Infosec bits for 2025 week 13
Maajied Moos | March 28, 2025, 3:03 p.m.
Cybersecurity News:
The hidden risk in SaaS: Why companies need a digital identity exit strategy [Jacob Ideskog, Help Net Security]
Hunting Rituals #5:Why hypothesis-based threat hunting is essential in cybersecurity [Yeo Zi Wei and Yiu Wai Leong, Group-IB]
Encrypted Messaging Apps Promise Privacy. Government Transparency Is Often the Price [Associated Press, Security Week]
New Android malware uses Microsoft’s .NET MAUI to evade detection [Bill Toulas, Bleeping Computer]
Vulnerabilities & Patches:
Critical 'IngressNightmare' Vulns Imperil Kubernetes Environments [Jai Vijayan, Dark Reading]
Critical flaw in Next.js lets hackers bypass authorization [Bill Toulas, Bleeping Computer]
CrushFTP warns users to patch unauthenticated access flaw immediately [Sergiu Gatlan, Bleeping Computer]
VMware Patches Authentication Bypass Flaw in Windows Tools Suite [SecurityWeek News, Security Week]
Attacks & Data Breaches:
Oracle Cloud says it's not true someone broke into its login servers and stole data [Jessica Lyons, The Register]
Oracle customers confirm data stolen in alleged cloud breach is valid [Lawrence Abrams, Bleeping Computer]
Malware:
Coinbase Initially Targeted in GitHub Actions Supply Chain Attack; 218 Repositories' CI/CD Secrets Exposed [Ravie Lakshmanan, The Hacker News]
Steam pulls game demo infecting Windows with info-stealing malware [Bill Toulas, Bleeping Computer]
Checkpoint ZoneAlarm Driver Flaw Exposes Users to Credential Theft [Deeba Ahmed, Hack Read]
Attackers Use Fake CAPTCHAs to Deploy Lumma Stealer RAT [Beth Maundrill, Info-Security Magazine]
VanHelsing RaaS Launch: 3 Victims, $5K Entry Fee, Multi-OS, and Double Extortion Tactics [Ravie Lakshmanan, The Hacker News]
DeepSeek users targeted with fake sponsored Google ads that deliver malware [Pieter Arntz, Malware Bytes]
New Tooling:
Malwoverview: First response tool for threat hunting [Mirko Zorz, Help Net Security]