π Whatβs going on in the cyber world today?
Python Malware, RansomHub, MikroTik Botnet, DNS Flaws, Fake Google Ads Campaign, Credentials, Hijack Accounts, California Wildfire, Phishing Scams, Lazarus Group, Web3 Developers, Cryptocurrency Data, University of Oklahoma, Ransomware Attack, Belsen Group, FortiGate Devices, Data Leak, Dark Web, Carruth Compliance Consulting, Employee Records, Gateshead Council, Cyberattack, Fredericksburg City Public Schools, PowerSchool Cyber Incident, UN Security Council, Spyware Threat, Diplomats, EU Cybersecurity Plan, Hospitals, Cyberattack Threats, CISA, Microsoft 365 Cloud Logs, FTC, GoDaddy, Apple Internship
Listen to the full podcast
π¨Β Cyber Alerts
1. Python Malware Enables RansomHub Ransomware
Cybersecurity experts uncovered a sophisticated attack involving a Python-based backdoor used to spread RansomHub ransomware across compromised networks. The attack began with SocGholish malware, disguised as fake browser updates and delivered through malicious websites. Once SocGholish established a foothold, the Python backdoor was deployed within 20 minutes, using a SOCKS5-based reverse proxy to facilitate lateral movement through Remote Desktop Protocol (RDP) sessions.
2. MikroTik Devices Used in Large Botnet Attack
A newly identified botnet of 13,000 MikroTik devices exploits misconfigured DNS records to bypass email protections and deliver malware by spoofing approximately 20,000 web domains. Researchers at Infoblox found that the botnet leveraged improperly configured sender policy framework (SPF) records, using the overly permissive β+allβ setting to allow any server to send emails on behalf of a domain. This vulnerability enabled the attackers to send malicious emails impersonating reputable entities like DHL Express, delivering fake freight invoices containing ZIP files with JavaScript payloads.
3. Google Ads Phishing Campaign Targets Users
Cybersecurity researchers have warned of a new malvertising campaign targeting Google Ads users. The campaign uses fraudulent ads to redirect victims to fake login pages designed to steal credentials and two-factor authentication codes. These stolen credentials are then used to hijack Google Ads accounts, allowing the attackers to run their own fraudulent ads and further perpetuate the scam.
4. Cybercriminals Exploit California Wildfires
Cybercriminals are taking advantage of the California wildfires by launching phishing campaigns using deceptive domains. Researchers at Veriti identified several fake domains like βmalibu-firecomβ that closely resemble legitimate services offering fire-related assistance. These fraudulent sites aim to steal personal information or install malware by exploiting the chaos and urgency surrounding the disaster. Although no active email campaigns have been detected yet, Veriti warns that these domains could soon host phishing attacks, fake donation requests, and malicious downloads.
5. Lazarus Lures Developers to Deploy Malware
The Lazarus Group, linked to North Korea, has been found behind a new cyber attack campaign called Operation 99. Targeting software developers in the Web3 and cryptocurrency sectors, the campaign begins with fake recruiters on platforms like LinkedIn, offering project tests and code reviews. Once a victim is enticed, they are directed to clone a malicious GitLab repository that embeds malware into their environment, connecting to command-and-control servers and stealing sensitive data.
π₯ Cyber Incidents
6. University of Oklahoma Addresses Cyberattack
The University of Oklahoma is currently investigating an unusual cyber event after discovering suspicious activity on its network. The institution, which serves over 34,000 students, appeared on the leak site of a ransomware group claiming to have stolen 91 MB of sensitive data, including employee records and financial information. While the university has isolated affected systems and is taking steps to address the issue, it has not provided specific details regarding the cause of the breach or the systems impacted. The university joins a growing list of educational institutions targeted by ransomware groups, particularly during times of reduced staffing such as the holiday season.
7. Belsen Group Leaks FortiGate Devices Data
A new hacking group, the Belsen Group, has leaked sensitive technical information for over 15,000 FortiGate devices on the dark web, including VPN credentials, configuration files, and IP addresses. The group, which made its debut in cybercrime forums earlier this month, released a 1.6 GB archive containing data that could put both governmental and private sector networks at risk. Cybersecurity experts believe the leak is related to the exploitation of a 2022 zero-day vulnerability (CVE-2022β40684) in FortiGate devices.
8. Carruth Compliance Consulting Data Breach
A cybersecurity breach at Carruth Compliance Consulting, a retirement plan administrator in Oregon, exposed sensitive data of thousands of current and former employees across several Portland-area school districts. The breach, discovered in December 2024, affects employees from districts including Portland Public Schools, Beaverton School District, and Hillsboro School District. Although the exact nature of the compromised data has not been fully revealed, officials confirmed that it involved sensitive retirement account information. School officials have urged both current and former employees dating back to 2009 to take steps to protect their identities, with guidance and resources provided on district websites.
9. Gateshead Council Cyberattack Exposes Data
Gateshead Council in the UK was recently hit by a cyberattack, exposing personal data of residents. The breach, which took place on 8 January, has affected an unknown number of individuals, with officials urging people to be vigilant for phishing scams and suspicious activity. The council has assured that the threat has been contained quickly, but investigations are ongoing. While no further damage has been confirmed yet, the situation remains under review, with authorities working to mitigate any potential risks.
10. Fredericksburg City Schools Cyberattack
On January 7, Fredericksburg City Public Schools (FCPS) in Virginia confirmed it was among the many institutions affected by a cybersecurity breach at PowerSchool, a provider of education administration software. The breach, which took place in late December 2024, exposed sensitive data related to students and employees in numerous school systems across the country. PowerSchool, which manages information for over 60 million students, has since restored the security of its systems.
π’ Cyber News
11. UN Security Council Talks Commercial Spyware
The United Nations Security Council held its first-ever discussion on the growing threat posed by commercial spyware, focusing on the need for stronger protections and actions against its abuse. The meeting, known as an Arria-formula session, was called to address pressing concerns outside the usual full council meetings. During the session, senior U.S. diplomat Amb. Dorothy Camille Shea emphasized the need to strengthen export controls, curb the unchecked proliferation of these surveillance technologies, and seek justice for the victims affected.
12. EU Launches Cybersecurity Plan for Hospitals
The European Union has announced an enhanced cybersecurity action plan to protect hospitals and the healthcare sector from escalating cyberattacks. Following a series of high-profile attacks across Europe since the COVID-19 pandemic, the European Commission is ramping up efforts to bolster the sectorβs resilience. The plan includes the creation of a European Cybersecurity Support Center and rapid-response teams to provide critical tools, early warnings, and expert guidance to healthcare organizations facing cyber threats. The initiative also introduces financial support, such as cybersecurity vouchers for small hospitals, to improve their defenses against ransomware and other cyber risks.
13. CISA Offers New Cloud Logging Guidance
CISA provided guidance on utilizing expanded Microsoft 365 cloud logs to aid forensic and compliance investigations for government agencies and enterprises. These logs, introduced as part of Microsoft Purview Audit (Standard), offer insights into critical events such as mail activity and user searches within Exchange Online and SharePoint Online. The expanded logging capabilities enhance threat-hunting efforts, targeting business email compromises and advanced cyber threats.
14. FTC Targets GoDaddy Over Cyber Failures
The Federal Trade Commission has cracked down on GoDaddy for years of cybersecurity deficiencies, which led to multiple breaches from 2019 to 2022. GoDaddyβs failure to implement standard security measures exposed customersβ data and redirected them to malicious sites. Under the proposed settlement, GoDaddy will be required to overhaul its security practices, implement industry-standard protections, and retain an external firm to regularly assess its cybersecurity improvements.
15. Apple Opens Information Security Internship
Apple Inc. is now accepting applications for its Information Security Internship, inviting students passionate about cybersecurity to join one of the worldβs leading tech companies. This full-time role offers interns the opportunity to gain hands-on experience while contributing to the security of Appleβs systems. Interns will work on exciting projects such as software engineering, application security, penetration testing, and digital forensics, all while receiving mentorship from industry experts.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
