💀 Know One Won Cyber Intel – March 18, 2025

💀 No One Won Cyber Intel – March 18, 2025

📌 ClickFix: How to Infect Your PC in Three Easy Steps 🔗 https://krebsonsecurity.com/2025/03/clickfix-how-to-infect-your-pc-in-three-easy-steps/ 📝 A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware.

📌 Microsoft: 6 Zero-Days in March 2025 Patch Tuesday 🔗 https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/ 📝 Microsoft today issued more than 50 security updates for its various Windows operating systems, including fixes for a whopping six zero-day vulnerabilities that are already seeing active exploitation.

📌 Alleged Co-Founder of Garantex Arrested in India 🔗 https://krebsonsecurity.com/2025/03/alleged-co-founder-of-garantex-arrested-in-india/ 📝 Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family.

📌 Feds Link $150M Cyberheist to 2022 LastPass Hacks 🔗 https://krebsonsecurity.com/2025/03/feds-link-150m-cyberheist-to-2022-lastpass-hacks/ 📝 In September 2023, KrebsOnSecurity published findings from security researchers who concluded that a series of six-figure cyberheists across dozens of victims resulted from thieves cracking master passwords stolen from the password manager service LastPass in 2022. In a court filing this week, U.S. federal agents investigating a spectacular $150 million cryptocurrency heist said they had reached the same conclusion.

📌 Who is the DOGE and X Technician Branden Spikes? 🔗 https://krebsonsecurity.com/2025/03/who-is-the-doge-and-x-technician-branden-spikes/ 📝 At 49, Branden Spikes isn't just one of the oldest technologists who has been involved in Elon Musk's Department of Government Efficiency (DOGE). As the current director of information technology at X/Twitter and an early hire at PayPal, Zip2, Tesla and SpaceX, Spikes is also among Musk's most loyal employees. Here's a closer look at this trusted Musk lieutenant, whose Russian ex-wife was once married to Elon's cousin.

📌 Sperm donation giant California Cryobank warns of a data breach 🔗 https://www.bleepingcomputer.com/news/security/sperm-donation-giant-california-cryobank-warns-of-a-data-breach/ 📝 US sperm donor giant California Cryobank is warning customers it suffered a data breach that exposed customers' personal information. [...]

📌 GitHub Action hack likely led to another in cascading supply chain attack 🔗 https://www.bleepingcomputer.com/news/security/github-action-hack-likely-led-to-another-in-cascading-supply-chain-attack/ 📝 A cascading supply chain attack that began with the compromise of the "reviewdog/action-setup@v1" GitHub Action is believed to have led to the recent breach of "tj-actions/changed-files" that leaked CI/CD secrets. [...]

📌 Western Alliance Bank notifies 21,899 customers of data breach 🔗 https://www.bleepingcomputer.com/news/security/western-alliance-bank-notifies-21-899-customers-of-data-breach/ 📝 Arizona-based Western Alliance Bank is notifying nearly 22,000 customers their personal information was stolen in October after a third-party vendor's secure file transfer software was breached. [...]

📌 Malicious Android 'Vapor' apps on Google Play installed 60 million times 🔗 https://www.bleepingcomputer.com/news/security/malicious-android-vapor-apps-on-google-play-installed-60-million-times/ 📝 Over 300 malicious Android applications downloaded 60 million items from Google Play acted as adware or attempted to steal credentials and credit card information. [...]

📌 New Windows zero-day exploited by 11 state hacking groups since 2017 🔗 https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exploited-by-11-state-hacking-groups-since-2017/ 📝 At least 11 state-backed hacking groups from North Korea, Iran, Russia, and China have been exploiting a new Windows vulnerability in data theft and cyber espionage zero-day attacks since 2017. [...]

📌 Student Loan Breach Exposes 2.5M Records 🔗 https://threatpost.com/student-loan-breach-exposes-2-5m-records/180492/ 📝 2.5 million people were affected, in a breach that could spell more trouble down the line.

📌 Watering Hole Attacks Push ScanBox Keylogger 🔗 https://threatpost.com/watering-hole-attacks-push-scanbox-keylogger/180490/ 📝 Researchers uncover a watering hole attack likely carried out by APT TA423, which attempts to plant the ScanBox JavaScript-based reconnaissance tool.

📌 Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms 🔗 https://threatpost.com/0ktapus-victimize-130-firms/180487/ 📝 Over 130 companies tangled in sprawling phishing campaign that spoofed a multi-factor authentication system.

📌 Ransomware Attacks are on the Rise 🔗 https://threatpost.com/ransomware-attacks-are-on-the-rise/180481/ 📝 Lockbit is by far this summer’s most prolific ransomware group, trailed by two offshoots of the Conti group.

📌 Cybercriminals Are Selling Access to Chinese Surveillance Cameras 🔗 https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/ 📝 Tens of thousands of cameras have failed to patch a critical, 11-month-old CVE, leaving thousands of organizations exposed.

📌 HP Launches Printers with Quantum Resilient Cryptography 🔗 https://www.securityweek.com/hp-launches-printers-with-quantum-resilient-cryptography/ 📝 Printers can sit in the corner for ten years or more, while quantum decryption is thought by many to be less than 10 years away. The post HP Launches Printers with Quantum Resilient Cryptography appeared first on SecurityWeek.

📌 Industry Moves for the week of March 17, 2025 - SecurityWeek 🔗 https://www.securityweek.com/industry-moves/mar-17-2025/ 📝 Explore industry moves and significant changes in the industry for the week of March 17, 2025. Stay updated with the latest industry trends and shifts.

📌 AI Is Turbocharging Organized Crime, EU Police Agency Warns 🔗 https://www.securityweek.com/ai-is-turbocharging-organized-crime-eu-police-agency-warns/ 📝 AI and other technologies “are a catalyst for crime, and drive criminal operations’ efficiency by amplifying their speed, reach, and sophistication,” the report said. The post AI Is Turbocharging Organized Crime, EU Police Agency Warns appeared first on SecurityWeek.

📌 Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover 🔗 https://www.securityweek.com/critical-ami-bmc-vulnerability-exposes-servers-to-disruption-takeover/ 📝 A critical vulnerability affecting baseboard management controller (BMC) firmware made by AMI could expose many devices to remote attacks. The post Critical AMI BMC Vulnerability Exposes Servers to Disruption, Takeover appeared first on SecurityWeek.

📌 Google Releases Major Update for Open Source Vulnerability Scanner 🔗 https://www.securityweek.com/google-releases-major-update-for-open-source-vulnerability-scanner/ 📝 Google has integrated OSV-SCALIBR features into OSV-Scanner, its free vulnerability scanner for open source developers. The post Google Releases Major Update for Open Source Vulnerability Scanner appeared first on SecurityWeek.

📌 New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors 🔗 https://thehackernews.com/2025/03/new-rules-file-backdoor-attack-lets.html 📝 Cybersecurity researchers have disclosed details of a new supply chain attack vector dubbed Rules File Backdoor that affects artificial intelligence (AI)-powered code editors like GitHub Copilot and Cursor, causing them to inject malicious code. "This technique enables hackers to silently compromise AI-generated code by injecting hidden malicious instructions into seemingly innocent

📌 Unpatched Windows Zero-Day Flaw Exploited by 11 State-Sponsored Threat Groups Since 2017 🔗 https://thehackernews.com/2025/03/unpatched-windows-zero-day-flaw.html 📝 An unpatched security flaw impacting Microsoft Windows has been exploited by 11 state-sponsored groups from China, Iran, North Korea, and Russia as part of data theft, espionage, and financially motivated campaigns that date back to 2017. The zero-day vulnerability, tracked by Trend Micro's Zero Day Initiative (ZDI) as ZDI-CAN-25373, refers to an issue that allows bad actors to execute hidden

📌 Google Acquires Wiz for $32 Billion in Its Biggest Deal Ever to Boost Cloud Security 🔗 https://thehackernews.com/2025/03/google-acquires-wiz-for-32-billion-in.html 📝 Google is making the biggest ever acquisition in its history by purchasing cloud security company Wiz in an all-cash deal worth $32 billion. "This acquisition represents an investment by Google Cloud to accelerate two large and growing trends in the AI era: improved cloud security and the ability to use multiple clouds (multicloud)," the tech giant said today. It added the acquisition, which is

📌 New Critical AMI BMC Vulnerability Enables Remote Server Takeover and Bricking 🔗 https://thehackernews.com/2025/03/new-critical-ami-bmc-vulnerability.html 📝 A critical security vulnerability has been disclosed in AMI's MegaRAC Baseboard Management Controller (BMC) software that could allow an attacker to bypass authentication and carry out post-exploitation actions. The vulnerability, tracked as CVE-2024-54085, carries a CVSS v4 score of 10.0, indicating maximum severity. "A local or remote attacker can exploit the vulnerability by accessing the

📌 How to Improve Okta Security in Four Steps 🔗 https://thehackernews.com/2025/03/how-to-improve-okta-security-in-four.html 📝 While Okta provides robust native security features, configuration drift, identity sprawl, and misconfigurations can provide opportunities for attackers to find their way in. This article covers four key ways to proactively secure Okta as part of your identity security efforts. Okta serves as the cornerstone of identity governance and security for organizations worldwide. However, this