π What’s going on in the cyber world today?Β
Ross Ulbricht, X Scam, Telegram Verification, Tycoon 2FA, Phishing Kit, MFA, Detection Techniques, Critical Cookie Sandwich, HttpOnly Vulnerability, Data Theft, Triplestrength, Cloud, Cryptojacking, Cisco, Meeting Management Vulnerability, Nasdaq, Memecoin Scam, Conduent, Cybersecurity Incident, Service Disruption, Iwate Asahi Television, Ransomware, BCP Council, Email Mishap, Recipient Addresses, Phemex, Crypto Exchange, Blockchain Outflows, Homeland Security Advisory Board, Australian Taskforce, Election Threats, LinkedIn Lawsuit, AI Models, Denmark, Water Infrastructure, Cybersecurity Threat, NY, Citi, Fraud Protection.
Listen to the full podcast
π¨Β Cyber Alerts
Cybercriminals are capitalizing on the news of Ross Ulbricht’s release to spread malware through a deceptive campaign on X. Exploiting public interest, they utilize fake, yet verified, Ross Ulbricht accounts to lure unsuspecting users to a malicious Telegram channel disguised as an official communication platform. This channel then employs a “Click-Fix” tactic, a strategy that has gained significant traction among threat actors over the past year, where users are tricked into running PowerShell code under the pretense of a mandatory identity verification process. This ultimately leads to the download and execution of malware, potentially granting attackers remote access to compromised devices and paving the way for further malicious activities like ransomware attacks or data theft.
Threat researchers at Barracuda are sounding the alarm about a new version of the Tycoon 2FA phishing kit that’s even more sophisticated than before. This updated kit is specifically designed to steal Microsoft 365 logins, even if you use multi-factor authentication. It uses a variety of sneaky tricks, like sending phishing emails from real accounts and hiding its code from security software. With Tycoon 2FA becoming harder to detect, everyone needs to be extra careful about clicking links or opening attachments in emails, even if they look legitimate.
Cybersecurity experts are warning about a new attack technique dubbed the “cookie sandwich” that can steal sensitive data like session IDs, even when websites use the HttpOnly flag for protection. This attack exploits weaknesses in how some web servers interpret cookie information, allowing attackers to manipulate cookie headers and trick the server into revealing protected data. By crafting malicious cookie values with special characters and quotes, attackers can bypass security measures and gain unauthorized access to sensitive information, potentially leading to session hijacking and data theft.
Google’s Threat Horizons Report reveals that the financially motivated group TRIPLESTRENGTH exploits cloud environments for cryptojacking and on-premises ransomware attacks. The group employs stolen credentials and cookies, leveraging platforms like Google Cloud, AWS, and Microsoft Azure to mine cryptocurrency and conduct ransomware campaigns. Google has implemented stronger multi-factor authentication and logging to counter these threats, emphasizing the critical importance of securing cloud and on-premises systems against evolving attack vectors.
Cisco has released patches to fix a critical flaw in Meeting Management that could let attackers gain administrator privileges on vulnerable systems. The vulnerability, CVE-2025-20156, results from improper REST API authorization and has a CVSS score of 9.9. Cisco urges immediate updates to affected versions to prevent potential exploits and safeguard system integrity.
Β 
π₯ Cyber Incidents
Hackers took control of Nasdaq’s official X account on January 22, 2025, to promote a fake memecoin called “STONKS,” causing its market cap to surge to $80 million. The fraudulent activity quickly raised concerns about the vulnerability of high-profile accounts on social media platforms, despite robust authentication measures. After Nasdaq regained control and removed the fake posts, the value of the memecoin plummeted, highlighting the dangers of social media manipulation in the cryptocurrency space and sparking discussions about improved cybersecurity practices for both individuals and corporations.
Conduent, a U.S. government contractor, has confirmed that a recent outage affecting services like child support and food assistance was caused by a cybersecurity incident. Although the company declined to provide specifics on whether the incident involved system compromise or data exfiltration, it reassured the public that all systems have been restored. Conduent emphasized the importance of maintaining system integrity and functionality, but did not share additional details regarding the nature of the attack.
Iwate Asahi Television in Japan faced a ransomware attack on January 11, 2025, encrypting internal server files. The IT team swiftly identified and isolated the compromised terminal, restoring affected systems by January 21 with the help of investigators. Early findings showed no evidence of personal data breaches or external network impacts. The company is now analyzing the attack and exploring enhanced security measures to prevent recurrence.
BCP Council in the UK faced a data mishap when an officer emailed hundreds of recipients without blind copying, inadvertently revealing email addresses. The email related to a new land charges system set for March implementation. Although the email was quickly recalled and deemed low risk as most addresses were business-related, the council apologized to those affected. The incident highlights the importance of adhering to email privacy protocols in minimizing data risks.
Phemex crypto exchange has flagged nearly $30 million in suspicious outflows across major blockchains, including BNB, Polygon, Arbitrum, and Base. Blockchain security firm Cyvers reported that the funds were transferred by suspicious addresses, which have begun converting assets to Ethereum. While the cause of the transactions remains unclear, concerns are growing over potential hacking activities.
Β 
π’ Cyber News
The Trump administration has terminated all memberships on advisory committees reporting to the Department of Homeland Security (DHS), including those within the Cybersecurity and Infrastructure Security Agency (CISA). Acting DHS Secretary Benjamine C. Huffman directed the move in a memo on January 20, 2025, to focus future committee efforts on national security priorities. This includes disbanding the Cyber Safety Review Board (CSRB), which had previously issued critical reports on cybersecurity incidents, such as those involving Microsoft and the Apache Log4j flaw. The abrupt dissolution of these committees has raised concerns, with some politicians speculating that it could be linked to political motives and the influence of corporate donations.
Australiaβs Electoral Integrity Assurance Taskforce has identified key threats to the 2025 federal election, including foreign interference, cybersecurity risks, physical security concerns, and misinformation. The taskforce is collaborating with government agencies such as the Australian Federal Police and Australian Signals Directorate to address these vulnerabilities and ensure a secure election.
LinkedIn is facing a lawsuit from its Premium customers, accusing the platform of disclosing their private messages to third parties to train artificial intelligence models without their consent. The class action, filed in San Jose federal court, claims LinkedIn made unauthorized updates to its privacy policy in September 2024, allowing customer data to be shared for AI training. The lawsuit seeks damages for breach of contract and violations of the federal Stored Communications Act, with potential compensation for each affected individual.
Denmarkβs water infrastructure has been identified as being at “very high” risk of cyber attacks, according to the national Centre for Cybersecurity (CCS). The first official assessment highlighted that the water sector is crucial to Denmark’s critical infrastructure, with potential disruption to drinking water supplies posing severe consequences. Authorities have raised alarms about the need for enhanced protection to secure the country’s water systems from cyber threats.
New York Attorney General Letitia James achieved a legal victory after a judge ruled that Citi misapplied laws regarding fraud protection and reimbursement. The lawsuit, filed in January 2024, claims that Citi’s inadequate security and fraud prevention practices led to millions of dollars in losses for customers. Judge Oetken’s decision allows the case to proceed, potentially holding Citi accountable for not reimbursing victims of fraud as required under the Electronic Fund Transfer Act.
Copyright Β© 2025Β CyberMaterial. All Rights Reserved.
