CyberSecurity Newsletter February 3rd, 2025
In this week’s news: DeepSeek AI's accessible database exposed log streams, and researchers tricked it into revealing its instructions; Globe Life Insurance breach; Google discovers APT group using Gemini in attacks; ENGlobal, Tata, and New York Blood Center also breached; OpenAI Strikes Deal with US Government to Use Its AI for Nuclear Weapon Security; and North Korean cybercriminal group uses ID hijacking to gain complete control over Windows systems.
Remember Douglas Adams: Don’t Panic
Subscribe to this Newsletter
Globe Life Inc. has disclosed new details regarding a cybersecurity incident involving an extortion attempt and the unauthorized access of sensitive customer data. The insurance provider confirmed that an unknown threat actor gained access to the personally identifiable information (PII) of approximately 855,000 individuals and attempted to extort the company by threatening to release the data. Despite the demands, Globe Life did not pay the extortion and has engaged law enforcement in the ongoing investigation.
https://cyberinsider.com/globe-life-confirmed-data-breach-impacts-855000-customers/
Wiz Research has identified a publicly accessible ClickHouse database belonging to DeepSeek. This database allows complete control over database operations, including accessing internal data. The exposure includes over a million log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team immediately and responsibly disclosed the issue to DeepSeek, which promptly secured the exposure.
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
A North Korean cybercriminal group, Andariel, has been found using a stealthy hacking technique called RID hijacking to gain complete control over Windows systems. This method allows attackers to manipulate a computer's security settings, turning a low-privilege user account into an administrator account and granting them hidden control over the system.
https://www.cysecurity.news/2025/02/north-korean-hackers-exploit-rid.html
In 2024, GitLab developers discovered two critical vulnerabilities in their system. Due to verification errors, attackers could hijack user accounts and modify repository contents. This type of attack is known as RepoJacking. Denis Makrushin deep dives into the effects.
https://infosecwriteups.com/more-than-1-000-github-repositories-at-risk-how-to-detect-repojacking-vulnerabilities-58cd888b8f3f
Meta announced it had discovered and dismantled a WhatsApp malware campaign targeting journalists and civil society members with Paragon spyware (aka Graphite). The hacking campaign targeted 90 users and was disrupted in December; WhatsApp had already alerted them of a possible compromise of their devices. WhatsApp linked the hacking campaign to Paragon, an Israeli commercial surveillance vendor acquired by AE Industrial Partners for $900 million in December 2024.
https://securityaffairs.com/173721/security/whatsapp-disrupted-paragon-spyware-campaign.html
Indian multinational Tata Technologies, a Tata Motors subsidiary, suspended some IT services following a ransomware attack. The company, engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers and industrial machinery companies.
https://securityaffairs.com/173712/cyber-crime/tata-technologies-ransomware-attack.html
The New York Blood Center suffered a ransomware attack on Sunday, causing appointment rescheduling. The New York Blood Center (NYBC) is a community, nonprofit blood bank based in New York City. NYBC supplies blood to approximately 200 hospitals in the Northeast United States. NYBC and its operating divisions also provide transfusion-related medical services to over 500 hospitals nationally.
https://securityaffairs.com/173702/cyber-crime/new-york-blood-center-faced-ransomware-attack.html
Google's Threat Intelligence Group (GTIG) detected government-linked advanced persistent threat (APT) groups using Gemini primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks that can bypass traditional defenses.
https://www.bleepingcomputer.com/news/security/google-says-hackers-abuse-gemini-ai-to-empower-their-attacks/
A recent investigation has revealed a significant web skimming campaign affecting at least 17 websites, including the UK site of electronics giant Casio. Researchers uncovered these infections, likely stemming from vulnerabilities in Magento or similar e-commerce platforms, and are working to notify all affected parties.
https://hackread.com/casio-16-websites-double-entry-web-skimming-attack/
U.S. and Dutch law enforcement agencies have announced that they have dismantled 39 domains and their associated servers to disrupt a network of online marketplaces from Pakistan.
https://thehackernews.com/2025/02/us-and-dutch-authorities-dismantle-39.html
BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by using a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords. The breach was first flagged on December 5, 2024.
https://thehackernews.com/2025/02/beyondtrust-zero-day-breach-exposes-17.html
The U.S. CISA and the FDA warned of a hidden backdoor in Contec CMS8000 and Epsimed MN-120 patient monitors.
https://securityaffairs.com/173694/security/cisa-fda-warned-hidden-backdoor-in-contec-cms8000.html
A new Mirai-based botnet is causing internet backbone provider Akamai to sound the alarm. Known as Aquabotv3, the malware exploits a vulnerability in a series of Mitel internet-connected phones. According to Akamai researchers Larry Cashdollar and Kyle Lefton, the threat actors aim to create a platform for denial-of-service attacks. Aquabot is a botnet built off the Mirai framework with the ultimate goal of distributed denial of service
https://www.scworld.com/news/akamai-warns-of-active-attacks-from-new-mirai-variant
Researchers have tricked DeepSeek, the Chinese generative AI (GenAI) that debuted earlier this month to a whirlwind of publicity and user adoption, into revealing the instructions that define how it operates.
https://www.darkreading.com/application-security/deepseek-jailbreak-system-prompt
The US Department of Justice (DoJ) has partnered with international law enforcement to crack down on Dark Web cybercrime forums. A pair of operations disrupted underground markets linked to attacks on millions of victims globally. However, it's unclear what the long-term effects of the efforts will be.
https://www.darkreading.com/cybersecurity-operations/doj-cybercrime-forums-attacks-17m-americans
According to Cybernews, North Dakota-based TV station Valley News Live had more than 1.8 million files from its job portal leaked due to a misconfigured Amazon AWS S3 storage bucket.
https://www.scworld.com/brief/over-1m-individuals-impacted-by-valley-news-live-data-leak
ENGlobal Corporation, a federal energy contractor, detailed a cybersecurity breach in a recent Securities and Exchange Commission (SEC) filing. The breach, discovered on November 25, 2024, involved unauthorized access to ENGlobal’s IT systems.
https://dailysecurityreview.com/security-spotlight/englobal-cybersecurity-breach-and-centerpoint-energy-data-leak-probes-investigation/
OpenAI Strikes Deal With US Government to Use Its AI for Nuclear Weapon Security
https://futurism.com/openai-signs-deal-us-government-nuclear-weapon-security