DJBSEC's CyberNews 3-4-25

Created in March 04, 2025

2025   ·   CyberNews   ·   News

Story 1. Fake IT Support Calls Target Microsoft Teams Users to Install Ransomware

Cybercriminals are impersonating IT support staff in Microsoft Teams calls to trick employees into installing ransomware. This social engineering tactic involves attackers gaining access to Teams accounts and calling users under the pretense of troubleshooting issues. Once trust is established, victims are directed to download and run malware disguised as a legitimate update. Security experts recommend organizations enforce strict authentication policies and educate employees on verifying IT support requests.
Read more here

Story 2. CISOs Urged to Prioritize Identity Management, Says CrowdStrike Executive

A top executive at CrowdStrike has warned CISOs to urgently address identity management as a critical component of cybersecurity. Weak identity controls continue to be a primary attack vector for cybercriminals, enabling account takeovers and privilege escalation attacks. The increasing adoption of cloud services and remote work has amplified these risks, making zero-trust policies and robust identity verification essential. Organizations are encouraged to implement multi-factor authentication (MFA) and continuous monitoring to mitigate threats.
Read more here

Story 3. CISA Adds Multiple Cisco, Microsoft, and Progress Software Vulnerabilities to Known Exploited List

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The list includes flaws in Cisco Small Business RV series routers, Microsoft Windows Win32k, Hitachi Vantara’s Pentaho BA Server, and Progress WhatsUp Gold. These vulnerabilities are actively being exploited by attackers, posing significant security risks. Organizations using these products should apply patches immediately to prevent potential breaches.
Read more here

Story 4. North Korean IT Workers Using Astrill VPN to Evade Sanctions

A new report reveals that North Korean IT workers are using Astrill VPN to disguise their identities and secure remote jobs at foreign companies. These workers pose as legitimate software developers while funneling earnings back to the North Korean government. Their tactics include using stolen identities and falsified credentials to bypass background checks. Businesses hiring remote IT talent are advised to implement rigorous identity verification and monitoring to detect fraudulent applicants.
Read more here

Story 5. Microsoft Links Recent Microsoft 365 Outage to Buggy Update

Microsoft has confirmed that a buggy update caused a widespread Microsoft 365 outage, disrupting access to services like Outlook, Teams, and OneDrive. The issue, introduced in a recent software update, led to authentication failures and connectivity problems for thousands of users. Microsoft has since rolled back the faulty update and implemented additional safeguards to prevent similar incidents in the future. The outage highlights the risks of untested updates affecting cloud-based services.
Read more here

Story 6. Nearly 12,000 API Keys and Passwords Found in AI Training Dataset

Researchers have discovered nearly 12,000 exposed API keys and passwords within a publicly accessible AI training dataset. These sensitive credentials, likely included unintentionally, could allow attackers to access databases, cloud environments, and payment systems. The incident raises concerns over data sanitization practices in AI model training. Experts emphasize the need for strict data handling protocols to prevent security leaks in machine learning projects.
Read more here

Story 7. Hackers Use “ClickFix” Trick to Deploy Malware via Fake Software Updates

Cybercriminals are using a new technique called “ClickFix” to deliver malware through fake software updates. This attack method tricks users into believing they are fixing a software issue, only to install malicious payloads instead. The malware can steal sensitive data, deploy ransomware, or establish persistent access for further exploitation. Users are urged to verify update sources and avoid clicking on unsolicited fix prompts.
Read more here



Enjoy Reading This Article?

Here are some more articles you might like to read next:

  • DJBSEC's CyberNews 2025-07-11
  • DJBSEC's CyberNews 2025-07-10
  • DJBSEC's CyberNews 2025-07-09
  • DJBSEC's CyberNews 2025-07-08
  • DJBSEC's CyberNews 2025-07-07