👉 What’s the latest in the cyber world today?

BARWM, Stealthy Backdoor Attacks, Deep Learning, Hidden Triggers, PhishWP Plugin, Fake Payment Pages, Moxa Critical Vulnerabilities, Routers, Discord, Infostealer Campaign, Gaming, Android Vulnerabilities, Guam Critical Infrastructure, Volt Typhoon, Maine Public School Districts, Bangladesh City Bank, Sensitive Client Data, Philippine President’s Office, Stiiizy, Data Breach, Salt Typhoon, Cyber Espionage, Charter, Consolidated, Windstream, Lithuania, Cyber Command, NATO Interoperability, Wallet Drainer Malware, Cryptocurrency Losses, US Department of Defense, Tencent, UK Government, Criminalize, Sexually Explicit Deepfakes

Listen to the full podcast

🚨 Cyber Alerts

1. Advanced Backdoor Attack Targets AI Models

BARWM, a new backdoor attack method, is specifically designed to target real-world deep learning (DL) models deployed on mobile devices, addressing the limitations of traditional backdoor attack techniques. Existing methods often rely on easily detectable, sample-agnostic triggers or require changes to the model structure, which can compromise the attack’s stealth and effectiveness. In contrast, BARWM employs a DNN-based steganography technique that generates unique, sample-specific backdoor triggers that are nearly imperceptible to detection systems. This makes the attack much harder to identify, offering a more subtle and effective approach to compromising DL models.

2. PhishWP Plugin Steals Data from Users

PhishWP, a newly discovered WordPress plugin, has been used by cybercriminals to create deceptive payment pages resembling trusted services like Stripe, aimed at stealing financial data. This malicious plugin enables attackers to collect sensitive information such as credit card details, billing addresses, and one-time passwords (OTPs), which are then transmitted to the cybercriminals via Telegram. The plugin’s design is highly convincing, making it difficult for users to detect fraudulent activity, and it can be deployed on compromised or fraudulent WordPress sites.

3. Moxa Issues Critical Vulnerability Warning

Moxa, an industrial networking provider, has issued an urgent warning about two critical vulnerabilities in its cellular routers, secure routers, and network security appliances. The flaws, CVE-2024-9138 and CVE-2024-9140, allow remote attackers to escalate privileges and execute arbitrary code, posing significant risks to industrial automation and control systems used in sectors like transportation, utilities, and telecommunications. These vulnerabilities are critical due to their potential for remote exploitation, making them highly dangerous.

4. New Discord Infostealer Targets Gaming Users

A new infostealer campaign targeting Discord users has been discovered, with researchers urging gamers to avoid replying to unsolicited messages. The scam typically starts with a direct message offering a chance to beta test a new game, with the supposed developer providing a download link for a game installer. However, the link leads to an information-stealing Trojan, such as Nova Stealer, Ageo Stealer, or Hexon Stealer, which can steal sensitive data like login credentials, session cookies, and cryptocurrency wallet information. The ultimate goal of the attackers is to steal money from victims by gaining access to their bank accounts and cryptocurrency wallets.

5. Android Warns of Critical Vulnerabilities

The January 2025 Android Security Bulletin highlights critical vulnerabilities in Android devices that require immediate attention. These vulnerabilities, particularly in the Android System component, could allow attackers to execute harmful code without needing additional privileges. Android users are urged to update their devices to the latest security patch level (2025-01-05 or later) to mitigate risks, as the affected versions span Android 12 to Android 15.

💥 Cyber Incidents

6. Hackers Target Guam Critical Infrastructure

The U.S. government has uncovered a Chinese cyber espionage campaign known as Volt Typhoon, targeting Guam’s critical infrastructure, which is crucial for both civilian and military operations in the Pacific. This operation, aimed at disrupting military and civilian activities in the event of a conflict over Taiwan, focuses on gaining control over vital systems such as water, power, and communication networks rather than exfiltrating data. Volt Typhoon infiltrates systems by imitating legitimate users, and its stealthy operations make it difficult to detect without identifying anomalies, such as unusual login patterns.

7. Maine School Districts Face Cyber Breaches

Two Maine public school districts experienced cybersecurity incidents over the weekend. South Portland Public Schools shut down its network after a breach potentially threatened student data, while Maine School Administrative District 51 saw a student’s email account hacked and used in a phishing scam. South Portland’s breach was traced to an IP address in Bulgaria, but it did not seem to have targeted the district specifically. Although there was concern about the breach’s impact, the district’s sensitive information was largely unaffected as it operates offsite.

8. City Bank Cyber Breach Exposes Client Data

In late December 2024, the Bangladesh Cyber Security Intelligence (BCSI) discovered a breach involving City Bank’s client statements being sold on underground forums. The attacker exploited a vulnerability that allowed unauthorized access due to weak session management. This breach highlighted the ongoing cybersecurity challenges in the banking sector, despite earlier warnings from BCSI. City Bank acted swiftly to fix the issue after being notified by BCSI researchers, who emphasized the importance of robust security measures to prevent future incidents.

9. Chinese Hackers Breach Philippines OPS Data

A Chinese state-sponsored hacking group, APT41, breached sensitive data from the Office of the President (OPS) under President Ferdinand “Bongbong” Marcos Jr. The stolen documents, including military files on territorial disputes, were part of a larger espionage campaign targeting various Philippine government offices and organizations from early 2023 to mid-2024. Despite these breaches, officials from the Department of Information and Communications Technology (DICT) and the Armed Forces of the Philippines (AFP) reported that sensitive data was not compromised, emphasizing their detection and prevention measures.

10. Stiiizy Data Breach Exposes Customer Info

A cybercrime group accessed customer data at Stiiizy, a Los Angeles-based marijuana operator, following a breach of its point-of-sale vendor between October and November 2024. Sensitive information, including government-issued IDs, was exposed at four retail locations in California, though not all data was compromised for every customer. Stiiizy is offering affected individuals free credit monitoring for a year as the company works to address the breach.

📢 Cyber News

11.  Salt Typhoon Targets More Telecom Companies

The Salt Typhoon cyber espionage campaign continues to grow, with Charter Communications, Consolidated Communications, and Windstream joining the list of telecom companies compromised by Chinese government hackers. AT&T, Verizon, and Lumen Technologies were among the first to confirm breaches, which the U.S. government has described as a significant cyber espionage campaign. The hackers exploited vulnerabilities in unpatched Cisco and Fortinet devices to gain unauthorized access to network management accounts, compromising thousands of routers.

12.Lithuania Launches New Cyber Command

Lithuania officially inaugurated its Cyber Command (LTCYBERCOM) on January 1, 2025, as part of an initiative to strengthen national security and improve collaboration with NATO. This new unit is tasked with managing cyber operations, ensuring national defense readiness, and supporting NATO interoperability. LTCYBERCOM consolidates various cyber defense resources under a single authority, signaling Lithuania’s proactive approach to counter emerging cyber threats.

13. Crypto Theft Surge by Wallet Drainer Malware

In 2024, nearly $500 million in cryptocurrency was stolen by wallet drainer malware, affecting more than 332,000 victims. The malware tricked users into unknowingly signing malicious transactions, which led to the theft of their digital assets. The year saw a 67% increase in losses compared to the previous year, with the largest single theft totaling $55.48 million. The first quarter experienced the highest number of attacks, resulting in losses of $187.2 million, but the two most significant incidents, in August and September, were responsible for over $80 million in total thefts. Despite a decrease in attack frequency later in the year, the overall trend reflected the growing sophistication and frequency of cybercrime within the cryptocurrency sector.

14. US Adds Tencent to Military Company List

The US Department of Defense has added Tencent to its “Chinese military company” list, a designation that may not result in an outright ban but could cause significant complications. This designation stems from concerns that Tencent’s services, such as WeChat and its public cloud, could be exploited by the Chinese military to gather intelligence or modernize its technologies. Tencent has denied the allegations, calling its inclusion an error, and it plans to appeal, but the decision may affect its business relations with US companies.

15. UK Plans to Criminalize Deepfake Creation

The UK government has announced plans to criminalize the creation of sexually explicit deepfakes, with those convicted facing up to two years in prison. While sharing or threatening to share such content is already illegal, the new law will specifically target those who create these explicit images or record intimate content without consent. Experts have expressed concern over the difficulty in identifying offenders, as deepfake technology continues to evolve rapidly and remains largely unregulated.

Copyright © 2025 CyberMaterial. All Rights Reserved.