π What are the latest cybersecurity alerts, incidents, and news?
Astaroth Phishing Kit, 2FA, Real-Time Credential Capture, Storm-2372, Phishing Attack, Device Code Flow, Tokens, PostgreSQL Zero-Day, BeyondTrust, CISA, FBI, Memory-Safe Practices, Buffer Overflow Vulnerabilities, AMD Ryzen, Master Utility Software, Lexipol, Sensitive Police Data, Brazil, Banco Neon, Presbyterian Homes of Georgia, Doxbin, Doxxing, User Records, Benefits Management Group, Personal Health Info, UK Apple Backdoor, Google, Poland, AI, Digital Skills Growth, Australia, Anti-Scam Laws, Pig Butchering Scams, CyberArk, Zilla Acquisition, Security, Identity Security Platform.
Listen to the full podcast
π¨Β Cyber Alerts
1. Astaroth Phishing Kit Bypasses 2FA Defenses
Astaroth, a new phishing kit, bypasses two-factor authentication (2FA) using advanced techniques. Unlike traditional phishing tools, it employs session hijacking and real-time credential interception to compromise accounts on platforms like Gmail and Office 365. The kitβs use of SSL-certified fake login pages and its ability to capture session cookies allows attackers to impersonate victims without needing additional credentials, posing a significant threat to both individuals and organizations.
2. Storm-2372 Group Exploits Device Code Flow
Microsoft Threat Intelligence uncovered a sophisticated phishing attack by Storm-2372 targeting government, NGOs, IT, and critical industries. Using the OAuth 2.0 device code authentication flow, the attackers trick victims into entering legitimate device codes, unknowingly granting them access tokens. This method bypasses traditional security measures like multi-factor authentication, enabling unauthorized access to sensitive data and lateral movement within networks. Organizations are urged to restrict device code flow, implement MFA, and educate employees on phishing risks to mitigate this evolving threat.
3. PostgreSQL Zero-Day Vulnerability Exploited
Rapid7 discovered a zero-day vulnerability in PostgreSQL that played a crucial role in attacks against BeyondTrust Remote Support. This flaw, CVE-2025β1094, allows attackers to trigger SQL injection by exploiting malformed UTF-8 characters in the PostgreSQL interactive terminal, psql. Researchers have linked this bug to the successful compromise of systems, including machines at the US Treasury Department, where Chinese hackers gained unauthorized access to sensitive data. Despite BeyondTrust issuing patches, the PostgreSQL flaw remains a critical concern for organizations relying on vulnerable systems.
4. CISA and FBI Push for Memory Safe Practices
The US Cybersecurity and Infrastructure Security Agency (CISA) and FBI have issued a new alert focusing on eliminating buffer overflow vulnerabilities in software. The report emphasizes secure development practices, particularly advocating for the use of memory-safe programming languages like Rust. As part of the Secure by Design initiative, CISA and FBI are urging software manufacturers to prioritize proactive security measures to prevent threats that exploit these flaws, which often lead to data corruption, unauthorized code execution, and larger-scale attacks.
5. AMD Ryzen Master Utility DLL Hijacking Risk
A high-severity DLL hijacking vulnerability, identified as CVE-2024β21966, has been discovered in AMD Ryzen Master Utility software, which optimizes the performance of AMD Ryzen processors. The vulnerability, with a CVSS score of 7.3, could allow attackers to execute arbitrary code and escalate privileges on affected systems. Security researchers found that the software fails to properly check for malicious DLLs, potentially allowing attackers to inject harmful code into the system, compromising its integrity and confidentiality.
π₯ Cyber Incidents
6. Hackers Leak Sensitive Data from Lexipol
A hacker group known as βthe puppygirl hacker polyculeβ leaked thousands of files from Lexipol, a Texas-based company that develops policy manuals and training materials for first responders. The leaked data includes over 8,500 files containing customer records, agency names, passwords, and a range of policy manuals for law enforcement agencies across the U.S. Lexipol has been criticized for its widespread influence on policing, with concerns over its resistance to police reforms and standardized policies that may not align with local community values.
7. Banco Neon Data Leak Exposes Millions
A massive data leak has reportedly affected Banco Neon, a Brazilian bank, compromising sensitive information of over 30 million customers. The leak includes full names, gender, contact information, account details, and even images of documents and selfies. While the cybercriminal behind the attack, identified as βbanconeon,β has not put a price on the stolen data, the leak has sparked concern about the bankβs security.
8. PHG Warns of Potential Data Breach Incident
Presbyterian Homes of Georgia, Inc. (PHG) has informed individuals of a potential data breach that occurred after suspicious activity was detected on November 9, 2024. While the company has not confirmed any misuse of the data, PHG is notifying individuals whose sensitive information may have been accessed without authorization. Affected individuals are urged to take precautionary steps, including enrolling in free credit monitoring services.
9. Doxbin Hack Exposes 136000 User Records
Tooda, a hacker group, breached Doxbin, a notorious doxxing platform, and exposed over 136,000 user records, including usernames and email addresses. The attack also included a file revealing individuals who paid to keep their information off the platform, making them vulnerable to exposure. The group claims full control of Doxbinβs backend and deleted user accounts, leaving users at risk of real-world identity exposure.
10. BMGI Data Breach Exposes Sensitive Data
Benefits Management Group, Inc. recently revealed a data breach that compromised sensitive personal and health information. The breach was discovered on November 26, 2024, following suspicious activity in its systems, leading to an investigation. BMGI confirmed that on November 8, 2024, an unauthorized third party accessed personal details such as names, Social Security numbers, and addresses of affected individuals.
π’ Cyber News
11. Lawmakers Urge Gabbard to Reject UK Request
US lawmakers Senator Ron Wyden and Representative Andy Biggs have written a letter urging Tulsi Gabbard, the newly confirmed Director of National Intelligence, to take action against the UK governmentβs reported demand for Apple to create a backdoor into iCloud security. The lawmakers warn that this request, if true, could endanger the security of US citizens and government data by potentially weakening encryption for global users. They call on Gabbard to press the UK to reverse its decision or risk damaging the trust in US-UK cybersecurity agreements, emphasizing the importance of strong end-to-end encryption in protecting national security.
12. Google and Poland Sign AI Partnership Deal
Google and Poland have signed a memorandum to enhance artificial intelligence applications in sectors like energy and cybersecurity. The agreement will also involve expanding digital training programs, aiming to reach 1 million young Poles over five years. Prime Minister Donald Tusk emphasized the economic and security benefits of the collaboration, while also highlighting the countryβs efforts to reduce business regulations.
13. Australia Passes New Law to Fight Scams
The Australian government has passed the Scams Prevention Framework law, holding social media platforms, banks, and telecommunication companies accountable for scams. These entities now face fines of up to AU$50 million if their networks are used for fraudulent activities. The law aims to make it nearly impossible for scammers to target Australian residents while ensuring victims can easily claim compensation for financial losses.
14. Pig Butchering Scams Surge in Crypto Fraud
Pig butchering scams are rapidly increasing, with Chainalysis reporting that scammers are expected to receive over $12 billion from fraudulent activities in 2024. A significant rise in scams has led to a shift in strategies, with scammers targeting more victims but accepting smaller payments. The use of AI technology and the growing market for illicit tools have contributed to this alarming trend, indicating that cybercrime has become a highly organized ecosystem requiring coordinated efforts from various sectors to combat effectively.
15. CyberArk Acquires Zilla Security for IGA
CyberArk has expanded its identity security portfolio with the $165 million acquisition of Zilla Security, a Boston-based startup. This deal follows CyberArkβs $1.54 billion purchase of Venafi in 2024, signaling its push toward a unified, cloud-first identity management platform. Zillaβs AI-driven tools will be integrated into CyberArkβs Identity Security Platform to automate processes like user provisioning and compliance reviews, streamlining enterprise security in hybrid environments.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
