February 10 2025 – Cyber Briefing

👉 What’s happening in cybersecurity today?

Global Brute Force Attack, VPNs, Firewalls, Google Tag Manager, Credit Card Data, Magento Sites, Phishing Campaign, Facebook Users, Login Data, Fake Notices, Remote Code Execution, Marvel Rivals Game, CISA, Trimble Cityworks, Lee Enterprises, US Newspaper, Media Outlets, Hauts-de-France Chamber of Commerce, Karnataka Police, Property Portal, Pinehurst Radiology, North Carolina, Crystal Lake Elementary, Illinois, Data Breach, UK Government, Apple, iCloud Backdoor, US State Attorneys General, DOGE, Data Access, India, Bank Domains, Digital Payment Security, Brave Browser, Custom Scriptlets, ThreatMate, AI, Funding, Attack Surface Management Platform.

Listen to the full podcast

🚨 Cyber Alerts

1. Brute Force Attack Targets Edge Devices

A massive brute force attack campaign, first detected in January 2025, targets edge security devices including VPNs, firewalls, and gateways from vendors like Palo Alto Networks, Ivanti, and SonicWall. The attack leverages 2.8 million IP addresses, primarily from Brazil, Turkey, and Russia, to guess login credentials and hijack devices for network access and data theft. The Shadowserver Foundation warns of escalating threats and urges organizations to prioritize multi-factor authentication and patch management to defend against these attacks.

2. Hackers Use Google Tag Manager to Steal Data

Hackers are using Google Tag Manager (GTM) to deploy malicious scripts on eCommerce sites, particularly those using Magento, to steal credit card information. The attack involves embedding encoded JavaScript payloads in GTM tags that mimic legitimate tracking scripts but secretly collect and transmit sensitive data. Website administrators are urged to audit GTM tags regularly, use malware detection tools, and ensure all software is up to date to prevent such attacks.

3. Phishing Campaign Targets Facebook Users

A sophisticated phishing campaign is targeting Facebook users with fake copyright infringement notices, attempting to steal login credentials. The emails, sent to over 12,000 recipients across the EU, US, and Australia, use legitimate services like Salesforce to appear more convincing. The messages claim the recipient’s account is flagged under the Digital Millennium Copyright Act (DMCA) and warn of account restrictions if not addressed urgently. The emails often reference major companies like Universal Music Group as the complainant and include a link to appeal the claim.

4. Marvel Rivals Flaw Exposes Players to Risk

A severe Remote Code Execution (RCE) vulnerability has been discovered in Marvel Rivals, exposing players to potential cyberattacks. This flaw stems from the game’s hotfix patching system, which lacks proper server verification, allowing attackers on the same network to execute arbitrary code on players’ devices with administrative privileges. The vulnerability, affecting both PC and PlayStation 5 versions of the game, highlights broader concerns about the gaming industry’s security practices and the need for more responsible reporting and patching of flaws.

5. CISA Warns of Trimble Cityworks Exploit

CISA has issued a warning about an active exploitation of a vulnerability in Trimble Cityworks GIS asset management software. The security flaw, CVE-2025–0994, allows attackers to execute remote code on affected servers, posing a significant risk to users. Trimble has released patches, but CISA highlights that the vulnerability is still being actively weaponized in attacks, especially targeting versions prior to 15.8.9 of Cityworks.

💥 Cyber Incidents

6. Lee Enterprises Faces Cyberattack Disruption

Lee Enterprises confirmed a cyberattack has caused ongoing disruptions at numerous newspapers across the United States. The company stated that it is working to restore its systems following the attack earlier in the week, though the full extent of the breach remains unclear. Lee has not disclosed the specific nature of the attack or whether any data was compromised, and its recovery timeline is uncertain.

7. Hauts-de-France Chamber Hit by Cyberattack

The Hauts-de-France Chamber of Commerce and Industry (CCI) has faced a second cyberattack in recent weeks, with no data leak reported. The pro-Russian group responsible disrupted the CCI’s official website and two other sites, causing shutdowns from 6 a.m. to 9 a.m. While the sites resumed operations later that morning, the CCI has filed a complaint with the gendarmerie and informed the ANSSI.

8. Karnataka Police Investigate Kaveri 2.0 Hack

The Karnataka police in India have launched an investigation into the hacking of the Kaveri 2.0 portal, which is used for property transactions and registrations across the state. Unknown individuals gained unauthorized access to the portal, created fake accounts, and attempted to extract sensitive data. The attack, which took place last month, caused severe disruptions in property registration services and led to a surge of malicious requests overwhelming the system.

9. Pinehurst Radiology Closes After Cyberattack

Pinehurst Radiology Associates in Moore County, North Carolina, has closed its doors indefinitely following a cyberattack. The radiology practice discovered suspicious activity on its network and launched an investigation, hiring legal and cybersecurity experts to handle the situation. The incident has left several systems offline, and the practice is unable to schedule certain services, including mammography and ultrasound.

10. Crystal Lake District 47 Hit by Data Breach

A recent data breach at Crystal Lake Elementary District 47 in Illinois has compromised the personal information of 14,207 individuals, including two residents of Maine. The breach, which occurred on October 13, 2024, was discovered on January 2, 2025, after network disruptions were identified. The breach resulted from an external hack that may have exposed sensitive data, such as Social Security numbers, financial accounts, and health information.

📢 Cyber News

11. UK Orders Apple to Create iCloud Backdoor

The UK government’s order for Apple to create a backdoor for accessing encrypted iCloud backups has been reported but not officially confirmed by Apple. According to sources cited by The Washington Post, this demand was made under the Investigatory Powers Act of 2016. Apple has not yet publicly commented on the order due to legal restrictions, but the company is reportedly considering discontinuing its Advanced Data Protection service in the UK instead of complying.

12. US State AGs Sue DOGE Over Data Access

A coalition of 14 state attorneys general, including those from major states like California and New York, is preparing to file a lawsuit to stop Elon Musk’s Department of Government Efficiency (DOGE) from continuing to access sensitive federal data. The attorneys general argue that Musk’s team has unlawfully accessed payment systems containing personal and financial information, including Social Security numbers, bank account details, and other sensitive data. The states claim this level of access is illegal and pose significant privacy risks to millions of individuals across the U.S.

13. India Launches Bank Domain to Combat Fraud

The Reserve Bank of India (RBI) is launching an exclusive “bank.in” internet domain to combat cyber threats like phishing and improve the security of digital financial services. Starting in April 2025, banks will register under this domain to bolster trust in online banking. Additionally, the RBI will introduce the “fin.in” domain for non-bank financial entities and implement Multi-Factor Authentication for cross-border online transactions, strengthening digital payment security in the country.

14. Brave Browser Adds Custom Scriptlets Feature

Brave Browser has introduced a new feature called “custom scriptlets,” which allows advanced users to inject their own JavaScript into websites for greater control over their browsing experience. This feature, available in version 1.75 for desktop, is similar to popular browser extensions like TamperMonkey and GreaseMonkey. Users can now write and inject scripts to modify webpages for privacy, security, and usability purposes.

15. ThreatMate Raises $3.2 M for Cyber Platform

ThreatMate, a cybersecurity startup based in Delaware, raised $3.2 million in seed funding to develop an AI-powered attack surface management platform for Managed Service Providers (MSPs). The funding round was led by Top Down Ventures’ Founders Fund I with additional support from Blu Ventures and Runtime Ventures. The platform helps MSPs protect small to medium-sized businesses by providing enterprise-grade cybersecurity with continuous monitoring, risk scoring, and automated penetration testing.