proposed for MITRE ATT&CK

Researchers have proposed advancements to the MITRE ATT&CK framework to improve its adaptability in rapidly evolving cybersecurity environments. These enhancements include real-time threat detection through machine learning models and cross-domain integration, aiming to strengthen defenses across interconnected systems like IT, cloud platforms, and ICS. By integrating new detection capabilities, including monitoring malicious containers in cloud environments, the updated framework promises quicker responses and a more comprehensive view of cyber threats, ensuring greater resilience in a constantly shifting digital landscape.

13. BlackLock RaaS Set to Dominate in 2025

BlackLock, a rapidly growing ransomware-as-a-service group, is on track to become one of the most active threat actors in 2025. Since its inception in March 2024, the group has seen an explosive rise in activity, increasing its data leak posts by over 1400% in Q4 2024. Researchers highlight BlackLock’s unique tactics, including custom-built malware and collaboration with initial access brokers, making it a formidable threat.

14. Health Net to Pay $11M for Cyber Failures

A federal contractor, Health Net Federal Services (HNFS), has agreed to pay $11.2 million to settle allegations of falsely certifying compliance with federal cybersecurity requirements. Between 2015 and 2018, the company failed to address vulnerabilities and neglected security flaws in its networks while administering the Tricare healthcare program. This settlement is part of the Department of Justice’s Civil Cyber-Fraud Initiative, aimed at ensuring contractors meet cybersecurity standards to protect sensitive government data.

15. MirrorTab Raises $8.5M for Browser Security

MirrorTab, a startup from San Francisco, has secured $8.5 million in seed funding led by Valley Capital Partners to develop its browser isolation technology. This approach intercepts and sanitizes web sessions before they reach a user’s device, eliminating vulnerabilities from malware, malicious scripts, and compromised browser extensions. With the new funding, MirrorTab aims to expand its platform and strengthen partnerships with security tools like web application firewalls and bot management solutions.