March 21, 2025 – Cyber Briefing

👉 What are the latest cybersecurity alerts, incidents, and news?

Cisco Smart Licensing Utility, Vulnerabilities, Cybercriminals, Reddit Posts, AMOS, Lumma Stealers, TradingView, Crypto, VanHelsing Ransomware, Governments, Pharmaceuticals, France, US, MEDUSA Ransomware, ABYSSWORKER Driver, EDR Systems, NAKIVO Backup Software, CISA, Lab Dookhtegan Cyberattack, Iranian Oil Tankers, South Carolina, Converse University, Data Breach, Students, Staff, Parascript, Ransomware Attack, Office of the Attorney General of Massachusetts, Japan, Hokkaido Jalan, Website Shutdown, Data Leak, Four Meme, Cyberattack, Binance, Memecoin Platform, White House, Cybersecurity, Local Governments, Russia, Cloudflare,Michigan Football Coach, Hacking Athlete Databases, UK Police, Fraud Crackdown, Rooted Devices, Cyberattacks, Breaches, Zimperium.

Listen to the full podcast

🚨 Cyber Alerts

1. Cisco Flaws Actively Targeted by Hackers

Two critical vulnerabilities in Cisco Smart Licensing Utility are being actively targeted by cybercriminals. The flaws, tracked as CVE-2024–20439 and CVE-2024–20440, allow attackers to gain administrative access by exploiting a hardcoded password and sensitive log files. These vulnerabilities impact versions 2.0.0, 2.1.0, and 2.2.0, and could enable remote unauthenticated attackers to collect sensitive data or manage associated services. Cisco patched the vulnerabilities in September 2024, urging users to update their systems to protect against exploitation.

2. Reddit Malware Campaign Targets Crypto Users

A new malware campaign is targeting cryptocurrency enthusiasts on Reddit by distributing fake TradingView software. The attackers use social engineering tactics, offering free lifetime access to premium features while secretly spreading AMOS for macOS and Lumma Stealer for Windows. These malware variants compromise users’ systems, emptying cryptocurrency wallets and allowing attackers to take over accounts and spread phishing links.

3. VanHelsing Ransomware Targets Gov Sectors

A new ransomware strain, VanHelsing, has emerged, focusing on government, manufacturing, and pharmaceutical sectors in France and the United States. It uses sophisticated encryption methods and evasion tactics to compromise Windows systems, encrypting files and exfiltrating sensitive data. The ransomware operates with a double extortion strategy and utilizes advanced techniques to maintain persistence and evade detection.

4. MEDUSA Uses ABYSSWORKER to Disable EDR

MEDUSA ransomware uses the ABYSSWORKER driver to disable endpoint detection and response (EDR) systems, significantly increasing its impact. The driver, disguised as a legitimate CrowdStrike Falcon driver, is signed with revoked certificates, making it harder to detect by security software. It manipulates device objects, symbolic links, and various DeviceIoControl handlers to communicate with its client process while preventing detection and termination.

5. CISA Adds NAKIVO Flaw to Exploited List

CISA recently added a high-severity vulnerability in NAKIVO Backup & Replication software to its Known Exploited Vulnerabilities catalog. The flaw, tracked as CVE-2024–48248, is an absolute path traversal issue that allows unauthenticated attackers to read sensitive files on affected systems, such as backups and credentials. This vulnerability affects all versions of the software prior to version 10.11.3.86570, and the exploitation could lead to further compromises of an organization’s infrastructure.

💥 Cyber Incidents

6. Lab Dookhtegan Disrupts Iranian Oil Tankers

Lab Dookhtegan, an Iranian anti-government hacktivist group, executed a cyberattack that disrupted communications on over 100 Iranian oil tankers. The attack targeted satellite communication systems, halting both internal ship communications and external ship-to-shore connections. The group claimed responsibility for the operation, which underscores the increasing cyber vulnerabilities in maritime communication systems, potentially endangering global shipping operations.

7. Converse University Reports Data Breach

Converse University in Spartanburg, South Carolina reported a data breach that exposed sensitive personal information of students, alumni, and employees. The breach, which was discovered on November 11, 2024, prompted an investigation to assess the scope of the incident. Although the specific types of data exposed have not been disclosed, it likely included personal identifiers such as Social Security numbers, financial information, and driver’s license details.

8. Parascript Reports Data Breach Incident

Parascript, LLC reported a data breach on March 18, 2025, following a ransomware attack in August 2024. The breach allowed an unauthorized party to access sensitive consumer information, including names and Social Security numbers. Parascript detected suspicious activity in its network on August 16, 2024, and took immediate steps to contain the incident. After investigating with the help of cybersecurity experts, the company identified that files containing confidential consumer data were compromised between July 29 and August 16, 2024, and began notifying affected individuals.

9. Hokkaido Jalan Website Faces Cyberattack

Hokkaido Jalan, a well-known travel site in Japan, experienced a significant disruption on March 19, 2025, as it went offline amid suspicions of a cyberattack. Users encountered a blank page when attempting to visit the site, with some reports indicating messages about a potential hack. This led to concerns about the security of personal data, as individuals reported receiving emails with sensitive information, such as names and contact details, linked to their accounts. As the situation unfolds, many users are demanding quick action and transparent communication from Hokkaido Jalan to address the potential breach and restore trust.

10. Four Meme Attack Results in $120K Loss

Four Meme, a memecoin platform on Binance, fell victim to a cyberattack that led to a $120,000 theft in Binance Coin (BNB). The attack exploited a vulnerability in the platform’s liquidity pool system, enabling the hacker to manipulate token prices at launch. Security experts have confirmed the exploit was a market manipulation technique, specifically a sandwich attack, which allowed the attacker to profit significantly. Four Meme has pledged to compensate affected users and strengthen its security to prevent further breaches.

📢 Cyber News

11. White House Shifts Cybersecurity to States

The White House has shifted responsibility for cybersecurity risk management from federal agencies to state and local governments. President Trump signed an executive order introducing the National Resilience Strategy, which empowers states to make infrastructure decisions that address cyber threats and disasters. However, experts caution that this decentralization could lead to fragmentation and inefficiencies, with states struggling to fill gaps left by cuts to federal cybersecurity services.

12. Russia Faces Widespread Web Disruptions

Russian internet users faced significant disruptions this week, affecting popular platforms such as TikTok, Steam, and banking apps like Sberbank and Gazprombank. These outages are believed to be caused by Russia’s efforts to block Cloudflare, a U.S.-based security service that enhances website privacy and helps mitigate cyberattacks. Local experts suggest the disruptions are part of broader efforts by Roskomnadzor to isolate Russian internet infrastructure from foreign control, pushing local services to switch to Russian alternatives.

13. Former Michigan Coach Faces Hacking Charges

Matthew Weiss, former co-offensive coordinator at the University of Michigan, was charged with hacking into athlete databases. Over several years, Weiss allegedly accessed personal and medical data of 150,000 athletes from over 100 colleges, exploiting vulnerabilities to target female athletes. He gained unauthorized access to social media, email, and cloud storage accounts, where he sought intimate content and private data, leading to multiple identity theft and hacking charges.

14. UK Police Arrest 422 in Major Fraud Sweep

UK police arrested 422 individuals and seized £7.5 million in cash and assets during Operation Henhouse. The operation, coordinated by the National Economic Crime Centre and City of London Police, highlights the growing scale of fraud in the UK, which costs the country billions annually. Police efforts also led to notable successes, including returning nearly £1 million to victims and dismantling criminal operations across the country.

15. Rooted Devices 250 Times More Vulnerable

A new analysis reveals that rooted and jailbroken devices are 250 times more likely to face security compromises. These devices are prone to malware attacks, file system breaches, and exposure of sensitive data. Despite a decline in rooted devices, they remain a significant threat, with some devices showing up to 3,000 times more vulnerability than stock ones. Security experts warn that the continuous evolution of rooting tools makes it harder for professionals to detect and prevent these risks, increasing the potential for cyberattacks.