👉 What are the latest cybersecurity alerts, incidents, and news?

Star Blizzard, WhatsApp, UEFI Secure Boot, Malicious Code, Keyloggers, Stealers, Microsoft, NTLMv1, Active Directory, Tunneling Protocol, Chinese Hackers, Janet Yellen, U.S. Treasury, Greek Government, DoS Attack, Idols NFT, Smart Contract, Cascade Financial Services, Employee Email Breach, Tenki.jp, Network Disruptions, Biden Executive Order, US Cybersecurity, FTC, Children’s Online Privacy, Consent Requirements, North Korean IT Network, Weapons Programs, GDPR, Chinese Tech Firms, General Motors, Sensitive Driver Data, Data Brokers

Listen to the full podcast

🚨 Cyber Alerts

1. Star Blizzard Targets WhatsApp Accounts

Star Blizzard, the Russian-linked threat actor, has launched a new spear-phishing campaign targeting WhatsApp accounts, marking a deviation from its usual methods. The group, also known as SEABORGIUM, has typically targeted government officials, diplomats, and defense experts, especially those involved in Russia-related issues. This new strategy aims to bypass detection while continuing its attempts to harvest sensitive data from key sectors.

2. New UEFI Vulnerability Bypasses Secure Boot

A newly discovered UEFI vulnerability, CVE-2024–7344, has raised serious concerns about the security of the Secure Boot mechanism. The flaw, identified by ESET, affects a signed UEFI application used by various third-party real-time recovery software vendors, allowing attackers to bypass Secure Boot protections. This flaw enables the execution of untrusted code during the system boot process, which can lead to the deployment of malicious UEFI bootkits on affected systems.

3. Misconfiguration Lets NTLMv1 Bypass Security

Cybersecurity researchers found that a misconfiguration in on-premise applications can bypass Microsoft’s Active Directory Group Policy designed to disable NTLMv1 authentication. This flaw leverages a setting in the Netlogon Remote Protocol that allows NTLMv1 authentication, even when NTLMv2 is required, making it possible to circumvent the Group Policy’s security measures. Organizations must ensure proper configurations, monitor NTLM authentication, and stay up-to-date on patches to avoid potential exploitation of these vulnerabilities.

4. Malware Hidden in Images to Bypass Security

Threat actors have recently been observed using a novel tactic of concealing malicious code within images to deliver malware, such as VIP Keylogger and 0bj3ctivity Stealer, across different campaigns. According to a report by HP Wolf Security, these campaigns involved hiding the malicious code in images hosted on archive[.]org, a file-hosting site. In both cases, attackers used the same .NET loader to deploy their payloads, bypassing security defenses to install the malware. The initial point of contact for the victim is usually a phishing email, often disguised as invoices or purchase orders, which lures recipients into opening malicious attachments like Microsoft Excel files.

5. 4 Million Systems Exposed to Tunneling Flaws

New research has uncovered vulnerabilities in tunneling protocols that affect over 4 million systems, including VPN servers and home routers. The study, led by Professor Mathy Vanhoef and PhD student Angelos Beitis from KU Leuven in Belgium, reveals that misconfigured systems fail to verify the sender’s identity, allowing threat actors to exploit the vulnerabilities. These attacks can be used for DoS, DNS spoofing, and gaining access to internal networks, with over 1.8 million spoofing-capable systems identified, mostly in China and France.

💥 Cyber Incidents

6. US Secretary Yellen’s Computer Hacked

In December 2024, Chinese state-sponsored hackers breached the U.S. Treasury Department, targeting key workstations, including that of Secretary Janet Yellen. The breach exploited vulnerabilities in third-party software from BeyondTrust, which provides remote access management services. Hackers gained access to over 3,000 unclassified files across 419 Treasury workstations, with fewer than 50 files accessed from Yellen’s computer. Despite the intrusion, classified systems and email servers remained unaffected, limiting the overall damage.

7. DoS Attack Disrupts Greek Government Apps

A Denial of Service (DoS) cyberattack recently hit the SYZEFXIS network, impacting various public services on Greece’s gov.gr platform. The Ministry of Digital Governance confirmed that the attack, originating from abroad, caused significant connectivity issues, including slow response times for several government applications. The SYZEFXIS network, which is part of an ongoing initiative to enhance Greece’s public sector data infrastructure, experienced disruptions, including problems with Taxisnet access. As of Thursday afternoon, the Ministry assured the public that efforts were being made to restore the network to full functionality, and services would be back to normal as soon as possible.

8. Idols NFT Exploit Leads to $324000 Loss

The Idols NFT project suffered a major exploit on January 15, 2025, where an attacker exploited a vulnerability in the smart contract’s reward distribution system. By taking advantage of flawed logic in the _beforeTokenTransfer function, the attacker was able to repeatedly claim stETH rewards by conducting self-transfers of NFTs, resulting in a loss of around $324,000. Despite having previous audits, this flaw was not identified, and the project team is now working to resolve the issue and improve the security of the system.

9. Cascade Financial Services Reports Breach

Southwest Stage Funding, also known as Cascade Financial Services, disclosed a cybersecurity breach affecting the personal information of 5,564 individuals. Hackers gained unauthorized access to employee email accounts between July 8 and 9, 2024, potentially exposing sensitive data such as social security numbers, driver’s license numbers, and names. While there is no confirmed evidence of identity theft or fraud, the company is taking precautionary measures to protect affected individuals.

10. Tenki.jp Faces Network Disruptions from DDoS

Tenki.jp, a popular Japanese weather forecasting service managed by the Japan Meteorological Association, has been experiencing accessibility issues since January 15, 2025, at 7:51 AM JST due to a DDoS attack causing network congestion. This platform is essential for providing weather forecasts, radar images, and live updates on various meteorological conditions, which users rely on for daily planning, travel, and disaster preparedness. The attack has disrupted both the website and the mobile app, making some web-based content difficult to load.

📢 Cyber News

11. Biden Signs Executive Order on Cybersecurity

Days before leaving office, President Joe Biden signed an executive order aimed at enhancing the United States’ cybersecurity framework. This order makes it easier to impose sanctions on hackers and ransomware groups targeting critical infrastructure and federal agencies. With threats from foreign actors like China, Russia, and Iran increasing, Biden’s order expands on previous measures to strengthen the nation’s defense against cyberattacks. The executive order also tackles critical issues such as improving software security, securing federal communications, and promoting artificial intelligence in cybersecurity.

12. FTC Updates COPPA to Strengthen Privacy

The Federal Trade Commission (FTC) has announced updates to the Children’s Online Privacy Protection Act (COPPA) aimed at enhancing privacy protections for children online. The new rule, set to take effect 60 days after its publication, requires parents to opt-in and explicitly approve targeted advertising for their children, marking a significant shift from previous regulations. Additionally, the updated rule limits how long companies can retain children’s personal data, aiming to prevent its misuse and reduce the chances of data monetization.

13. US Sanctions North Korean IT Worker Network

The U.S. Treasury Department has sanctioned individuals and front companies tied to North Korea’s Ministry of National Defense involved in illegal IT work schemes. These operations have generated significant revenue for the North Korean regime, helping fund its weapons programs and support Russia’s war in Ukraine. The U.S. continues to take measures to disrupt such activities, with U.S. organizations and citizens now prohibited from dealing with the sanctioned entities.

14. Noyb Files Complaints Against Chinese Firms

Non-profit privacy advocacy group Noyb has filed six complaints against Chinese tech companies, accusing them of transferring European user data to China and violating GDPR. The group, founded by Max Schrems, claims that these companies fail to protect users’ privacy and comply with European data protection laws. Noyb has taken legal action against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, highlighting concerns about unauthorized access to personal data by Chinese authorities.

15. FTC Bans GM from Selling Sensitive Data

The Federal Trade Commission (FTC) has reached a settlement with General Motors (GM) and its subsidiary OnStar over privacy violations involving the sale of sensitive geolocation and driving behavior data. The automaker is now banned from selling this data to third-party brokers for five years. The FTC’s decision comes after GM shared millions of customers’ data with data brokers, which was used for insurance purposes without proper consumer consent. GM was also accused of misleading customers about how their data was collected, used, and shared, failing to provide clear and explicit choices regarding data privacy.

Copyright © 2025 CyberMaterial. All Rights Reserved.