April 15, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

ResolverRAT, Healthcare, Pharma, Phishing, DLL Hijacking, BPFDoor, Reverse Shell, Malware, Microsoft Teams, Fake WhatsApp, Apache Roller Vulnerability, Password Changes, Hertz, Data Breach, Cleo Zero-Day Attack, DaVita, Ransomware Attack, GPS Spoofing, Indian Air Force, Myanmar, Humanitarian Mission, Lemonade, Driver’s License Numbers, Germany, FAKO-M Getränke, Cyberattack, IT Operations, Meta, EU, AI Training, Public User Data, CA Browser Forum, SSL TLS, Certificate Lifespan, Australia, Queensland, Data Breach Notification Law, Education Sector, Cyber Threats, Schools, Universities, Pentesting, GenAI.

Listen to the full podcast

🚨 Cyber Alerts

1. ResolverRAT Targets Healthcare and Pharma

Cybersecurity researchers have uncovered ResolverRAT, a sophisticated remote access trojan targeting healthcare and pharmaceutical sectors. Delivered through phishing emails, the malware exploits fear-based lures and DLL side-loading techniques to initiate execution. Once activated, ResolverRAT uses advanced in-memory execution, encryption, and compression to avoid detection and persist on the victim’s system. The malware is equipped with a multi-layered command-and-control infrastructure that rotates IPs and uses custom protocols, ensuring that it remains undetected while exfiltrating sensitive data.

2. BPFDoor Uses Reverse Shell for Access

BPFDoor, a sophisticated backdoor malware, has been actively targeting organizations in Asia, the Middle East, and Africa. By using Berkeley Packet Filtering technology, it monitors network traffic at the kernel level, staying hidden from conventional security measures. Deployed by the Earth Bluecrow group, this malware is used for long-term cyberespionage in sectors like telecommunications, finance, and retail. Its ability to avoid detection through reverse shell connections and stealthy processes makes BPFDoor a highly effective tool for persistent, undetected access to compromised systems.

3. Hackers Use Teams Chats to Deliver Malware

A sophisticated attack using Microsoft Teams chats has emerged, targeting Windows PCs. Cybersecurity firm ReliaQuest reported that the attack, linked to Storm-1811, began in March 2025. The attackers impersonate IT support staff through fraudulent Microsoft 365 accounts, tricking employees into running malicious software. This campaign uses novel techniques like TypeLib COM hijacking and PowerShell backdoors to maintain persistent access, making detection difficult.

4. Malware on Android Phones Steals Crypto

A growing attack targets cryptocurrency users through cheap Android phones pre-loaded with malware designed to steal crypto. These phones, which resemble premium models, come with fake versions of WhatsApp that hijack wallet addresses during transactions. The malware quietly replaces wallet addresses with those controlled by attackers, making it nearly undetectable to the user. Additionally, the spyware scans device storage for images of recovery phrases, which are critical for accessing cryptocurrency wallets, further escalating the risk.

5. Apache Roller Flaw Lets Hackers Keep Access

A recently discovered vulnerability in Apache Roller allows attackers to maintain access to user accounts even after password changes. The flaw, identified in versions 1.0.0 to 6.1.4, prevents the invalidation of active session tokens when passwords are updated. As a result, attackers who have gained access to a user’s session — whether through stolen cookies, phishing, or malware — can continue to exploit the account even after the password is reset. The Apache Roller team has fixed the issue in version 6.1.5 by implementing centralized session management, which ensures that all active sessions are terminated when a password change or account disable operation occurs.

💥 Cyber Incidents

6. Hertz Confirms Data Breach Exposing Info

Hertz Corporation confirmed a data breach involving customer data stolen through a zero-day vulnerability in Cleo’s platform. The breach impacted customers from Hertz, Thrifty, and Dollar brands, exposing sensitive details like names, contact information, and credit card data. The Clop ransomware gang, which has targeted other secure file transfer platforms before, claimed responsibility for the breach. Hertz is offering impacted customers free identity monitoring services and urges vigilance against fraud.

7. DaVita Ransomware Attack Disrupts Operations

On April 12, 2025, DaVita, a major kidney dialysis provider, confirmed it was targeted by a ransomware attack. The attack encrypted portions of the company’s network, leading to disruptions in some internal operations. Despite these issues, DaVita assured the public that patient care across its 2,600 dialysis centers continued uninterrupted. An investigation is ongoing to determine the full scope of the breach, and concerns remain about the potential theft of patient data, a common tactic in ransomware incidents.

8. GPS Spoofing Targets Indian Air Force

During Operation Brahma’s relief mission in Myanmar, an Indian Air Force (IAF) C-130J aircraft faced a GPS spoofing attack. The attack, which misled the aircraft’s navigation system, occurred while the aircraft was flying over earthquake-hit Myanmar. Pilots quickly switched to the internal navigation system (INS) to maintain safe navigation and avoid potential mishaps. This was during India’s humanitarian mission following the devastating 7.7 magnitude earthquake that struck Myanmar, leaving over 3,600 dead and thousands injured.

9. Lemonade Breach Exposes Driver’s Licenses

Lemonade, a New York-based insurance firm, disclosed a data breach exposing driver’s license numbers of thousands of individuals. The breach occurred due to a vulnerability within the company’s online application platform, affecting users who applied for various insurance policies between April 2023 and September 2024. This flaw allowed unauthorized access to driver’s license numbers, although the company has stated there is no evidence to suggest the data was misused.

10. FAKO-M Getränke Disrupted by Cyberattack

FAKO-M Getränke, a beverage wholesaler based in Neuss, Germany, faced a cyberattack on the night of April 12 to 13, 2025, impacting its IT infrastructure. The attack left the company’s operations in Neuss, Bocholt, and Hamm temporarily halted. Local authorities, including the State Criminal Police Office, have been informed and are aiding in the investigation. While systems remain down, FAKO-M is running emergency operations and fulfilling orders manually, keeping customers updated on the company’s website.

📢 Cyber News

11. Meta Resumes AI Training with Public Data

Meta has resumed training its artificial intelligence models using publicly shared data from adult users in the European Union. This decision comes after a year-long pause following concerns raised by Irish regulators over data protection. The AI training will utilize data such as posts, comments, and interactions with Meta’s AI across platforms like Facebook, Instagram, WhatsApp, and Messenger. However, private messages and data from users under 18 will not be included. The European Data Protection Board recently approved the rollout, with Meta informing users about the data collection through notifications and offering an opt-out option.

12. SSL TLS Certificate Lifespan Cut to 47 Days

The CA/Browser Forum has voted to shorten the lifespan of SSL/TLS certificates significantly over the next four years. Starting in March 2026, the lifespan will drop to 200 days, followed by a reduction to 100 days in March 2027. By March 2029, certificates will only be valid for 47 days. This decision, driven by security concerns, aims to reduce risks associated with outdated certificates and compromised credentials, encouraging companies to automate certificate renewals and making the entire ecosystem more secure and efficient.

13. Queensland Introduces Data Breach Law

Queensland’s new data breach notification law will take effect on July 1, 2025. The Information Privacy and Other Legislation Amendment Act 2023 mandates that agencies notify the Office of the Information Commissioner Queensland (OICQ) about eligible data breaches. The law requires agencies to report unauthorized access, loss, or disclosure of personal information if it poses a risk of serious harm. The new regulation aims to enhance transparency and ensure better protection of personal data.

14. Education Sector Face Rising Cyber Threats

Educational institutions have increasingly become major targets for cybercriminals and state-backed hackers, especially in 2024. Experts have identified the education sector as the third-most-targeted industry globally, with a marked rise in attacks. Hackers exploit the sector’s open networks, limited security budgets, and the vast amounts of valuable data held by schools and universities. The growing reliance on personal devices and legacy technologies further increases their vulnerability, making them attractive targets for cybercriminals.

15. Firms Struggle to Fix Flaws in GenAI

A recent report from Cobalt highlights that while 94% of organizations consider pentesting essential for their security strategy, many still fail to address discovered vulnerabilities. Despite this, large organizations tend to take longer than smaller ones to resolve issues, with an alarming median time of 67 days to address pentesting findings. A significant concern is the rise of vulnerabilities within GenAI LLM web apps, with only 21% of identified flaws being remediated. Additionally, many security leaders report facing pressure to prioritize speed over security, which leads to delays in resolving serious vulnerabilities.