In today’s cybersecurity news…
Signal adds Recall blocker
The messaging app has updated its Windows app to block actions by Microsoft’s AI-powered Recall feature from screenshotting conversations. “When enabled, screen security will set a Digital Rights Management (DRM) flag on Signal’s app windows, blocking their content from being captured by Recall or other Windows apps and features.” Signal developer Joshua Lund stated in a post this week, “Microsoft has simply given us no other option.”
(BleepingComputer and Signal blog)
Critical Windows Server 2025 dMSA vulnerability warning
According to Akamai security researcher Yuval Gordon, “a privilege escalation flaw in Windows Server 2025 makes it possible for attackers to compromise any user in Active Directory (AD).” In a report shared with The Hacker News, Gordon said “the attack exploits the delegated Managed Service Account (dMSA) feature that was introduced in Windows Server 2025, works with the default configuration, and is trivial to implement.” Akamai has named this attack technique BadSuccessor.
Pathology lab suffers data breach
North Carolina-based Marlboro-Chesterfield Pathology (MCP) is a full service anatomic pathology laboratory that recently suffered an apparent ransomware attack. The company stated in a breach notice published on its website that unauthorized activity on some internal IT systems was discovered on January 16 and that further investigation showed that files had been stolen. The data in these files generally includes PII, medical treatment information, and health insurance information, but this varies by individual. Over 235,000 individuals may have been impacted. The ransomware group SafePay has claimed responsibility for the theft.
FTC slaps GoDaddy upside the head
The U.S. Federal Trade Commission (FTC) has finalized an order requiring the web hosting company to “secure its services to settle charges of data security failures that led to several data breaches since 2018.” The FTC also alleged that the company “misled users about its security practices.” The FTC found that GoDaddy was unaware of vulnerabilities in its hosting environment due to a lack of standard security measures. The order prohibits the company from misleading customers, mandates it to establish a robust information security program, hire an independent third-party assessor and add MFA.
Huge thanks to our sponsor, Conveyor
Conveyor’s AI doesn’t need hand-holding and gets you accurate answers every time with limited knowledge base maintenance.
It reads directly from your connected sources—documents, wikis, websites, Confluence, Google drive, and even your Conveyor trust center.
You don’t maintain a knowledge base. You connect to one.
And our AI does the rest for you. See what real auto-fill magic looks like at www.conveyor.com
Consumer Reports accuses Kroger of using loyalty program to sell customer data
The consumer watchdog publication stated this past Tuesday the grocery chain “allegedly used data collected from loyalty shoppers to build sometimes incorrect profiles of them and sell their information to other companies.” According to The Record, their report was based on statements from a single customer in Oregon who used the state’s new privacy law to expose what Kroger had been doing with his information, which turned out to be that it was sent to data brokers, tobacco companies, insurance and marketing firms. Kroger refutes the report.
Chinese hackers breach U.S. local governments using Cityworks zero-day
Chinese-speaking hackers have been exploiting a now-patched Trimble Cityworks zero-day to breach multiple local governing bodies across the United States. “Trimble Cityworks is a Geographic Information System (GIS)-based asset management and work order management software primarily used by local governments, utilities, and public works organizations and designed to help infrastructure agencies and municipalities manage public assets, handle permitting and licensing, and process work orders.” The group (UAT-6382) behind this campaign used “a Rust-based malware loader to deploy Cobalt Strike beacons and VSHell malware designed to backdoor compromised systems and provide long-term persistent access, as well as web shells and custom malicious tools written in Chinese.”
Cisco patches high-severity flaws
“Cisco on Wednesday published 10 security advisories detailing over a dozen vulnerabilities across its products, including two high-severity flaws in its Identity Services Engine (ISE) and Unified Intelligence Center. The ISE bug impacts the RADIUS message processing feature and could be exploited remotely, without authentication, to cause ISE to reload, leading to a denial of service (DoS) condition. The security defect was resolved alongside a medium-severity vulnerability that can be exploited for horizontal privilege escalation. More details about these flaws is available in the show notes to this episode.
Unpatched critical bugs in Versa Concerto revealed
These vulnerabilities, disclosed by researchers at ProjectDiscovery, could allow remote attackers to bypass authentication and execute arbitrary code on affected systems. As described in BleepingComputer, “Versa Concerto is the centralized management and orchestration platform for Versa Networks’ SD-WAN and Secure Access Service Edge solutions, used by large enterprises, telecom operators and government agencies. ProjectDiscovery reported the vulnerabilities to the vendor on February 13, with a 90-day disclosure period. Versa Networks acknowledged the findings and promised hotfixes by April 7th, but then went silent, prompting ProjectDiscovery to publish the full details to alert Versa Concerto users of the danger.