Infosec bits for 2025 week 7

Sicelo Ncekana | Feb. 14, 2025, 4:55 p.m.

Vulnerabilities & Patches:

Report: Lazarus Group Exploits Github, NPM Packages in Cryptocurrency Malware Campaign [Jamie Redman, Bit coin News]

ZeroLogon Ransomware Exploit Active Directory Vulnerability To Gain Domain Controller Access [Tushar Subhra Dutta, Cybersecurity News]

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score [The Hacker News, The Hacker News]

Fortinet discloses second authentication bypass vulnerability [Alexander Culafi, TechTarget]

PostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted Attacks [Ravie Lakshmanan, The Hacker News]

Cyberattacks & Breaches:

New data leak hits more entities in France - what to do if you are affected [Hannah Thompson, The Connexions]

Newspaper Giant Lee Enterprises Reels From Cyberattack [Kristina Beek, Dark Reading]

Malware

Did You Download This Steam Game? Sorry, It's Windows Malware [Michael Kan, PC Mag]

Ransomware gangs shifting tactics to evade enterprise defenses [Rob Wright, Cybersecurity dive]

FINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and Linux [Ravie Lakshmanan, The Hacker News]

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks [Alessandro Mascellino, Infosecurity Magazine]

Other Cybersecurity News

Key figures behind Phobos and 8Base ransomware arrested in international cybercrime crackdown [Europol, Europol]

Beware of Malicious Browser Updates That Installs SocGholish Malware [Tushar Subhra Dutta, Cybersecurity News]

Can malware be hidden in emojis? [News Staff, Goverment Technology]

Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks [Alessandro Mascellino, Infosecurity Magazine]

New YouTube Bug Exploited to Leak Users’ Email Addresses [Guru Baran, Cybersecurity News]