π What’s the latest in the cyber world today?
DoNot Team, Tanzeem, Android Malware, Azure DevOps, Server-Side Request Forgery, OpenVPN, Easy-RSA Encryption Tool, Ukraine Computer Emergency Team, AnyDesk, TP-Link Routers, Swiss Websites, DDoS Attacks, Philippines National Bureau of Investigation, Data Breach, CODAC Behavioral Health, Iannuzzi Manetta Co, Allegheny Health Network, OWASP, Smart Contract, US Coast Guard, Cybersecurity Rules, Former CIA Analyst, US Department of Justice, Privacy Professionals, Compliance Challenges, United Arab Emirates Cyber Security Council, Cyberattacks Surge
Listen to the full podcast
π¨Β Cyber Alerts
The hacking group DoNot Team has been linked to new Android malware named Tanzeem and Tanzeem Update, designed to gather intelligence through highly targeted cyberattacks. The apps, disguised as chat applications, request sensitive permissions, enabling them to collect call logs, contacts, locations, and more. Cyfirma noted the malware uses push notifications to deploy additional threats, revealing the group’s evolving tactics for intelligence gathering.
Researchers discovered several Server-Side Request Forgery (SSRF) vulnerabilities in Azure DevOps, exposing significant security weaknesses in its cloud-based development environment. These flaws enabled unauthorized access to internal services, with one vulnerability allowing outbound requests using valid Azure tokens. Despite previous fixes from Microsoft, the researcher demonstrated that these could be bypassed using techniques like DNS rebinding. The findings underscore the critical need for stronger API security and access controls to protect sensitive data and prevent privilege escalation in cloud systems.
A major security flaw identified as CVE-2024-13454 affects OpenVPN Easy-RSA tool versions 3.0.5 to 3.2.0 using OpenSSL 3. The vulnerability causes the tool to incorrectly use the outdated des-ede3-cbc cipher instead of the more secure aes-256-cbc, exposing password-protected Certificate Authority private keys to brute-force attacks. To mitigate the risk, affected users are urged to re-encrypt the private keys using the correct cipher and upgrade to version 3.2.0 or later for enhanced security.
The Computer Emergency Response Team of Ukraine (CERT-UA) has issued a warning about ongoing phishing attempts in which threat actors impersonate the agency to exploit user trust. These attackers send AnyDesk connection requests claiming to conduct a security audit to assess the “level of security.” CERT-UA emphasized that while the agency may occasionally use remote access software like AnyDesk, such actions are always carried out through official communication channels and with prior consent from the owners of the targeted systems.
A severe vulnerability identified as CVE-2024-54887 has been found in TP-Link TL-WR940N routers, allowing remote attackers to execute arbitrary code without authentication. This flaw arises from improper validation of HTTP parameters, particularly the DNS server settings for IPv6. Attackers can exploit this vulnerability through stack buffer overflow, which can overwrite critical memory regions, enabling the execution of arbitrary code on the device. Researchers have developed a proof-of-concept (PoC) exploit, demonstrating the risks associated with the flaw.
Β 
π₯ Cyber Incidents
Russian hacker group NoName is believed to be behind a series of DDoS attacks that targeted Swiss municipalities and banks during the World Economic Forum in Davos. The attacks affected the cantonal banks of Zurich and Vaud, along with the municipalities of Adligenswil, Kriens, and Ebikon in Lucerne. These DDoS attacks, which flood websites and applications with excessive requests, made the affected sites inaccessible but did not result in data breaches. This marks another high-profile assault for NoName, who previously disrupted several Swiss government websites in June 2023.
The National Bureau of Investigation (NBI) in the Philippines has suffered a significant data breach, with the hacker “Zodiac Killer” taking responsibility. The leak, which contains over 3.6 GB of sensitive personal and financial data, includes full names, addresses, and transaction details from 45 million rows of data spanning 2016-2024. The breach raises concerns about the exposure of NBI clearance information, often used for legal and employment purposes, putting millions at risk of identity theft and cybercrime.
CODAC Behavioral Health, Rhode Islandβs largest non-profit opioid treatment provider, reported a data breach following a cyberattack in July 2024. The breach, which involved 9GB of stolen data, was later claimed by the ransomware gang Qilin. CODACβs investigation revealed that personal information including medical records, Social Security numbers, and health insurance details were accessed. While the organization is offering 24 months of credit monitoring to those affected, it has not confirmed the ransom demand or the total number of impacted individuals.
Iannuzzi Manetta & Co, P.C. and its subsidiary Iannuzzi & Darling LLC reported a data breach on January 17, 2025, after discovering that unauthorized parties encrypted its network. The breach exposed sensitive consumer information, including names, driverβs license numbers, Social Security numbers, medical records, and financial details. The company began notifying affected individuals, revealing that the breach had been ongoing since August 2024, when hackers encrypted the network and shut down operations.
On January 17, 2025, Allegheny Health Network (AHN) reported a data breach after an incident involving a third-party vendor, IntraSystems, LLC, compromised patient data. The breach, which occurred between October 11 and November 19, 2024, allowed unauthorized access to sensitive information, including names, Social Security numbers, medical treatment details, and financial information. AHN has notified affected individuals and is sending them data breach letters to detail the extent of the compromised data
Β 
π’ Cyber News
The Open Web Application Security Project (OWASP) has unveiled its updated Smart Contract Top 10 for 2025, which highlights the most critical vulnerabilities in smart contract development. The guide serves as an essential resource for developers and security teams working in the Web3 environment to protect their contracts from exploitation. The 2025 update includes vulnerabilities such as access control issues, reentrancy attacks, and flash loan exploits, reflecting the evolving landscape of blockchain security.
The US Coast Guard has issued a final rule to strengthen cybersecurity measures for US-flagged vessels, Outer Continental Shelf (OCS) facilities, and others covered under the Maritime Transportation Security Act. The updated regulations require the creation of a comprehensive Cybersecurity Plan, the designation of a Cybersecurity Officer (CySO), and various actions to safeguard the Marine Transportation System (MTS) against emerging cyber threats. The rule, effective July 16, 2025, also includes provisions for public comments regarding a possible delay in implementation for US-flagged vessels, with the comment deadline set for March 18, 2025.
Asif William Rahman, a former CIA analyst, has pleaded guilty to two counts of willful retention and transmission of classified information, including sensitive details about Israel’s military plans. Rahman accessed, printed, and shared top secret documents on social media, causing a major embarrassment to the U.S. government. In an attempt to cover his tracks, he destroyed personal devices and fabricated false narratives. Rahman now faces up to 10 years in prison for his actions, which led to a significant security breach.
ISACA’s State of Privacy 2025 survey reveals that 63% of privacy professionals feel more stressed today compared to five years ago. The survey, based on feedback from over 1,600 global experts, highlights key stress factors including the rapid evolution of technology, compliance challenges, and resource shortages. Despite these pressures, the study also shows positive trends, with an increasing number of organizations aligning privacy strategy with business objectives and more privacy professionals being hired in key roles.
The United Arab Emirates (UAE) Cyber Security Council reported a staggering increase in cyberattacks, with over 200,000 daily incidents targeting strategic sectors. These attacks, originating from cyberterrorist groups in 14 countries, have been precisely tracked and countered using advanced global methods. Among the targeted sectors, the government sector suffered the highest frequency, accounting for 30%, followed by financial, education, technology, aviation, and healthcare sectors.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
