Cyber Security News Daily Recap

Cybersecurity News | Daily Recap [14 Aug 2025]

admin
Cybersecurity News | Daily Recap [14 Aug 2025]

This Cybersecurity News recap highlights recent vulnerabilities in HTTP/2 protocol, exploited flaws in N-able N-central, Zoom, and FortiSIEM, leading to critical patches and urgent updates. It also covers expanding malware campaigns, data breaches affecting governmental organizations, and nation-state actions targeting infrastructure. Stay vigilant by applying recommended security practices and monitoring external assets. #MadeYouReset #N-ableFlaws

Vulnerabilities & Patches

  • New HTTP/2 flaw enables amplified DoS across servers and products, exploiting the MadeYouReset vector and affecting implementations like Apache Tomcat and Netty. – MadeYouReset, MadeYouReset
  • CISA warns of actively exploited flaws in N-able N-central (CVE-2025-8875 / CVE-2025-8876) with guidance to upgrade to 2025.3.1. – N-able Flaws, N-able Flaws, N-able Flaws, N-able Flaws
  • Zoom patched a critical Windows privilege-escalation bug (CVE-2025-49457); admins should update immediately. – Zoom Flaw, Zoom Flaw
  • FortiSIEM emergency patch released for an actively exploited pre-auth RCE (CVE-2025-25256); mitigate or restrict access now. – FortiSIEM Patch, FortiSIEM Patch
  • Microsoft rolled fixes for a Windows Server cluster/VM restart bug and addressed Windows 11 24H2 WSUS delivery errors affecting enterprise updates. – Win Server Fix, Win11 Update
  • Surge in targeted brute-force activity against Fortinet SSL VPN and FortiManager may precede new zero-days—harden access and monitoring. – Fortinet Brute
  • Attackers again exploit a legacy Equation Editor Office flaw (CVE-2017-11882) to achieve RCE—old bugs keep threatening modern environments. – Legacy Office Exploit

Malware & Campaigns

  • Researchers observed CrossC2 extending Cobalt Strike to Linux and macOS via in-memory loaders like ReadNimeLoader, broadening multi-platform intrusion capabilities. – CrossC2 Expansion
  • Malvertising distributes the multi-stage, in-memory PS1Bot campaign with modular payloads and links to prior ransomware activity. – PS1Bot
  • New Android trojan PhantomCard uses NFC relay, call hijacking and root exploits to steal banking credentials in Brazil via fake Play Store apps. – PhantomCard
  • A fake Minecraft installer (Eaglercraft) is spreading NjRat spyware to steal credentials and enable remote surveillance. – Fake Minecraft

Ransomware & Data Breaches

  • Croatia’s Ruđer Bošković Institute confirmed a ransomware attack exploiting SharePoint ToolShell vulnerabilities amid a global wave impacting thousands of orgs. – RBI Ransom
  • The Interlock gang claimed a breach of Box Elder County, UT, stealing 4.5 TB of data and disrupting services. – Interlock Claim
  • Pennsylvania’s AG office suffered a cyberattack that knocked down email, phone and web services—investigations point to exploitation of critical appliance flaws. – PA AG Attack
  • Canada’s House of Commons is probing a data breach tied to a Microsoft vulnerability, with stolen employee info raising phishing and scam risks. – Canada Commons
  • The Italian government warns that stolen hotel guest IDs are being sold on forums, risking identity fraud for tens of thousands of travelers. – Italy IDs
  • The Blue Report 2025 finds modern ransomware and infostealers focus on credential theft and exfiltration rather than just encryption, stressing exposure management. – Blue Report

Phishing & Scams

  • Phishers exploit Unicode homoglyphs (e.g., Japanese ) to spoof domains like Booking.com and Intuit, increasing credential-theft risks. – Booking Phish
  • Deepfake-driven “AI trading” platforms use fabricated videos, reviews and ads to lure investors into fraudulent schemes worldwide. – Deepfake Scams
  • Scam-recovery rings posing as law firms continue targeting crypto victims—IC3 releases indicators and due-diligence steps to avoid recovery scams. – Crypto Recovery PSA
  • Google will require crypto apps to hold government licenses in 15 regions as regulators and the FBI warn of widespread impersonation scams and $9.9M in reported losses. – Google Crypto

Fraud & Crypto Crimes

  • Two Estonians were sentenced for running the HashFlare Ponzi that stole $577M, with authorities seizing over $450M in assets. – HashFlare Verdict, HashFlare Verdict
  • Multiple lawsuits allege Zelle/Early Warning Services enabled over $1B in fraud by failing to deploy adequate safeguards. – Zelle Lawsuit, Zelle Lawsuit

Nation-state Actions & Threat Actors

  • Norwegian authorities link suspected sabotage of a dam to pro-Russian actors who remotely manipulated control systems and caused large water outflow. – Norway Dam, Norway Dam
  • Russia has limited voice/video calls on WhatsApp and Telegram citing anti-fraud goals while pushing a domestic app (Max), raising surveillance concerns. – Russia Calls
  • A newly tracked Russian-linked actor, “Curly COMrades,” has targeted sensitive organizations in Moldova and Georgia using stealthy task-hijacking and covert exfiltration. – Curly Actor

Auth & Identity Risks

  • Researchers show passkeys can be bypassed by abusing the WebAuthn flow via JS injection and malicious extensions, undermining some biometric protections. – Passkey Bypass
  • A new downgrade attack can trick FIDO/Microsoft Entra ID into fallback authentication, increasing phishing exposure for supposedly phishing-resistant logins. – FIDO Downgrade

Security Best Practices & Exposure Management

  • Practical advice urges a security-by-default posture—enforce MFA, deny-by-default rules and application ringfencing to reduce attack surface. – Attack Surface
  • External asset monitoring with EASM/DRP tools provides continuous checks—like turning off a “virtual oven”—to catch overlooked exposures. – Virtual Oven
  • AI coding assistants can accelerate development but also resurrect classic vulnerabilities (RCE, data leaks); secure coding review remains essential. – AI Coding Risks

Cybersecurity News | Daily Recap – hendryadrian.com