← Cybersecurity Headlines
Cybersecurity Headlines
SAP zero-day active, another OAuth exploit, cybersecurity CEO arrested
00:07:21
Loading summary
Transcript65 lines
- [00:00]
Host
From the CISO series, it's Cybersecurity Headlines.
- [00:07]
Steve Prentiss
These are the cybersecurity headlines for Monday, April 28, 2025. I'm Steve Prentiss.
- [00:17]
Cybersecurity Expert
SAP Zero Day Vulnerability under Widespread Active.
- [00:21]
Steve Prentiss
Exploitation Security researchers are observing a widespread.
- [00:26]
Cybersecurity Expert
Exploitation of a zero day vulnerability affecting SAP netweaver systems. This unrestricted file upload vulnerability has a CVE number and a score of 10.
- [00:36]
Steve Prentiss
On the CVSS scale.
- [00:38]
Cybersecurity Expert
It allows attackers to upload files directly.
- [00:41]
Steve Prentiss
To the system without authorization following discovery.
- [00:45]
Cybersecurity Expert
By reliaquest on Tuesday. SAP issued an emergency patch on Thursday.
- [00:50]
Steve Prentiss
But the enterprise company's security advisory is.
- [00:53]
Cybersecurity Expert
Only available to SAP customers with login credentials. Watchtower is seeing active exploitation by threat actors hackers abuse OAuth 2.0 workflows to.
- [01:06]
Steve Prentiss
Hijack Microsoft 365 accounts this attack is.
- [01:10]
Cybersecurity Expert
Separate from the domain keys identified mail.
- [01:13]
Steve Prentiss
OAuth attack DKIM that we covered on Tuesday.
- [01:16]
Cybersecurity Expert
Since early March, Russian threat actors have been abusing legitimate OAuth 2.0 authentication workflows to hijack Microsoft 365 accounts of employees.
- [01:26]
Steve Prentiss
Tied to Ukraine and human rights causes in this campaign.
- [01:30]
Cybersecurity Expert
The attackers impersonate European officials or Ukrainian.
- [01:33]
Steve Prentiss
Diplomats via WhatsApp and signal luring targets with fake invitations to private video meetings.
- [01:41]
Cybersecurity Expert
Victims are tricked into providing Microsoft authorization.
- [01:43]
Steve Prentiss
Codes or clicking phishing links.
- [01:46]
Cybersecurity Expert
One communication originated from a compromised Ukrainian government account. Cybersecurity firm CEO charged with installing malware.
- [01:56]
Steve Prentiss
On hospital systems Jeffrey Bowie is CEO.
- [02:00]
Cybersecurity Expert
Of the cybersecurity firm Veritico V E R I T A C O. He is now facing two counts of violating Oklahoma's Computer Crimes act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital.
- [02:14]
Steve Prentiss
End quote On August 6th of last year, he was arrested in April based.
- [02:19]
Cybersecurity Expert
On security footage showing a man attempting.
- [02:21]
Steve Prentiss
To access multiple officers.
- [02:24]
Cybersecurity Expert
The malware was designed to capture screenshots every 20 minutes and transmit them to an external IP address.
- [02:30]
Steve Prentiss
Officials have stated that no patient data was accessed.
- [02:35]
Cybersecurity Expert
That Windows folder initpub might be a problem after all. Two Mondays ago, we reported on an issue following Patch Tuesday in which a new empty folder had been created on the hard drives of Windows subscribers. Microsoft issued a statement telling users that the folder was part of a fix for a Windows process activation elevation of.
- [02:57]
Steve Prentiss
Privilege vulnerability and that it should not be removed.
- [03:01]
Cybersecurity Expert
However, cybersecurity expert Kevin Beaumont says this folder, initpub can be abused to prevent further Windows updates from being installed if it is created in a certain way. He added that he had discovered that this fix introduces a denial of service vulnerability in the Windows servicing stack that allows allows non admin users to stop.
- [03:24]
Steve Prentiss
All future Windows security updates, end quote.
- [03:27]
Cybersecurity Expert
This, he says, can be achieved by anyone by simply creating a junction between c enetpub and a Windows file by.
- [03:36]
Steve Prentiss
Using a simple one line command.
- [03:38]
Cybersecurity Expert
Beaumont says he reported the bug to Microsoft, who has assigned it a medium severity classification and has closed the case.
- [03:45]
Steve Prentiss
Stating that they will consider fixing it in the future.
- [03:51]
Cybersecurity Expert
Huge thanks to our sponsor, ThreatLocker ThreatLocker is a global leader in zero trust endpoint security, offering cybersecurity controls to protect businesses from zero day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and to start your free trial, visit threatlocker.com CISO that is.
- [04:19]
Steve Prentiss
Thrash E A T L O C.
- [04:21]
Cybersecurity Expert
K E R.com CISO education clouds get hit with Azure Checker that deploys crypto.
- [04:31]
Steve Prentiss
Mining containers Microsoft has identified a threat.
- [04:35]
Cybersecurity Expert
Actor named Storm1977 that has been conducting password spraying attacks against cloud tenants in.
- [04:42]
Steve Prentiss
The education sector over the past year.
- [04:44]
Cybersecurity Expert
The Microsoft Threat Intelligence team stated in an analysis. The attack involves the use of AzureChecker EXE, a command line interface tool that is being used by a wide range of threat actors. The tool connects to an external server to pull in files containing username and.
- [05:01]
Steve Prentiss
Password combinations to carry out the password spray attack.
- [05:05]
Cybersecurity Expert
In one instance, the threat actor was able to create more than 200 containers.
- [05:09]
Steve Prentiss
Within a victim's resource group in order to conduct illicit cryptocurrency mining.
- [05:15]
Cybersecurity Expert
Long beach cyber attack from 2023 affected almost 500,000 people. The government of Long Beach, California says the November 2023 attack involved sensitive data, including Social Security numbers, financial account information, credit and debit card numbers, biometric information.
- [05:34]
Steve Prentiss
Medical data, driver's license numbers, passports, tax data and more. No ransomware gang has yet claimed responsibility for this attack.
- [05:44]
Cybersecurity Expert
Africa's largest telecom suffers cyber incident exposing.
- [05:48]
Steve Prentiss
Customer data Johannesburg based MTN Group confirmed the attack on Thursday.
- [05:54]
Cybersecurity Expert
The company operates in more than 20 countries and has more than 200 million subscribers, making it one of the largest mobile operators in the world. Details as to what information may have.
- [06:04]
Steve Prentiss
Been accessed, the number of people affected.
- [06:06]
Cybersecurity Expert
Or the perpetrators behind the attack are.
- [06:08]
Steve Prentiss
As of yet unavailable.
- [06:11]
Cybersecurity Expert
YALE New Haven Health data breach impacted.
- [06:14]
Steve Prentiss
5.5 million patients the nonprofit healthcare network.
- [06:19]
Cybersecurity Expert
Headquartered in New Haven, Connecticut, suffered the breach earlier in March, resulting in the theft of patient pii, including Social Security.
- [06:27]
Steve Prentiss
Numbers, but no financial or medical data.
- [06:30]
Cybersecurity Expert
The organization has not yet disclosed technical details about this attack, nor has any.
- [06:35]
Steve Prentiss
Ransomware group taken responsibility.
- [06:38]
Cybersecurity Expert
Make sure you check out our latest episode of Security. You should know we just released a new episode with Dropzone AI looking into what they are doing to address alert.
- [06:48]
Steve Prentiss
Fatigue without missing the things that you need to know.
- [06:52]
Cybersecurity Expert
Look for the show over@cisoseries.com or wherever.
- [06:55]
Steve Prentiss
You get your podcasts. I'm Steve Prentiss reporting for the CISO series.
- [07:05]
Host
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.