DJBSEC's CyberNews 2025-07-03

Story 1. Microsoft Asks Users to Ignore Windows Firewall Config Errors

Microsoft has asked users to ignore Windows Firewall configuration errors that appeared after the recent security updates. The company confirmed these errors are due to a bug in the update process and do not impact actual firewall functionality. A fix is being developed and will be rolled out in upcoming patches. Users are advised not to make manual changes as these warnings are cosmetic.

Story 2. Let’s Encrypt Rolls Out Free ECDSA Certificates

Let’s Encrypt has started issuing free ECDSA certificates to improve website performance and security. These certificates use elliptic curve cryptography, offering better efficiency and stronger security compared to traditional RSA certificates. Website owners can now choose ECDSA certificates when generating new SSL certificates through Let’s Encrypt. This move aims to enhance encryption standards across the internet at no additional cost.

Story 3. Threat Actors Weaponize PDFs to Impersonate Microsoft, DocuSign, Dropbox

Cybercriminals are increasingly using weaponized PDF files to impersonate brands like Microsoft, DocuSign, and Dropbox. These PDFs contain phishing links or malware designed to steal user credentials or install malicious payloads. Security researchers warn that these documents often bypass email security filters due to their legitimate appearance. Users are urged to verify PDF senders and avoid opening unexpected attachments.

Story 4. AI-Generated Phishing Websites Becoming More Sophisticated

New research reveals cybercriminals are using AI to generate highly convincing phishing websites. These sites mimic legitimate brands with improved design, language accuracy, and realistic layouts, making them harder to detect. Security experts warn that AI lowers the barrier for attackers to create targeted phishing campaigns at scale. Organizations are advised to enhance user awareness training and detection capabilities against this evolving threat.

Story 5. Hackers Actively Attacking Linux SSH Servers

Security researchers report that hackers are actively targeting Linux SSH servers using brute force and credential stuffing attacks. Once inside, attackers deploy malware to maintain persistence and pivot within networks. The attacks primarily target exposed servers with weak credentials or default configurations. System administrators are urged to enforce strong passwords, disable root login over SSH, and implement multi-factor authentication.

Story 6. FBI: Salt Typhoon Campaign Largely Contained in Telecom Networks

A top FBI cyber official stated that the Salt Typhoon hacking campaign targeting US telecom networks has been largely contained. The Chinese state-backed group was attempting to exploit vulnerabilities in network infrastructure to conduct espionage activities. Collaborative efforts between telecom companies and government agencies led to detection and mitigation. However, officials warn that vigilance remains critical against similar nation-state threats.

Story 7. Cisco Removes Unified CM CallManager Backdoor Root Account

Cisco has released an update removing a backdoor root account in its Unified Communications Manager (CallManager) software. The hardcoded credentials could allow attackers to gain root access to the system if exploited. Cisco advises all customers to apply the security update immediately to mitigate potential threats. This discovery highlights the risks of embedded default accounts in enterprise systems.

Story 8. Surge of ClickFix Attacks Threatens Corporate Defenses

Researchers have observed a sixfold increase in ClickFix attacks, where threat actors exploit web-based support tools to gain unauthorized access. These attacks target organizations’ customer service portals and exploit automated workflows to deploy malicious payloads. Security experts warn that these methods bypass traditional email security defenses. Companies are urged to review web support tool configurations and implement stricter security controls.

Story 9. DCrat Malware Attacks Windows for Keylogging and Remote Control

A new campaign deploying DCrat malware is targeting Windows systems to enable keylogging and full remote control capabilities. Attackers deliver the malware through phishing emails containing malicious attachments or links. Once installed, DCrat allows threat actors to monitor user activity, steal credentials, and execute further commands. Users are advised to remain vigilant against suspicious emails and keep endpoint protection updated.

Story 10. Microsoft Links DNS Issue to Exchange Online OTP Delivery Failures

Microsoft has linked recent OTP delivery failures in Exchange Online to an internal DNS issue. The problem caused delays or failures in sending one-time passcodes used for user authentication. Microsoft has implemented a fix and confirmed that the service is now operating normally. Users experiencing lingering issues are advised to retry their operations.

Enjoy Reading This Article?