Exploited vulnerabilities rising, ban on DeepSeek, crypto scams make comeback - Cybersecurity Headlines

Summary

Cyber Security Headlines: Exploited Vulnerabilities Rising, Ban on DeepSeek, Crypto Scams Make Comeback

Hosted by Lauren Verno | Released on February 4, 2025

The latest episode of Cyber Security Headlines by the CISO Series delves into pressing issues affecting the information security landscape. Hosted by Lauren Verno, the episode covers a surge in exploited vulnerabilities, state bans on AI platforms, a resurgence of crypto scams, significant data breaches, and notable cybercriminal activities. Here's a comprehensive breakdown of the key topics discussed:

1. Surge in Exploited Vulnerabilities

Lauren Verno opens the episode by highlighting a concerning uptick in exploited vulnerabilities over the past year.

“The number of exploited vulnerabilities surged in 2024, with 768 CVEs actively targeted. That's a 20% increase from the year before,” (00:15).

A significant portion of these exploits—nearly a quarter—occurred on or before their public disclosure, indicating that threat actors are aggressively leveraging new vulnerabilities before patches can be widely applied. Chinese threat actors are prominently featured, with 15 groups linked to the exploitation of high-profile vulnerabilities such as Log4J. Targets include major corporations like Citrix, Cisco, Zoho, and Microsoft, underscoring the pervasive nature of these security weaknesses.

2. Texas Bans DeepSeek and Rednote

In a landmark decision, Texas becomes the first U.S. state to ban the Chinese AI company DeepSeek and its associated social media app Rednote on state-issued devices.

“Governor Greg Abbott cited security concerns and the threat of data harvesting for the ban,” (04:50).

This move reflects growing apprehensions about foreign technology companies' access to sensitive state data. Additionally, Italy's Data Protection Authority has echoed these concerns by blocking DeepSeek's chatbot services, demanding transparency in its data collection practices. Despite these actions, DeepSeek denies any operational presence in Italy, intensifying debates over data privacy and international tech regulations.

3. Crypto Scams Resurface on X

The episode discusses the resurgence of crypto scams, particularly through platforms like X (formerly Twitter).

“Hackers behind a one-click phishing campaign have been targeting high-profile X accounts, including journalists, political figures, and even former employees,” (09:20).

These scams aim to deceive followers of these accounts into engaging with fraudulent links that result in cryptocurrency fraud. By leveraging the large followings of high-profile individuals, scammers maximize their reach and potential victim count. The hosts caution listeners to double-check URLs and links to avoid falling prey to such deceptive tactics, noting the significant profitability of these schemes for cybercriminals.

4. GlobeLife Data Breach Impacts Hundreds of Thousands

A massive data breach at GlobeLife has resulted in the exposure of sensitive personal information for approximately 850,000 individuals.

“The breached data included names, addresses, dates of birth, and Social Security numbers,” (14:10).

GlobeLife reported that the breach occurred when a threat actor attempted to extort the company by threatening to release the stolen data. Fortunately, the company confirmed that no credit card or banking information was compromised. This incident underscores the critical importance of robust data protection measures to safeguard personal and financial information against extortion and unauthorized access.

5. Deep Seq AI Platform Impersonation Leads to Data Theft

The episode sheds light on a sophisticated campaign involving malicious Python packages that impersonate the Deep Seq AI platform.

“Malicious packages were uploaded to PyPi, disguised as tools for the Deep Seq AI platform, but they were actually info stealers,” (18:45).

Discovered by Positive Technologies, these packages silently exfiltrated sensitive data such as API keys and database credentials, sending them to a command-and-control server via Pipedream. Although PyPi quickly quarantined and removed the malicious packages, 222 developers had already downloaded them. The hosts advise any developers who used these packages to immediately rotate their credentials to mitigate potential security risks.

6. Casio UK Website Compromised with Payment Flow Skimmer

A new threat actor has compromised the Casio UK website, along with 16 other sites, using a web skimmer to hijack the payment flow.

“The skimmer intercepted clicks on the checkout button to display a fake payment form, capturing sensitive information before redirecting users back to the legitimate checkout page,” (22:30).

This attack was facilitated by a Report Only content security policy on the affected sites, which inadvertently allowed the malicious script to operate undetected. Victims provided their names, addresses, and credit card details, highlighting vulnerabilities in payment processing systems and the need for stringent security protocols to prevent such manipulations.

7. Canadian Hacker Charged in $65 Million Crypto Heist

Bringing attention to significant criminal activities, the episode covers the charges against a 22-year-old Canadian accused of orchestrating a $65 million crypto heist.

“He hacked Kyberswap and Index Finance by exploiting vulnerabilities and manipulating digital coin trades,” (26:15).

The hacker allegedly laundered the stolen funds through multiple transactions, employed fake identities to obscure his actions, and attempted to extort Kyberswap administrators following the attack. Facing charges that include wire fraud, extortion, and money laundering, the individual could face decades in prison. Authorities are still working to determine his exact whereabouts, emphasizing the challenges in tracking and prosecuting cybercriminals.

8. Remembering Sean Bowen

In a poignant segment, Lauren Verno pays tribute to Sean Bowen, a valued member of the CISO Series community who tragically passed away in a parachuting accident.

“Sean's keen insights and quick wit were invaluable to our shows. He was a relentless advocate for the cybersecurity community,” (30:50).

The episode expresses heartfelt condolences to Sean's family, friends, and colleagues, acknowledging his significant contributions and the profound loss felt by those who knew him. A tribute curated by David Spark is available in the CISO Series LinkedIn newsletter, inviting listeners to honor Sean's memory.

Conclusion

Lauren Verno wraps up the episode by directing listeners to CISOseries.com for detailed stories behind the headlines. This episode of Cyber Security Headlines provides a comprehensive overview of the current cybersecurity threats and incidents, offering valuable insights for professionals and enthusiasts alike.

Key Takeaways:

Exploited vulnerabilities are on the rise, with a notable increase in CVEs being targeted by sophisticated threat actors.
State-level bans on foreign AI platforms signal heightened concerns over data security and privacy.
Crypto scams are making a significant comeback, leveraging high-profile accounts to maximize their impact.
Major data breaches like GlobeLife emphasize the ongoing need for robust security measures.
Impersonation campaigns and payment flow skimmers demonstrate the evolving tactics of cybercriminals.
High-profile crypto heists highlight the complexities of cybercrime prosecution.
The cybersecurity community mourns the loss of influential members, reinforcing the importance of collaborative efforts in the field.

For more in-depth analysis and updates, visit CISOseries.com.

Transcript

Lauren Verno (0:00)

From the CISO series, it's Cybersecurity Headlines these are the cybersecurity headlines for Tuesday, February 4, 2025. I'm Lauren Verno. Exploited Vulnerabilities up significantly from previous Year the number of exploited vulnerabilities surged in 2024, with 768 CVEs actively targeted. That's a 20% increase from the year before. Now, nearly a quarter of these were weaponized on or before their public disclosure. Chinese threat actors remain a major player, with 15 groups linked to exploiting top vulnerabilities, including log 4J. These security shortcomings are linked to the exploitation of Citrix, Cisco, Zoho and and Microsoft, to name a few. First US State to declare ban on Deepseek Texas is the first state to take a public stand against Chinese AI company Deepseek and the social media app Rednote, banning the apps from state issued devices. Governor Greg Abbott cited security concerns and the threat of data harvesting for the ban. Meanwhile, across the pond, Italy's Data Protection Authority has also blocked Deepseek's chatbot service and demanded details on its data collection practices amid mounting privacy concerns, even as the company denies operating in Italy. Crypto Scams make comeback on X An oldie but a goodie, at least according to the hackers behind a one click phishing campaign that has recently been targeting high profile X accounts. Journalists, political figures and even an ex employee are the targets of this attack that ultimately leads to cryptocurrency fraud. Now the goal of targeting these high profile accounts is to gain access to their large following, maximizing the amount of people who who could potentially fall victim to the scam. These kinds of scams have turned out to be very lucrative for hackers in the past, which is why it's worth noting to double check any URL or links before potentially falling for one of these scams. Hundreds of Thousands impacted in GlobeLife breach GlobeLife is notifying 850,000 individuals after a data breach potentially exposed personal health and insurance information. The company disclosed that a threat actor attempted to extort them by threatening to release stolen data from databases maintained by independent agency owners, which included names, addresses, dates of birth and Social Security numbers, though GlobeLife emphasized that no credit card or banking data was compromised. Thanks to Today's episode sponsor ThreatLocker, ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit threatlocker.com that's T H R E A T L O C K E R Deep Seq Fake Leads to Malware under the guise of the controversial Deep Seq AI platform, malicious Python packages DeepSeek with 3Es and Deep Seq AI were uploaded to Python Package Index, or PyPi, impersonating tools for the Deep Seq AI platform, but they were in fact info stealers that silently exfiltrated sensitive data from developer systems. Positive Technologies discovered the campaign and reported that the payloads stole environment variables including API keys and database credentials, and then sent the data to a ct server via pipedream. Although PyPi quickly quarantined and removed the packages, 222 developers downloaded them, so anyone who used these packages should immediately rotate their credentials. Casio UK Skimmer exploits Payment Flow A threat actor infected the Casio UK website along with 16 other sites using a web skimmer that hijacked the payment flow to capture and exfiltrate visitor data. Now, in an unusual move, instead of targeting the checkout page directly, the skimmer intercepted clicks on the checkout button to display a fake payment form that gathered sensitive information like names, addresses and credit card details before redirecting users back to the legitimate checkout page. The attack was enabled by a Report Only content security policy on the affected sites, which allowed the malicious script to operate undetected. Canadian hacker charged in $65 million crypto heist US prosecutors have charged a 22 year old Canadian with hacking Kyberswap and Index finance, stealing nearly 65 million by exploiting vulnerabilities and manipulating digital coin trades. Now, the hacker allegedly laundered the funds through multiple transactions, used fake identities to conceal his actions, and and even attempted to extort Kyberswap administrators after the attack. Facing charges including wire fraud, extortion and money laundering, he could receive decades in prison with authorities still working to determine his whereabouts. Remembering Sean Bowen Switching gears here for a second it's with profound sadness that we here at the CISO series mourn the loss of Sean Bowen, who died tragically in a parachuting accident over the weekend. Now, if you've listened to any of our shows for any length of time, you've likely heard Sean's keen insights and quick wit. He was a relentless advocate for what we try to bring to the cybersecurity community and unfailingly generous with his time and expertise. We extend our condolences to all of his family, friends and co workers, and especially to his wife and two children. Now, David Spark has put together a tribute to Sean in our LinkedIn newsletter with some remembrances from our staff. Now, if you'd like to read them or share your own comments, check out the link in our show notes. I'm Lauren Verno reporting for the CISO series. Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.