February 11 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Apple Vulnerability, USB Mode, iOS, iPadOS, Ubuntu 22.04, Printing System, Remote Exploitation, QR Codes, Quishing, DragonRank, Internet Information Services, Malware Campaign, GFI KerioControl, Firewalls, Kewadin Casino Network, Data Breach, Gaming Operations, Canyon State Electric, Catholic Charities, Southern Nevada, Sensitive Data, VectraRx, Cameron & Mittleman, Cyberattack, Europol, Financial Sector, Quantum Safe Cryptography, Dark Web, 8Base Ransomware, IllusionCAPTCHA, AI Bots, DDoS Attacks, Gaming, Finance, Microsoft, Copilot Bug Bounty Program, Rewards

Listen to the full podcast

🚨 Cyber Alerts

1. Apple Patches Exploited USB Mode Flaw

Apple released urgent security updates for iOS and iPadOS to address a vulnerability that has been actively exploited. The flaw, identified as CVE-2025–24200, allows attackers to disable USB Restricted Mode on a locked device, potentially exposing sensitive data. Although the attack requires physical access to the device, Apple responded with updates for a range of devices, including iPhone XS and later, as well as various iPad models.

2. Ubuntu Vulnerability Exposes Printer Risks

A newly discovered vulnerability in Ubuntu 22.04’s printing subsystem could have allowed attackers to execute arbitrary code on locked laptops. The flaw, found within the “ippusbxd” package, could be triggered by a malicious USB printer reporting oversized media sizes. While a proof-of-concept exploit was developed, modern compiler features like “FORTIFY_SOURCE” prevented actual code execution, limiting the impact to a system crash.

3. Quishing Scam Targets QR Codes to Steal Data

Quishing is an emerging threat that exploits the widespread use of QR codes, redirecting users to fraudulent websites to steal personal information and deliver malware. Scammers embed malicious links into fake QR codes, bypassing traditional security measures and fooling individuals into scanning them. This can lead to financial loss, data breaches, and system compromises, especially when QR codes are embedded in emails or public places.

4. BadIIS Malware Targets IIS Servers in Asia

Threat actors have targeted Internet Information Services (IIS) servers across Asia in a campaign designed to manipulate search engine optimization (SEO) and deploy the BadIIS malware. The attack primarily affects servers in countries such as India, Thailand, Vietnam, and Japan, with sectors including government and technology companies being targeted. Researchers suspect the campaign is financially motivated, as it redirects users to illegal gambling websites.

5. KerioControl Firewalls Exposed to RCE

Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution vulnerability tracked as CVE-2024–52875. Discovered by security researcher Egidio Romano in mid-December, the flaw allows for easy exploitation, with a public proof-of-concept (PoC) demonstrating the risk of 1-click attacks. Despite a security update being released in December, data from Censys and Greynoise show that thousands of instances remained vulnerable weeks later, with instances exposed in countries including Iran, the United States, and Russia.

💥 Cyber Incidents

6. Kewadin Casino Network Halted by Data Breach

Gaming operations at all five Kewadin Casino locations were suspended on Monday following a data breach. The casino network, located in Sault Ste. Marie, Michigan, reported the incident late Sunday and enlisted third-party experts to investigate and restore operations. The breach led to technical issues that also closed the Manistique, Christmas, and Hessel locations on Sunday afternoon, while Sault Ste. Marie and St. Ignace remained open until the halt at 7 a.m. Monday. Although the Kewadin website was briefly down, it was restored by early afternoon, but further details about the breach or the timeline for resuming gaming operations were not available.

7. Canyon State Electric Reports Data Breach

Canyon State Electric (CSE), an Arizona-based electrical construction company, reported a data breach in which sensitive personal identifiable information of employees and their dependents may have been accessed. The breach occurred after an unauthorized actor gained access to CSE’s account on a third-party human resources software system. Following an internal investigation, CSE confirmed that personal data, including names, Social Security numbers, and benefits information, was potentially exposed between December 4 and December 10, 2024.

8. Catholic Charities of Southern Nevada Breach

Catholic Charities of Southern Nevada recently discovered a data breach that allowed unauthorized access to sensitive personal information, including names, Social Security numbers, and health information. The breach was initially identified in June 2024, prompting the organization to secure its network and investigate with the help of cybersecurity experts. The full scope of the incident was confirmed in January 2025, and breach notification letters were sent to affected individuals on February 7, 2025, offering details about the compromised data.

9. VectraRx Breach Exposes Sensitive Data

VectraRx Mail Pharmacy Services LLC, based in Oro Valley, Arizona, recently revealed a data breach involving sensitive personal information. The breach was discovered after unusual activity was detected on its server around December 13, 2024. VectraRx, a prescription delivery service specializing in home delivery for work-related and personal injury claims, immediately launched an investigation to determine the scope and impact of the incident.

10. Cameron Mittleman LLP Reports Data Breach

Cameron & Mittleman LLP recently informed clients about a cyberattack that compromised personal data. The breach, detected on December 13, 2024, led to unusual network activity, prompting the firm to investigate and consult with cybersecurity experts. On January 29, 2025, the firm confirmed that sensitive information, including names and addresses, may have been exposed during the incident.

📢 Cyber News

11. Europol Warns Financial Sector on QC Risks

Europol has warned Europe’s financial services sector to begin planning for the shift to quantum-safe cryptography. The risk of “store now decrypt later” (SNDL) attacks is growing, as quantum computers are expected to eventually break current encryption methods. Europol’s recent Quantum Safe Financial Forum emphasized the need for collaboration and recommended measures to transition to quantum-resistant encryption to safeguard sensitive data against future threats.

12. Authorities Take Down 8Base Ransomware Sites

A coordinated operation led by global law enforcement has taken down dark web sites tied to the 8Base ransomware gang. The operation involved agencies from the U.K., U.S., and multiple European and Asian countries. Four European suspects were arrested, and over 40 pieces of evidence were seized in connection with ransomware attacks that affected 17 Swiss companies and earned $16 million from over 1,000 global victims. The takedown also revealed connections between 8Base and other major cybercrime groups.

13. IllusionCAPTCHA Launched to Defeat AI Bots

Researchers have launched IllusionCAPTCHA, a novel CAPTCHA system designed to counter the increasing threat of AI-based CAPTCHA solvers. This innovative system uses visual illusions that AI models struggle to interpret but are easily understood by humans. IllusionCAPTCHA is a response to the growing vulnerability of traditional CAPTCHA systems as AI technologies like GPT-4o and Gemini 1.5 pro 2.0 become more adept at bypassing older CAPTCHA methods.

14. DDoS Attacks Surge 56% from 2023 to 2024

Gcore has launched its Q3-Q4 2024 Radar report, highlighting a dramatic rise in the frequency and scale of DDoS attacks. The report shows a 56% increase in DDoS attacks compared to the previous year, with gaming and financial sectors most targeted. It reveals that the largest attack of the period reached 2Tbps, marking an 18% rise from earlier in 2024. The gaming industry, while still the top target, saw fewer attacks, while financial services experienced a sharp rise, indicating a shift in attacker focus.

15. Microsoft Expands Copilot Bug Bounty Program

Microsoft has expanded its Copilot bug bounty program to include more consumer products and raise rewards. Researchers can now earn up to $5,000 for identifying moderate severity vulnerabilities, while critical-severity flaws remain eligible for up to $30,000 in payouts. The update also allows bug hunters to target more Copilot services like Copilot for Telegram and WhatsApp, offering broader opportunities to improve security across Microsoft’s Copilot ecosystem.