January 29 2025 – Cyber Briefing

👉 What’s trending in cybersecurity today?

Broadcom, VMware, SQL Injection, OAuth, Airline Travel, Account Hijacking, Apple Processors, Browser Attacks, FleshStealer Malware, Evasion Tactics, PureCrypter, TorNet Backdoor, Phishing Campaign, Germany, Poland, Smiths Group, Unauthorized Access, Frederick Health, Ransomware, Matagorda County, Texas, Virus Cyberattack, France, E.Leclerc, Mid Atlantic Retina, ConnectOnCall, Electronic Privacy Information Center, U.S. PIRG Education Fund, MGM Resorts, Ransomware, Microsoft, Scareware Blocker, PowerSchool

Listen to the full podcast

🚨 Cyber Alerts

1. Broadcom Urges Fix for VMware Avi SQL Flaw

Broadcom has disclosed a critical vulnerability in its Avi Load Balancer, identified as CVE-2025–22217. This unauthenticated blind SQL injection flaw allows attackers with network access to execute malicious SQL queries, potentially leading to unauthorized database access and data breaches. The vulnerability stems from improper input sanitization, making it a serious security risk for organizations using the affected product. With no workarounds available, Broadcom has released patches for all impacted versions, urging administrators to apply the updates immediately to prevent exploitation and safeguard sensitive data.

2. OAuth Flaw Exposes Airline User Accounts

A newly discovered vulnerability in an online travel service used for hotel and car rental bookings could have exposed millions of airline customers to account hijacking. The flaw, disclosed by cybersecurity researchers from Salt Labs, affects the integration between airlines and the rental service, enabling attackers to impersonate users. Exploiting the flaw allowed attackers to gain unauthorized access to any user’s account, perform actions like booking with the victim’s airline loyalty points, cancel or modify bookings, and more. This vulnerability impacted numerous commercial airline services that offered hotel bookings through the service.

3. Apple Processor Flaws Expose Sensitive Data

Researchers from Georgia Institute of Technology and Ruhr University Bochum disclosed critical vulnerabilities in Apple’s modern processors that could expose sensitive data. These flaws, named FLOP and SLAP, are linked to Apple’s speculative execution implementation, which aims to predict memory access. When these predictions are wrong, attackers can exploit the mispredictions to retrieve private data. These vulnerabilities affect processors starting with the M2 and A15 generations.

4. FleshStealer Malware Targets Sensitive Data

FleshStealer, a newly discovered information-stealing malware, is emerging as a significant cyber threat in 2025. It employs advanced evasion techniques, including encryption, VM detection, and the ability to terminate its operations when debugging tools are present, making it highly resistant to forensics analysis. The malware specifically targets Chromium and Mozilla-based web browsers, extracting data from over 70 extensions, crypto wallets, and 2FA settings, and even resetting Google cookies to hijack sessions.

5. PureCrypter Deploys TorNet Backdoor

A financially motivated threat actor is behind a phishing campaign targeting Poland and Germany, delivering a variety of payloads such as Agent Tesla, Snake Keylogger, and the newly discovered TorNet backdoor. The attack begins with deceptive emails containing fake receipts or money transfer confirmations and compressed attachments. Once extracted, PureCrypter malware is deployed, which launches the TorNet backdoor, allowing the attacker to control the victim’s machine through the TOR network while evading detection with anti-analysis techniques.

💥 Cyber Incidents

6. Smiths Group Discloses Cybersecurity Breach

Smiths Group, a prominent London-based engineering company, disclosed a cybersecurity breach following unauthorized access to its systems. The multinational firm, employing over 15,000 people, operates in various industries, including aerospace and defense. While the company took immediate action to isolate affected systems and activate its business continuity plans, it is still investigating the potential impact of the breach.

7. Frederick Health Investigates Ransomware

On January 27, 2025, Frederick Health, based in Maryland, announced that it had fallen victim to a ransomware attack. The breach led to disruptions in its operations, causing delays in certain services as the organization took its IT systems offline to contain the incident. While all Frederick Health facilities remained open, the attack prompted the healthcare provider to initiate a partnership with third-party cybersecurity experts to investigate the extent of the breach.

8. Matagorda County Texas Hit by Virus Attack

Matagorda County, Texas, declared a disaster following a cyberattack that compromised several internal systems. The breach, identified early Friday, was caused by a virus affecting multiple departments and leading to disruptions in county operations. Cybersecurity experts are working with officials to restore online services, but the cause of the disruption remains under investigation. Emergency services were not impacted, and no group has claimed responsibility for the attack.

9. E Leclerc Cyberattack Exposes Customer Data

E.Leclerc, a major French retailer, was recently targeted by a cyberattack that compromised sensitive data linked to its Energy Rewards program. Hackers accessed personal information, including names, email addresses, and financial details, with potential risks of credential theft. As cyberattacks surge in France, with over 30 incidents recorded between September and November 2024, the company has implemented immediate security measures, including mandatory password resets and user recommendations to update similar credentials across other platforms.

10. Mid Atlantic Retina Notifies of Data Breach

Mid Atlantic Retina, also known as WillsEye Physicians, recently reported a data breach linked to ConnectOnCall.com, a business services company that handles after-hours phone calls for healthcare providers. The breach, which occurred between February 16 and May 12, 2024, exposed sensitive patient information, including names, phone numbers, birth dates, medical record numbers, and medical histories. After the breach was discovered, Mid Atlantic Retina took immediate steps to investigate and notify affected individuals through breach letters.

📢 Cyber News

11. Almost Half of US State Privacy Laws Fail

A recent report reveals that nearly half of state consumer privacy laws fall short of adequately protecting individuals’ data. According to the Electronic Privacy Information Center (EPIC) and U.S. PIRG Education Fund, eight out of 19 states failed to meet privacy standards. While Maryland and California have enacted robust laws, many states still have weak protections, allowing companies to misuse consumer data. Lawmakers in states like Vermont and Maine are pushing for stronger laws, aiming to ensure better privacy safeguards for residents.

12. MGM to Pay 45 Million for Cyberattacks

MGM Resorts International has agreed to pay $45 million to settle class action lawsuits related to data breaches from 2019 and a ransomware attack in 2023. The breaches, which affected over 37 million customers, saw hackers access personal information such as names, addresses, passport numbers, and social security numbers. The settlement, which will be distributed in tiered payments, also covers legal fees, administration costs, and identity theft protection services for victims.

13. Ransomware Attacks Lead to Shutdowns in 2024

A recent Ponemon Institute report revealed that 58% of organizations hit by ransomware in 2024 had to shut down operations for recovery, a significant increase from 45% in 2021. The financial and reputational toll of these attacks has worsened, with nearly 40% of victims experiencing major revenue loss and 35% reporting brand damage. While companies have recovered faster in 2024, with remediation times averaging 132 hours, the costs are still high, averaging $146,685 per incident.

14. Microsoft Introduces Scareware Blocker Tool

Microsoft has launched a new “scareware blocker” tool that utilizes machine learning and computer vision to combat online scams. The tool targets “scareware” scams, often disguised as fake antivirus programs, tricking users into installing malicious software or paying for unnecessary services. Through the Edge browser’s preview program, users can activate the feature, which blocks full-screen scam attempts and prevents further exploitation.

15. PowerSchool Notifies Millions of Breach

PowerSchool, a leading U.S. edtech company, has begun notifying individuals impacted by a data breach that took place in December 2024. Hackers gained access to the company’s customer support portal using a stolen account credential, compromising sensitive data from millions of students and teachers. PowerSchool is still reviewing the full extent of the breach, which is known to affect more than 62 million students and nearly 10 million teachers, though precise figures are still unclear.