
Loading summary
A
From the CISO series, it's Cybersecurity Headlines.
B
These are the cybersecurity headlines for Wednesday, February 19, 2025. I'm Sarah Lane. In today's cybersecurity news, two security vulnerabilities have been discovered in open SSH that could enable man in the Middle attacks and Denial of Service attacks. The man in the Middle vulnerability affects versions 6.8p1 to 9.9p1 when the verify Host Key DNS option is enabled, letting attackers impersonate legitimate servers. The DOS Vulnerability affects versions 9.5 P1 to 9.9 P1, leading to resource exhaustion. Both issues are Fixed in open SSH9.9P2, which was released on Tuesday. Microsoft will deprecate driver synchronization in Windows Server Update Services OR WSUS on April 18, reminding enterprises to switch to cloud based solutions like Windows Autopatch, Azure Update Manager and Microsoft Intune. After this date, drivers will still be available on the Microsoft Update Catalog but can't be imported into WSUS. Although WSUS was deprecated back in 2024, Microsoft is maintaining existing functionality and continues to publish updates through the channel. Norwegian company Zwipe was ordered to Pay IDEX Biometrics $702,000 plus additional costs over a warranty dispute, but struggled to secure financing to avoid insolvency. Swipe ordered 300,000 fingerprint biometric sensors from IDEX back in 2020 for following an exclusive partnership arrangement. The company now has filed for bankruptcy and a bankruptcy trustee in Oslo will oversee the process. Founded back in 2009, Zwipe wanted to commercialize biometric payment cards but faced financial challenges. Krebs on Security reports that Chinese cybercrime groups are reviving the carding industry. That's the underground business of selling or stealing or swiping stolen payment card data by using advanced phishing kits to steal payment data card data and convert it into mobile wallets which are then loaded onto devices for fraudulent use. These phishing campaigns exploit both Apple iMessage and Google's RCS to bypass traditional SMS security and link stolen card details to mobile wallets by tricking victims into providing one time verification codes. The stolen wallets are then sold in bulk or used for fraudulent transactions, contributing to an estimated $15 billion in annual losses. Thank you to today's sponsor. Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise grade security programs. Their best in class features like process automation, AI and over 75 native integrations reverse compliance debt and help minimize manage risk proactively as your business grows. Visit Scrut IE to schedule a demo or learn more. That is www.scrut.IO Ecuador's National assembly experienced two cyber attacks on Monday, just a week after its general election. In a statement, the assembly said it was able to quickly identify and counteract the situation, but didn't provide any more information. This incident follows a series of cyber attacks on prominent organizations in Ecuador, including Radio Pachincha, the National Civil Registry and the National Election Agency. In recent years, cyberattacks have also targeted Blanco Pagania, highlighting ongoing cybersecurity challenges in the country. Juniper Networks patched a critical vulnerability that allows attackers to to bypass authentication and take over Session Smart Router or SSR devices, including Session Smart Conductor and WAN Assurance Managed Routers. Although no attacks have been detected as of yet, administrators are being urged to upgrade to the fixed versions. Juniper devices are frequent targets due to their use in critical environments, with previous vulnerabilities being exploited soon after patches have been released. Microsoft's February patch Tuesday Update for Windows 11 Fixed several bugs and security vulnerabilities, but introduced new issues including File Explorer malfunctions, installation failures and various system glitches. Users reported problems with opening folders, context menus not appearing, and installation errors. Even on systems without third party customizations. Windows 1124H2 has been notably problematic, raising concerns as the October 2025 Windows 10 support cutoff approaches. US newspaper publisher Lee Enterprises experienced a cyber attack that affected encrypted critical applications and exfiltrated files, telling the SEC that, quote, threat actors unlawfully accessed the company's network, encrypted critical applications and exfiltrated certain files, end quote. The attack disrupted product distribution, billing and other operations, with full recovery expected to take. There isn't evidence of compromised sensitive data yet, but the breach is likely to impact the company's financials, and cybersecurity insurance is expected to help cover costs. Remember to register for this week's Super Cyber Friday event. Hacking metrics that matter. We're going to break down what are the most useless vanity metrics, how to use metrics to tell a better story to the business, and what you should really be focusing on. Head on over to the events page@cisoseries.com to register for this event this Friday at 1pm Eastern 10am Pacific.
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
B
I'm Sarah Lane reporting for the CISO series. Thank you so much for listening.
Cyber Security Headlines Summary
Episode: OpenSSH Flaws Enable New Attacks, Microsoft Prepares for Deprecation, Zwipe Files for Bankruptcy
Release Date: February 19, 2025
Host: CISO Series
On February 19, 2025, Sarah Lane reported significant security vulnerabilities found in OpenSSH, a widely used tool for secure network communications. Two primary issues were identified:
Man-in-the-Middle (MITM) Vulnerability:
Affecting OpenSSH versions 6.8p1 to 9.9p1, this flaw emerges when the Verify Host Key DNS option is enabled. It allows attackers to impersonate legitimate servers, facilitating unauthorized access and data interception. Sarah highlighted, “These vulnerabilities could enable attackers to seamlessly intercept and manipulate communications between users and servers” (02:15).
Denial of Service (DoS) Vulnerability:
Present in versions 9.5p1 to 9.9p1, this issue can lead to resource exhaustion, causing the SSH service to become unresponsive. “Resource exhaustion attacks can cripple critical services, making them unavailable to legitimate users,” Sarah emphasized (03:45).
Both vulnerabilities have been addressed in OpenSSH 9.9p2, which was released the previous Tuesday. Users are strongly advised to update to this version to mitigate these security risks.
Microsoft has announced the deprecation of driver synchronization in Windows Server Update Services (WSUS) effective April 18, 2025. Sarah explained that enterprises are encouraged to transition to cloud-based solutions such as Windows Autopatch, Azure Update Manager, and Microsoft Intune. Post-deprecation, drivers will remain accessible via the Microsoft Update Catalog, but importing them into WSUS will no longer be supported.
“While WSUS was deprecated back in 2024, Microsoft is still maintaining existing functionalities and continues to publish updates through this channel,” Sarah noted (04:30). This move underscores Microsoft’s strategic shift towards cloud-based infrastructure management, aiming to offer more scalable and efficient update mechanisms.
Norwegian biometric technology company Zwipe has filed for bankruptcy following a legal dispute with IDEX Biometrics. Sarah detailed that Zwipe was ordered to pay $702,000 plus additional costs related to a warranty disagreement over 300,000 fingerprint biometric sensors ordered in 2020. Despite an exclusive partnership arrangement aimed at commercializing biometric payment cards, Zwipe struggled with financial stability.
“Founded in 2009, Zwipe faced significant financial challenges that ultimately led to its insolvency,” Sarah reported (05:50). A bankruptcy trustee in Oslo will oversee the proceedings, marking the end of Zwipe's endeavors in the biometric payment sector.
In a report by Krebs on Security, Sarah highlighted a troubling resurgence in the carding industry orchestrated by Chinese cybercrime groups. This underground market specializes in selling, stealing, or swiping payment card data. Utilizing advanced phishing kits, attackers target both Apple iMessage and Google's RCS to bypass traditional SMS security measures.
“These phishing campaigns are sophisticated, tricking victims into providing one-time verification codes that link stolen card details to mobile wallets,” Sarah explained (07:10). The stolen wallets are either sold in bulk or used for fraudulent transactions, contributing to an estimated $15 billion in annual losses globally.
Ecuador has been a significant target of cyberattacks, with the National Assembly experiencing two attacks just a week after its general elections. Sarah reported that the assembly successfully identified and counteracted the threats swiftly but withheld further details (08:25). This incident is part of a series of attacks on prominent Ecuadorian organizations, including Radio Pachincha, the National Civil Registry, and the National Election Agency. Additionally, Blanco Pagania has faced cyber threats, underscoring the persistent cybersecurity challenges within the country.
Juniper Networks has released patches for a critical vulnerability affecting its Session Smart Router (SSR) devices, including models like Session Smart Conductor and WAN Assurance Managed Routers. Though no active attacks exploiting this vulnerability have been detected yet, Sarah urged administrators to apply the updates promptly to prevent potential breaches (09:40). Given that Juniper devices are frequently targeted due to their deployment in critical environments, timely patching is essential to maintain network security integrity.
The latest Microsoft February Patch Tuesday Update for Windows 11 addressed several bugs and security vulnerabilities. However, it inadvertently introduced new issues, including File Explorer malfunctions, installation failures, and various system glitches. Users have reported problems such as inability to open folders, missing context menus, and errors during installations, even on systems without third-party customizations.
“Windows 1124H2 has been notably problematic, raising concerns as the October 2025 Windows 10 support cutoff approaches,” Sarah stated (10:55). These new bugs have sparked user frustration and highlight the complexities involved in patch management and software updates.
Lee Enterprises, a prominent US newspaper publisher, suffered a cyberattack that compromised encrypted critical applications and resulted in file exfiltration. Sarah relayed the company's statement to the SEC, stating, “Threat actors unlawfully accessed the company's network, encrypted critical applications, and exfiltrated certain files” (12:00). The attack disrupted various operations, including product distribution and billing, with full recovery anticipated to take considerable time. While there is no evidence of sensitive data compromise at this stage, the breach is expected to have financial repercussions, with cybersecurity insurance likely covering much of the incurred costs.
Sarah concluded the episode by announcing the Super Cyber Friday event, focusing on "Hacking Metrics That Matter." The session will delve into identifying ineffective vanity metrics, leveraging meaningful data to tell compelling stories to businesses, and pinpointing essential focus areas for cybersecurity professionals. Interested listeners are encouraged to register on the CISO Series events page (13:30).
For more detailed stories behind these headlines, visit CISOseries.com.