DJBSEC's CyberNews 2025-07-10
1. Windows BitLocker Bypass Vulnerability Discovered
A critical vulnerability has been discovered allowing attackers to bypass Windows BitLocker encryption protections. By exploiting this flaw, threat actors could gain unauthorized access to encrypted drives without needing recovery keys. Microsoft has released guidance and is expected to patch the issue soon. Users are urged to review physical security controls and implement additional drive protections.
2. OT Security Responsibility Elevating to Executive Leadership
A new report shows that responsibility for operational technology (OT) security is increasingly shifting to executive leadership teams. As OT environments become more connected, cyber risks are now viewed as business risks requiring board-level oversight. Organizations are investing in governance frameworks to integrate OT security into corporate strategy. This trend is expected to drive greater resource allocation and cross-team collaboration.
3. Attackers Exploit Weaknesses in Multi-Factor Authentication
Researchers warn that attackers are exploiting weaknesses in multi-factor authentication (MFA) implementations, undermining user trust in these security controls. Techniques such as MFA fatigue attacks, token theft, and social engineering are increasingly successful. Experts stress the importance of phishing-resistant MFA solutions like hardware keys. Organizations should review MFA configurations and educate users on recognizing exploitation attempts.
4. Ingram Micro Starts Restoring Systems After Ransomware Attack
Ingram Micro has begun restoring systems affected by the recent SafePay ransomware attack. The incident disrupted IT services globally, impacting ordering and supply chain operations for customers. The company is working with cybersecurity experts to strengthen defenses and prevent future breaches. Customers have been advised that some services may remain unavailable during the phased recovery.
5. Ruckus Networks Leaves Severe Flaws Unpatched in Management Devices
Security researchers revealed that Ruckus Networks has left multiple severe vulnerabilities unpatched in its wireless management devices. These flaws could allow attackers to execute code remotely or gain administrative access to network environments. Despite public disclosure and exploit availability, no vendor patches have been released. Organizations using Ruckus devices are urged to implement mitigations or isolate vulnerable systems.
6. Top 5 Remote Access and RMM Tools Most Abused by Threat Actors
Researchers have identified the top five remote access and RMM tools most abused by threat actors for persistence and lateral movement. Tools like AnyDesk, TeamViewer, and ConnectWise Control are commonly leveraged in attacks due to their legitimate use in IT environments. Security experts recommend monitoring for unauthorized installations and enforcing strict remote access policies. This helps reduce the risk of tool abuse during intrusions.
7. AMD TSA Side-Channel Vulnerability Disclosed
A new side-channel vulnerability affecting AMD processors, dubbed TSA, has been disclosed by researchers. The flaw could allow attackers to leak sensitive data processed within CPU cores. AMD has acknowledged the issue and is working on microcode updates to mitigate the risk. Users are advised to stay up to date with firmware and OS security patches as they are released.
8. US Sanctions North Korean IT Workers Funding Missile Program
The US government has announced sanctions against North Korean IT workers accused of funding the country’s missile program through illicit cyber activities. These workers operate as freelance developers to infiltrate global companies and funnel earnings back to North Korea. The sanctions aim to disrupt these covert revenue streams and limit Pyongyang’s access to critical technologies. Businesses are advised to vet overseas contractors rigorously to avoid inadvertent compliance violations.
9. AI Malware Proof of Concept Evades Microsoft Defender
Researchers have developed a proof-of-concept AI-powered malware that successfully evades Microsoft Defender detections. The malware dynamically modifies its behavior and code signatures using AI to bypass security engines. Although not yet seen in the wild, experts warn that AI-enabled malware could soon become a significant threat. Organizations should prepare by enhancing behavioral detection and anomaly monitoring capabilities.
10. US Healthcare Cybersecurity Bill Advances in Congress
A major cybersecurity bill aiming to strengthen healthcare sector protections has advanced in Congress. The legislation proposes funding for critical infrastructure upgrades, mandatory security frameworks, and improved incident reporting. Lawmakers highlight the growing threat of ransomware attacks against hospitals and patient data systems. If passed, the bill could reshape cybersecurity standards across the US healthcare industry.
Enjoy Reading This Article?
Here are some more articles you might like to read next: