👉 What are the latest cybersecurity alerts, incidents, and news?
New Banshee Stealer, macOS, CrowdStrike, Phishing Campaign, Recruitment Process, PayPal Phishing Scam, Microsoft365, MirrorFace, Japan, GFI KerioControl Firewall, BayMark Health Services, Data Breach, Hong Kong, Urban Renewal Authority, Data Leak, Slovak Office of Geodesy, Cartography, Cadastre, Cyberattack, Canadian School Boards, PowerSchool, Biden Administration, Cybersecurity Executive Order, UK, Small Care Providers, Digital Care Hub, Hong Kong, Distributed Ledger Technology, Bayview Asset Management, $20 Million Fine, Darktrace, Cado Security, Proposed Acquisition
Listen to the full podcast
🚨 Cyber Alerts
A new variant of Banshee Stealer has emerged with more sophisticated evasion strategies, including advanced string encryption inspired by Apple’s XProtect. This new approach allows the malware to bypass antivirus systems, posing a significant risk to over 100 million macOS users. Distributed through phishing websites and fake GitHub repositories disguised as popular software like Google Chrome, Telegram, and TradingView, this variant is part of an ongoing campaign targeting macOS and Windows users alike.
CrowdStrike has issued an alert about a phishing campaign exploiting its branding to distribute a cryptocurrency miner. The campaign begins with a phishing email impersonating a recruitment process for a junior developer role, directing victims to download a fake CRM tool. Once launched, the malicious application installs the XMRig miner on the victim’s system, using sophisticated checks to evade detection and ensure persistence.
Fortinet’s FortiGuard Labs has uncovered a sophisticated phishing scam targeting PayPal users by exploiting a loophole in Microsoft365 tools. The attackers use legitimate-looking emails and PayPal login pages to trick victims into linking their accounts to unauthorized addresses, enabling full account takeover. By using MS365’s Sender Rewriting Scheme, the scam bypasses common phishing filters, putting users at risk of financial loss.
Japan’s National Police Agency and National Center of Incident Readiness and Strategy for Cybersecurity have linked the China-based threat actor MirrorFace to a series of persistent cyberattacks on Japan. The campaigns, targeting organizations and individuals across sectors like national security and advanced technology, have been active since 2019. MirrorFace, also known as Earth Kasha, is a subgroup of APT10 and is known for using sophisticated tools like ANEL, LODEINFO, and NOOPDOOR to steal sensitive information from various high-profile targets.
Threat actors are actively exploiting a newly discovered security flaw in GFI KerioControl firewalls, potentially allowing for remote code execution (RCE). The flaw, identified as CVE-2024-52875, involves a carriage return line feed (CRLF) injection attack, which can lead to HTTP response splitting and cross-site scripting (XSS) vulnerabilities. Attackers can exploit this flaw by inserting malicious characters into HTTP response headers, gaining control over vulnerable systems.
💥 Cyber Incidents
BayMark Health Services, Inc. reported a data breach to the California Attorney General after unauthorized access to sensitive files within its network. The breach, which took place between September 24 and October 14, 2024, was discovered on October 11, 2024, when disruptions to the company’s IT systems were identified. Affected individuals had their personal information exposed, including Social Security numbers, treatment details, and insurance information.
The Urban Renewal Authority (URA) in Hong Kong has faced a warning from the privacy watchdog after a data leak compromised the personal details of 199 tenants and property owners. The breach was due to security flaws in the cloud platform used by URA, ArcGIS Online, which allowed personal data to be accessed publicly without proper security measures. The Office of the Privacy Commissioner for Personal Data (PCPD) found that the URA failed to conduct adequate security checks and update its software, leading to the exposure of sensitive information.
The Office of Geodesy, Cartography, and Cadastre (ÚGKK) of Slovakia has confirmed it was targeted in a major cyberattack, leading to the shutdown of all its systems. The attack, which involved ransomware, has rendered the land registry’s electronic services unavailable, and attackers are reportedly demanding a large ransom. The ÚGKK is working with cybersecurity experts to restore services, while the cadastral departments remain closed temporarily until the situation is resolved.
A hotel in Grossarl, Austria, was targeted in a cyberattack where unknown perpetrators encrypted its computer system using malicious software. The attackers demanded a ransom of 14,000 euros in Bitcoin (0.15 Bitcoin) for the decryption key, but the hotel decided not to comply with the demand. While the total damage caused by the attack is still being assessed, the hotel refused to pay, and law enforcement is investigating the incident.
The Calgary Board of Education (CBE) and Rocky View Schools (RVS) were among several Canadian school boards impacted by a data breach involving the PowerSchool student information system. The breach, which occurred on December 28, 2024, allowed unauthorized access to demographic data of students and staff. PowerSchool, which provides cloud-based services to numerous school districts, has taken steps to contain the breach and improve security measures, while law enforcement has been notified.
📢 Cyber News
The Biden administration is working on an executive order aimed at bolstering U.S. cybersecurity before its term ends. The order, which addresses vulnerabilities exposed by recent cyberattacks like the Treasury Department hack, emphasizes stronger identity authentication and encryption across government communications. Among the key measures, it calls for improved security of cryptographic keys used by cloud contractors and better access management to prevent future breaches.
Small adult social care providers across the UK are receiving free support to enhance their cyber resilience. Through a partnership between the Digital Care Hub and national experts, the initiative offers tailored cyber vulnerability checks, workshops, and webinars to help providers in the South West, West Midlands, and North West of England. This support aims to improve IT security, prevent cyber incidents, and reassure stakeholders such as commissioners and insurers that care providers are taking necessary cybersecurity steps.
Hong Kong’s Monetary Authority (HKMA) has introduced the Supervisory Incubator for Distributed Ledger Technology (DLT) to guide banks through integrating DLT into their operations safely. The initiative includes support for individual banks, providing a dedicated team to help assess risk management systems through live trials. Initially, the incubator will focus on tokenized deposits, allowing banks to ensure adequate risk management before full-scale implementation.
Bayview Asset Management, a Florida-based mortgage company, will pay a $20 million penalty for a 2021 data breach affecting 5.8 million customers. The breach occurred due to deficient information technology practices, and the company failed to cooperate with regulators during the investigation. The Conference of State Bank Supervisors (CSBS) stated that Bayview had not adequately responded to the regulatory requests for information.
Darktrace has announced its proposed acquisition of Cado Security, a UK-based cybersecurity firm specializing in incident investigation and response. While financial details remain undisclosed, reports suggest the deal could range between $50 million and $100 million, pending regulatory approval. The acquisition will strengthen Darktrace’s capabilities by integrating Cado’s technology with its ActiveAI platform, and Cado’s team will join the cybersecurity giant to enhance its product offerings.
Copyright © 2025 CyberMaterial. All Rights Reserved.
