Infosec bits for 2025 week 4

Sicelo Ncekana | Jan. 27, 2025, 2:36 a.m.

Cybersecurity News:

Small businesses, Big risk [Santam Broker Solutions, Santam Broker Solutions]

New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing [James Coker, Infosecurity Magazine]

Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” [Mark Parsons, Sophos News]

Breaches, Hacks & Leaks

TalkTalk investigates breach after data for sale on hacking forum [Lawrence Abrams, Bleeping Computer]

Cyberattack affecting school boards across Canada may involve decades of data. What can families do? [Jessica Wong, CBC News]

Data on Half a Million Hotel Guests Exposed After Otelier Breach [Phil Muncaster, Infosecurity Magazine]

Change Healthcare Data Breach Impact Grows to 190 Million Individuals [Eduard Kovacs, Security Week]

Vulnerabilities & Patches:

AMD processor vulnerability inadvertently leaked early [Alexander Culafi, TechTarget]

Meta Llama Framework Vulnerability Sparks AI Security Alert [Harsh, PC Quest]

Custom Backdoor Exploiting Magic Packet Vulnerability in Juniper Routers [Ravie Lakshmanan, The Hacker News]

GitHub Vulnerability Let Malicious Repos To Leaks Users Credentials [Balaji N, Cyber Security News]

Microsoft Windows BitLocker Vulnerability Exposes Passwords [Davey Winder, Forbes]

Critical Fleet Server Vulnerability Exposes Sensitive Information [Kaaviya Ragupathy, Cyber Security News]

Malware:

MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks [Ravie Lakshmanan, The Hacker News]

Scammers Are Targeting Ross Ulbricht Supporters With Malware on Telegram [Jason Nelson, Ememrge]

QakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering Features [Ravie Lakshmanan, The Hacker News]