In today’s cybersecurity news…
HPE investigates breach claims
Last Thursday, well-known hacker, IntelBroker, alleged they are selling stolen from the systems of Hewlett Packard Enterprise (HPE). IntelBroker claims the compromised data includes source code for Zerto and iLO products, private GitHub repositories, digital certificates, Docker builds, and personal info from old user deliveries. IntelBroker also says they’re offering access to some HPE services, including APIs, WePay, GitHub and GitLab. The company confirmed it is investigating the claims and says, so far, they have not experienced any operational impacts.
(SecurityWeek and Bleeping Computer)
Former CIA analyst pleads guilty to sharing Top Secret files
Thirty-four-year-old Asif William Rahman of Vienna, is facing up to 10 years behind bars for sharing top secret documents on social media. The Department of Justice (DoJ) said Rahman was employed with the CIA since 2016 and “repeatedly” printed out classified documents, before taking them home where he altered them to try to conceal their source. Reports suggest the incident included top secret documents about Israel’s military plans to retaliate against Iran following Iranian ballistic missile strikes in October. Rhaman leaked the document on social media resulting in a major embarrassment to the Pentagon and causing massive geopolitical tension in the Middle East. In addition to altering documents and journal logs, Rahman also tried to hide his tracks by destroying a personal smartphone and router he used to upload the classified information, ultimately discarding them into a public trash bin.
Data of nearly half million hotel guests exposed
Customers of some of the world’s best-known hotel chains had their personal information compromised after a threat actor gained unauthorized access to hotel management software provider, Otelier. Data breach notification site HaveIBeenPwned (HIBP) added almost half a million unique accounts from the breach to its database over the weekend. HIBP indicated that the threat actor used the access to Otelier systems to exfiltrate customer data from hotel chains including Marriott, Hilton and Hyatt. Stolen data included 437k customer email addresses names, physical addresses, phone numbers, booking and purchase information, and partial credit card data. Researchers at dark web monitoring firm WhiteIntel said that the incident likely stemmed from infostealer malware.
Yubico warns of 2FA security flaw affecting Linux and macOS users
Yubico has released a security advisory warning of a high-risk vulnerability (CVE-2025-23013) within the software module that supports two-factor authentication (2FA) for Linux and macOS platforms. This issue allows for partial bypass of 2FA protections when using YubiKeys or other FIDO-compatible authenticators. This flaw primarily affects systems running pam-u2f versions prior to 1.3.1 and stems from the authentication process not correctly handling certain errors. Yubico recommends that all affected customers immediately upgrade to the latest version of pam-u2f to mitigate the vulnerability.
Thanks to today’s episode sponsor, Vanta
Now that’s…a new way to GRC. Get started at Vanta.com/headlines.
Cyber threats are lurking in YouTube comments
A new study from TrendMicro highlights the rising danger posed by comments on YouTube videos. According to their findings, a significant number of comments contain phishing links or direct users to dangerous websites that host Lumma and Vidar infostealers. Some hackers are also leveraging file-sharing platforms like Mega and Mediafire to distribute malware. The responsibility to protect viewers from these risks often falls on content creators who should vigilantly monitor and manage comments posted beneath their videos. Failure to do so could result in the platform removing their content, especially if the creator was complicit in allowing harmful practices for personal gain.
Ukraine’s state registers restored following cyber-attack
The infrastructure of Ukraine’s state registers has been fully restored following a large-scale cyber-attack back on December 19, which was attributed to Russia’s military intelligence services (GRU). Ukraine’s Minister of Justice and Deputy Prime Minister for European and Euro-Atlantic Integration of Ukraine, Olha Stefanishyna, announced in a Facebook post Monday that the Unified and State Registers were now “fully operational.” Stefanishyna added that Russian attackers were unsuccessful in their objectives during the cyber-attack and no information from the registers was compromised. The Ministry of Justice is now updating the registers to add data entered during the restoration period. Stefanishyna said the Ukrainian government has “learned important lessons” from this attack and is implementing key process changes.
Phishing found most common smartphone security issue for consumers
The fourth annual Mobile Device Security Scorecard from Omdia, revealed the most prominent mobile security issue faced by consumers across the globe was phishing scams. Twenty-four 24% of respondents say they experienced phishing texts, emails or calls. The research also included hands-on device testing which revealed that Samsung S24 offers the best anti-phishing protection, while the Google Pixel 9 Pro leads with many other security features. The tests showed that Phone 16 Pro and other premium Android smartphones from Honor, Xiaomi, and OnePlus are lacking in robust security protections. Omdia sees value in smartphone vendors offering phishing safeguards to help protect consumers. The report also revealed the second most common security issue reported by consumers was malware and viruses followed by physical theft.
Employees of failed startups at risk of stolen personal data
Dylan Ayrey, co-founder and CEO of Truffle Security, discovered that malicious hackers could potentially buy the defunct domains of failed startups and use them to log into employee cloud accounts. To test the flaw, Ayrey bought one failed startup’s domain and from it was able to log in to ChatGPT, Slack, Notion, Zoom, and an HR system containing Social Security numbers. Ayrey used former employee emails to take advantage of the “Sign in with Google” option to access the apps. Startup employees are more vulnerable because startups tend to use Google’s apps and cloud software to run their businesses. Google does have tech in its OAuth configuration called a “sub-identifier,” that should prevent the risks outlined by Ayrey, but only if the SaaS cloud provider uses it. While an employee might have multiple email addresses attached to their Google account, the account should only ever have one sub-identifier. Google says the ultimate fix is for founders shuttering a company to ensure they properly close all of their cloud services.