March 11, 2025 – Cyber Briefing

👉 What’s the latest in the cyber world today?

Binance Impersonation Scam, Fake TRUMP Coins, ConnectWise RAT, CISA, Exploited Vulnerabilities, Advantive VeraCore, Ivanti, SideWinder APT, Maritime, Logistics, Nuclear, Microsoft Time Travel Debugging, SCADA Products, Critical Infrastructure, Elon Musk, X Platform, Elite Bronx School, Ransomware Attack, University of Rennes, Funksec, Australia, New Zealand, ANZCTR, Research Delays, Clinical Trials, France, Bouches-du-Rhône Department, Pro-Russian Hackers, U.S. Federal Trade Commission, Scams, $12.5 Billion Loss, Switzerland, 24-Hour Cyberattack Reporting, New York Attorney General, National General, Allstate, Data Breaches, ServiceNow, Moveworks, AI Solutions, Cobalt Strike Abuse, Global Takedown Efforts.

Listen to the full podcast

🚨 Cyber Alerts

1. Binance Scam Uses TRUMP Coins to Spread RAT

A phishing campaign is targeting victims by impersonating Binance, offering free TRUMP Coins in exchange for completing “special trading tasks.” The email appears convincing, featuring Binance’s branding and providing a series of warnings to build trust with the target. However, when victims download the files, they unknowingly install ConnectWise RAT, which allows attackers to gain remote access and control of the victim’s computer within minutes.

2. CISA Adds New Vulnerabilities to KEV List

CISA recently added five security flaws to its Known Exploited Vulnerabilities catalog, which impact Advantive VeraCore and Ivanti Endpoint Manager. These vulnerabilities are actively exploited, with the VeraCore flaws attributed to the XE Group, a Vietnamese threat actor. The flaws in Ivanti EPM, although not fully weaponized yet, have been linked to potential credential coercion attacks. Federal agencies are urged to apply patches for these vulnerabilities by March 31, 2025, to safeguard their systems.

3. SideWinder Hits Maritime and Nuclear Sectors

SideWinder, an advanced persistent threat group, has significantly expanded its targeting of maritime, logistics, and nuclear sectors. The group’s attacks have affected countries in South Asia, Southeast Asia, the Middle East, and Africa, including maritime, IT, and energy sectors. Utilizing spear-phishing emails and exploiting vulnerabilities in Microsoft Office, SideWinder deploys malware to extract sensitive data from compromised systems, continuously adapting to evade detection and maintain persistence.

4. Security Flaws in Microsoft Debugging Tool

Microsoft’s Time Travel Debugging (TTD) framework, a vital tool used for capturing and replaying Windows program executions, was found to have critical flaws in its CPU instruction emulation, according to Mandiant’s investigation. These errors, ranging from discrepancies in instruction handling to truncated outputs, could hinder security analyses, potentially allowing attackers to evade detection and compromising malware investigations.

5. High Severity Flaws Found in SCADA Products

Palo Alto Networks disclosed five high-severity vulnerabilities affecting Iconics and Mitsubishi Electric SCADA products. These flaws, found in Genesis64 and MC Works64, can allow attackers with authentication to execute arbitrary code and elevate privileges. With installations in sectors like government, military, and energy, the vulnerabilities pose serious risks to system integrity and availability, potentially leading to disruptions or full control.

💥 Cyber Incidents

6. Elon Musk Blames Cyberattack for X Outages

Elon Musk confirmed that a massive cyberattack led to widespread outages on X, the social media platform. While Musk did not provide specifics about the attackers, he emphasized the scale and coordination of the attack, suggesting involvement from a large group or even a nation. Musk also mentioned that the attack could have originated from the Ukraine region based on the IP addresses observed during the incident. He clarified that such attacks happen regularly, but this one was more resource-intensive and disruptive, further complicating the platform’s operations.

7. RansomHub Leaks Data from Riverdale School

RansomHub, a notorious hacking group, leaked the personal data of students, parents, and faculty from Riverdale Country School after breaching its computer system with ransomware. The group had posted the data on the dark web after a countdown clock expired, including sensitive details such as contact and medical information. Experts warned that paying ransoms supports further criminal activity, and while laws exist to protect data, many private schools remain unprotected under federal regulations.

8. University of Rennes Targeted by Ransomware

The University of Rennes, a prestigious institution in France with 32,000 students, has been targeted by a cyberattack since March 8, 2025. The attack was claimed by the ransomware group Funksec, according to SaxX, an ethical hacker. Funksec threatened to release sensitive data stolen from the university, which reportedly includes 50 GB of personal and institutional information. This data consists of various documents such as PDFs, databases, invoices, passwords, photos, and student details, although the university has not confirmed these claims.

9. ANZCTR Cyberattack Delays Research Trials

A cyberattack on the Australian New Zealand Clinical Trials Registry (ANZCTR) disrupted critical operations for researchers. The attack occurred on February 24, 2025, and led to the ANZCTR website being taken offline shortly after. Sydney University, which operates the registry, confirmed the attack and acted swiftly to secure its systems. The university emphasized that no health data had been compromised, and university systems remained unaffected by the incident. However, the breach exposed personal data, including contact information and passwords, which led to immediate warnings for those impacted.

10. Bouches-du-Rhône Website Hit by Cyberattack

On Monday, March 10, 2025, the website for the Bouches-du-Rhône department in southern France was rendered inaccessible due to multiple cyberattacks. These disruptions have caused significant issues with the site’s functionality, with users being redirected to error pages. Although the department’s services are working to restore the site, the exact cause of the attack remains unconfirmed at this time. However, a pro-Russian hacker group has claimed responsibility for the attack on their Telegram channel.

📢 Cyber News

11. FTC Reports $12.5B Lost to Fraud in 2024

The U.S. Federal Trade Commission (FTC) reported that Americans lost a record $12.5 billion to fraud in 2024, marking a 25% increase from the previous year. Investment scams accounted for the largest losses, totaling around $5.7 billion, followed by imposter scams at $2.95 billion. The FTC also noted that younger people, especially those aged 20 to 29, were more frequently targeted, with nearly half of all reports coming from this group. The rise in job scams was another concerning trend, as losses nearly tripled over the past four years. The majority of fraud incidents occurred online, although phone scams still resulted in higher median losses per individual.

12. Switzerland 24 Hours Cyberattack Reporting

Switzerland’s National Cybersecurity Centre (NCSC) introduced a new rule requiring critical infrastructure organizations to report cyberattacks within 24 hours. This reporting requirement will take effect on April 1, 2025, and applies to critical service providers. These include sectors like energy, water, transportation, and local government organizations. The new regulation mandates that attacks disrupting operations, encrypting data, or involving malware be reported promptly.

13. New York AG Sues Allstate Over Breaches

The New York Attorney General sued National General and Allstate Insurance for failing to protect personal data. National General experienced two data breaches in 2020 and 2021, exposing sensitive information of over 165,000 New Yorkers. The lawsuit claims that the insurance companies’ inadequate cybersecurity measures led to the breaches and that they failed to notify impacted consumers.

14. ServiceNow Acquires Moveworks for $2.85B

ServiceNow has made a strategic move by acquiring the AI startup Moveworks for $2.85 billion, marking its largest acquisition to date. This deal, which is set to close in the second half of 2025, will integrate Moveworks’ advanced AI assistant and enterprise search technology into ServiceNow’s platform. The acquisition aims to enhance productivity and streamline workflows across various industries, especially in areas like IT, HR, and facilities management. Moveworks, founded in 2016, is known for its AI-powered solutions and has secured major clients like Broadcom and Palo Alto Networks.

15. Cobalt Strike Abuse Declines 80 Percent

Fortra, the developer behind Cobalt Strike, has announced a significant 80% reduction in the abuse of the tool by threat actors over the past two years. In partnership with Microsoft and Health-ISAC, Fortra took legal and technical actions, including disrupting attacker infrastructure and filing lawsuits against hackers. Their efforts also led to Europol’s takedown of nearly 600 Cobalt Strike servers linked to cybercrime activities. The ongoing operations have resulted in more than 200 malicious domains being seized and sinkholed.