Cyber Security Headlines Summary
Episode: OpenSSH Flaws Enable New Attacks, Microsoft Prepares for Deprecation, Zwipe Files for Bankruptcy
Release Date: February 19, 2025
Host: CISO Series

OpenSSH Vulnerabilities Discovered and Patched

On February 19, 2025, Sarah Lane reported significant security vulnerabilities found in OpenSSH, a widely used tool for secure network communications. Two primary issues were identified:

1. Man-in-the-Middle (MITM) Vulnerability:
   Affecting OpenSSH versions 6.8p1 to 9.9p1, this flaw emerges when the Verify Host Key DNS option is enabled. It allows attackers to impersonate legitimate servers, facilitating unauthorized access and data interception. Sarah highlighted, “These vulnerabilities could enable attackers to seamlessly intercept and manipulate communications between users and servers” (02:15).

2. Denial of Service (DoS) Vulnerability:
   Present in versions 9.5p1 to 9.9p1, this issue can lead to resource exhaustion, causing the SSH service to become unresponsive. “Resource exhaustion attacks can cripple critical services, making them unavailable to legitimate users,” Sarah emphasized (03:45).

Both vulnerabilities have been addressed in OpenSSH 9.9p2, which was released the previous Tuesday. Users are strongly advised to update to this version to mitigate these security risks.

Microsoft Deprecates WSUS Driver Synchronization

Microsoft has announced the deprecation of driver synchronization in Windows Server Update Services (WSUS) effective April 18, 2025. Sarah explained that enterprises are encouraged to transition to cloud-based solutions such as Windows Autopatch, Azure Update Manager, and Microsoft Intune. Post-deprecation, drivers will remain accessible via the Microsoft Update Catalog, but importing them into WSUS will no longer be supported.

“While WSUS was deprecated back in 2024, Microsoft is still maintaining existing functionalities and continues to publish updates through this channel,” Sarah noted (04:30). This move underscores Microsoft’s strategic shift towards cloud-based infrastructure management, aiming to offer more scalable and efficient update mechanisms.

Zwipe Files for Bankruptcy Amid Warranty Dispute

Norwegian biometric technology company Zwipe has filed for bankruptcy following a legal dispute with IDEX Biometrics. Sarah detailed that Zwipe was ordered to pay $702,000 plus additional costs related to a warranty disagreement over 300,000 fingerprint biometric sensors ordered in 2020. Despite an exclusive partnership arrangement aimed at commercializing biometric payment cards, Zwipe struggled with financial stability.

“Founded in 2009, Zwipe faced significant financial challenges that ultimately led to its insolvency,” Sarah reported (05:50). A bankruptcy trustee in Oslo will oversee the proceedings, marking the end of Zwipe's endeavors in the biometric payment sector.

Resurgence of Carding Activities by Chinese Cybercriminals

In a report by Krebs on Security, Sarah highlighted a troubling resurgence in the carding industry orchestrated by Chinese cybercrime groups. This underground market specializes in selling, stealing, or swiping payment card data. Utilizing advanced phishing kits, attackers target both Apple iMessage and Google's RCS to bypass traditional SMS security measures.

“These phishing campaigns are sophisticated, tricking victims into providing one-time verification codes that link stolen card details to mobile wallets,” Sarah explained (07:10). The stolen wallets are either sold in bulk or used for fraudulent transactions, contributing to an estimated $15 billion in annual losses globally.

Cyberattacks Target Ecuador's National Assembly and Other Entities

Ecuador has been a significant target of cyberattacks, with the National Assembly experiencing two attacks just a week after its general elections. Sarah reported that the assembly successfully identified and counteracted the threats swiftly but withheld further details (08:25). This incident is part of a series of attacks on prominent Ecuadorian organizations, including Radio Pachincha, the National Civil Registry, and the National Election Agency. Additionally, Blanco Pagania has faced cyber threats, underscoring the persistent cybersecurity challenges within the country.

Juniper Networks Patches Critical SSR Vulnerability

Juniper Networks has released patches for a critical vulnerability affecting its Session Smart Router (SSR) devices, including models like Session Smart Conductor and WAN Assurance Managed Routers. Though no active attacks exploiting this vulnerability have been detected yet, Sarah urged administrators to apply the updates promptly to prevent potential breaches (09:40). Given that Juniper devices are frequently targeted due to their deployment in critical environments, timely patching is essential to maintain network security integrity.

Microsoft's February Patch Tuesday Brings New Windows 11 Issues

The latest Microsoft February Patch Tuesday Update for Windows 11 addressed several bugs and security vulnerabilities. However, it inadvertently introduced new issues, including File Explorer malfunctions, installation failures, and various system glitches. Users have reported problems such as inability to open folders, missing context menus, and errors during installations, even on systems without third-party customizations.

“Windows 1124H2 has been notably problematic, raising concerns as the October 2025 Windows 10 support cutoff approaches,” Sarah stated (10:55). These new bugs have sparked user frustration and highlight the complexities involved in patch management and software updates.

Cyberattack on Lee Enterprises Affects Operations

Lee Enterprises, a prominent US newspaper publisher, suffered a cyberattack that compromised encrypted critical applications and resulted in file exfiltration. Sarah relayed the company's statement to the SEC, stating, “Threat actors unlawfully accessed the company's network, encrypted critical applications, and exfiltrated certain files” (12:00). The attack disrupted various operations, including product distribution and billing, with full recovery anticipated to take considerable time. While there is no evidence of sensitive data compromise at this stage, the breach is expected to have financial repercussions, with cybersecurity insurance likely covering much of the incurred costs.

Upcoming Event: Super Cyber Friday

Sarah concluded the episode by announcing the Super Cyber Friday event, focusing on "Hacking Metrics That Matter." The session will delve into identifying ineffective vanity metrics, leveraging meaningful data to tell compelling stories to businesses, and pinpointing essential focus areas for cybersecurity professionals. Interested listeners are encouraged to register on the CISO Series events page (13:30).

For more detailed stories behind these headlines, visit CISOseries.com.