DJBSEC's CyberNews 2-27-25

Created in February 27, 2025

2025   ·   CyberNews   ·   News

1. Rsync Vulnerabilities Allow Full Server Control

Critical vulnerabilities have been discovered in the Rsync file synchronization tool, affecting versions 3.2.7 and earlier. These flaws enable attackers to execute arbitrary code on vulnerable servers, exfiltrate sensitive data, and bypass security controls. Proof-of-concept exploits have demonstrated remote code execution capabilities, emphasizing the need for immediate updates to version 3.4.0. Administrators are advised to audit server configurations and disable anonymous access to mitigate potential threats.
Read more here

2. Australian IVF Giant Genea Breached by Termite Ransomware Gang

Genea, one of Australia’s leading fertility service providers, has suffered a data breach orchestrated by the Termite ransomware gang. The attackers infiltrated Genea’s network, stealing sensitive patient data, which was subsequently published online. In response, Genea obtained a court-ordered injunction to prevent further dissemination of the leaked information and is collaborating with the Australian Cyber Security Centre to investigate the incident. Patients are being offered support to safeguard their personal information.
Read more here

3. New Phishing Attack Targeting Amazon Prime Users

A sophisticated phishing campaign has emerged, targeting Amazon Prime users with counterfeit renewal notifications. These deceptive emails prompt recipients to update their payment information, leading them to fake Amazon security portals designed to harvest login credentials, payment details, and personal data. The attackers employ advanced social engineering tactics, including the use of Google Docs redirects and QR code-based payloads, to bypass security filters. Users are advised to verify communications directly through Amazon’s official website and avoid clicking on suspicious links.
Read more here

4. Microsoft Entra ID DNS Resolution Failures Result in Authentication Issues

A critical DNS misconfiguration in Microsoft Entra ID (formerly Azure Active Directory) led to global authentication disruptions for nearly 90 minutes on February 25, 2025. The issue originated from an IPv6 infrastructure cleanup that inadvertently removed essential CNAME records, causing failures in Kerberos ticket validation. Services relying on Seamless Single Sign-On and Entra Connect Sync were particularly affected. Microsoft has since reverted the changes and is conducting a post-incident review to prevent future occurrences.
Read more here

5. GRUB2 Vulnerabilities Expose Millions of Linux Systems to Cyber Attacks

A set of 20 critical vulnerabilities has been identified in GRUB2, the bootloader used by most Linux distributions and Unix-like systems. These flaws expose millions of devices to potential secure boot bypasses, remote code execution, and persistent firmware-level attacks. The vulnerabilities affect various components, including filesystem drivers and cryptographic modules. Users are urged to apply the latest patches and updates to mitigate these security risks.
Read more here

6. 99% of Organizations Faced API Security Issues Within Past 12 Months

A recent report reveals that 99% of organizations encountered API security issues over the past year. Common challenges include vulnerabilities exposing APIs to attacks, exposure of sensitive information, and authentication weaknesses. Notably, 95% of API attacks originated from authenticated sources, and 98% targeted external-facing APIs. Despite increasing security budgets, many organizations still lack mature API security programs, highlighting the need for enhanced protective measures.
Read more here

7. Threat Actor Allegedly Selling VMware ESXi 0-Day Exploit on Hacker Forum

A cybercriminal known as “Vanger” has reportedly advertised a zero-day exploit targeting VMware ESXi hypervisors on underground forums, priced at $150,000. This exploit purportedly enables virtual machine escape, allowing attackers to breach host systems from guest virtual machines. While the authenticity of the exploit remains unverified, its potential impact underscores the importance of regular patching and stringent security measures in virtualized environments.
Read more here

8. VSCode Extensions with 9 Million Installs Pulled Over Security Risks

Microsoft has removed two popular Visual Studio Code extensions, ‘Material Theme – Free’ and ‘Material Theme Icons – Free,’ from its marketplace due to the discovery of malicious code. These extensions, collectively downloaded nearly 9 million times, have been automatically disabled in users’ environments. The incident highlights the necessity for developers to scrutinize third-party extensions and for organizations to implement robust security policies governing their use.
Read more here

9. ‘Silver Fox’ APT Skirts Windows Blocklist in BYOVD Attack

The Chinese advanced persistent threat group known as ‘Silver Fox’ has been exploiting a vulnerable Windows driver, ‘Truesight.sys,’ to bypass security measures and deploy malware. This bring-your-own-vulnerable-driver (BYOVD) attack allows the group to undermine protected processes and infect systems with malware such as Gh0stRAT. The campaign primarily targets individuals in Southeast Asia, emphasizing the need for vigilant driver management and updated blocklists to prevent such exploits.
Read more here

10. Bybit Declares War on Lazarus Crew to Regain Stolen $1.5 Billion

Cryptocurrency exchange Bybit has launched a bounty program offering up to $140 million for information leading to the recovery of $1.5 billion in Ethereum stolen by North Korea



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2025-07-11
  • DJBSEC's CyberNews 2025-07-10
  • DJBSEC's CyberNews 2025-07-09
  • DJBSEC's CyberNews 2025-07-08
  • DJBSEC's CyberNews 2025-07-07