Exploited vulnerabilities up significantly from previous year
The number of exploited vulnerabilities surged in 2024, with 768 CVEs actively targeted, that’s a 20% increase from the year before. Nearly a quarter of these were weaponized on or before their public disclosure. Chinese threat actors remain a major player, with 15 groups linked to exploiting top vulnerabilities, including Log4j. These security shortcomings are linked to the exploitation of Citrix, Cisco, Zoho, and Microsoft to name a few.
First U.S. state to declare ban on DeepSeek
Texas is the first state to take a public stand against Chinese AI company DeepSeek and social media app Xiaohongshu (RedNote) banning the apps from state-issued devices. Governor Greg Abbott cited security concerns and the threat of data harvesting for the ban. Meanwhile, across the pond, Italy’s Data Protection Authority has also blocked DeepSeek’s chatbot service and demanded details on its data collection practices amid mounting privacy concerns, even as the company denies operating in Italy.
Crypto scams make comeback on X
An oldie but a goodie at least according to the hackers behind a 1-click phishing campaign that has recently been targeting high profile X accounts. Journalists, political figures, and even an X employee are the targets of this attack that ultimately leads to cryptocurrency fraud. The goal of targeting these high-profile accounts is to gain access to their large following, maximizing the amount of people who could potentially fall victim to the scam. These kinds of scams have turned out to be very lucrative for hackers in the past which is why it’s worth noting to double check any URL or links before potentially falling for one of these scams.
Hundreds of thousands impacted in Globe Life breach
Globe Life is notifying 850,000 individuals after a data breach potentially exposed personal, health, and insurance information. The company disclosed that a threat actor attempted to extort them by threatening to release stolen data from databases maintained by independent agency owners, which includes names, addresses, dates of birth, and Social Security numbers. Though, Globe Life emphasized that no credit card or banking data was compromised.
Huge thanks to our sponsor, ThreatLocker
Deepseek fake leads to malware
Under the guise of the controversial Deepseek AI platform, Malicious Python packages “deepseeek” and “deepseekai” were uploaded to Python Package Index (PyPI) impersonating tools for the DeepSeek AI platform, but they were in fact infostealers that silently exfiltrated sensitive data from developers’ systems. Positive Technologies discovered the campaign and reported that the payloads stole environment variables—including API keys and database credentials—and sent the data to a C2 server via Pipedream. Although PyPI quickly quarantined and removed the packages, 222 developers downloaded them, so anyone who used these packages should immediately rotate their credentials.
Casio UK skimmer exploits payment flow
A threat actor infected the Casio UK website along with 16 other sites using a web skimmer that hijacked the payment flow to ca pture and exfiltrate visitor data. In an unusual move, instead of targeting the checkout page directly, the skimmer intercepted clicks on the checkout button to display a fake payment form that gathered sensitive information like names, addresses, and credit card details before redirecting users back to the legitimate checkout page. The attack was enabled by a report-only content security policy on the affected sites, which allowed the malicious script to operate undetected.
(Security Week), (Bleeping Computer)
Canadian hacker charged in $65M crypto heist
U.S. prosecutors have charged 22-year-old Canadian Andean Medjedovic with hacking KyberSwap and Indexed Finance, stealing nearly $65 million by exploiting vulnerabilities and manipulating digital coin trades. Medjedovic allegedly laundered the funds through multiple transactions, used fake identities to conceal his actions, and even attempted to extort KyberSwap administrators after the attack. Facing charges including wire fraud, extortion, and money laundering, he could receive decades in prison, with authorities still working to determine his whereabouts.
Remembering Shawn Bowen
It’s with profound sadness that we here at the CISO Series mourn the loss of Shawn Bowen, who died tragically in a parachuting accident over the weekend. If you’ve listened to any of our shows for any length of time, you’ve likely heard Shawn’s keen insights and quick wit. He was a relentless advocate for what we try to bring to the cybersecurity community and unfailingly generous with his time and expertise. We extend our condolences to all of his family, friends, and co-workers, and especially to his wife and two children. David Spark put together a tribute to Shawn on our LinkedIn newsletter with some remembrances from our staff. If you’d like to read them or share your own in the comments, check out the link in our show notes.
(LinkedIn)