Transcript
A (0:00)
From the CISO series, it's Cybersecurity Headlines.
B (0:06)
These are the cybersecurity headlines for Tuesday, February 18, 2025. I'm Sean Kelly. Dutch Police take Down Z Servers Last Wednesday on Cyber Security Headlines, we reported that the US, UK and Australia sanctioned a Russian bulletproof hosting service, Z Servers, and two Russian administrators for supporting Lockbit's ransomware operations. Authorities said Z Servers advertised its services on cybercriminal forums to avoid investigations and takedowns. Now, Dutch police have announced that after more than a year long investigation, IT has seized 127 servers from the Russian hosting provider. Authorities so far have discovered hacking tools from Conti and Lockbit and continue to investigate the remaining data stored on the seized servers. Chase will soon block Zelle payments to sellers on social media JP Morgan Chase bank says that starting March 23rd it will begin delaying, declining or blocking Zelle payments to social media contacts. Zelle is a popular digital payment network that integrates with mobile apps of many U S banks. Chase updated their user policy saying Zelle should not be used to buy goods from retailers or merchants, including on or through social media or social media marketplaces or messaging apps. Nearly 50% of all Zelle or wire transfer scams reported by Chase customers in the second half of last year originated on social media. Chase's policy change also comes on the heels of a lawsuit brought by the U.S. consumer Financial Protection Bureau against Zelle's operator and three owner banks in December for rushing the service to market without adequate consumer safeguards. Finastra notifies victims of October data breach the London based financial software provider serves more than 8,100 financial institutions in 130 countries, including 45 of the world's top 50 banks. Finastra is now warning an undisclosed number of customers via data breach notifications that an unauthorized actor accessed an internally hosted secure file transfer platform system between October 31 and November 8. Although Finaster characterized the risk posed by the data leak as low, the company is providing two years of free credit monitoring and identity restoration services to those affected. The breach is believed to be linked to a now deleted post by a threat actor on breach forums claiming to be selling 400 gigabytes of stolen data from Finastra's network. South Korea removes Deepseek from App Stores South Korea's Personal Information Protection Commission announced that the Deepsea app has been pulled from the Apple App Store and Google Play as of Saturday night. The move follows several South Korean government agencies banning employees from downloading the chatbot, as well as numerous reports highlighting security and privacy weaknesses with Deepseek's platform. Taiwan and Australia have also banned Deepseek from all government devices. South Korea's data protection watchdog said the AI model will become available when improvements and remedies are made to ensure it complies with the country's personal data protection laws. Despite the suspension of new downloads, people who already have Deepseek on their phones will be able to continue using it, or they can access it via Deepseek's website. And now we'd like to thank today's episode sponsor Scrut Automation Scrut Automation allows compliance and risk teams of any size to establish enterprise grade security programs. Their best in class features like process automation, AI and over 75 native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit Scrut IO to schedule a demo or learn more. That's www.New Golang based backdoor relies on Telegram Netscope threat labs found a new backdoor targeting cloud apps to evade detection and using Telegram for command and control. The malware connects to Telegram using an open source Go package to retrieve updates and listen for PowerShell commands. The researchers said the malware appears to be under development, with three of four supported commands now functional, and that a chat prompt is written in Russian. Netscope said the malware is very user friendly and that its targeting of cloud apps creates complexity for defenders. The report also details the malware's indicators of compromise. Pro Russia hackers target Italian banks and airports Early Monday morning, a Pro Russia hacker group Noname57 launched a wave of DDoS attacks that disrupted websites of major airports, ports in Milan as well as the Transport Authority, two major ports, and the Intesa San Paolo Bank. The Italian national CyberSecurity Agency, or ACN, swiftly mitigated disruptions and said there were no significant impacts to operations. No Name 57 linked their actions to Italian President Sergio Mattarella's comments during a speech in Marseille last Friday, with Mattarella comparing Russia's actions in Ukraine to the Third Reich, no Name 57 said in a Telegram post. Quote for such comparisons, russophobe, Matarella and Italy will receive DDoS rockets on their websites, end quote. The Russian Foreign Ministry also warned that such remarks would not go without consequences. Microsoft Spots macOS malware variant used for crypto theft Microsoft's Threat Intelligence team has spotted a new variant of the XCS set macOS malware being used to target victim digital wallets and data from their Notes app. The malware has been around for about five years and is typically distributed through infected Xcode projects. The current improvements are the first ones observed since 2022 and include more robust obfuscation techniques, added persistence checks, and new Xcode infection methods. Microsoft recommends inspecting and verifying Xcode projects and codebases cloned from unofficial repository Microsoft to remove Location history feature Microsoft announced the deprecation of the location history feature from Windows, which can be accessed by applications like Cortana. The API behind the feature provides apps with locally stored location data collected in the previous 24 hours. Removing the feature means the data will no longer be saved locally and the setting will disappear from the operating system in Windows 10 and 11. Microsoft has yet to provide the reasons behind deprecating location history. Developers will need to update their applications to migrate away from the API. Meanwhile, users can deactivate use of their location data at any time through their privacy and security settings. And that does it for today's cybersecurity headlines. But we've increasingly seen vendors not releasing patches for critical vulnerabilities and instead pointing to rip and replace as the only remediation. Sometimes this is the only option. But are organizations ready for zero days that effectively move your hardware to end of life? That's one of the topics we're discussing this week on the CISO Series podcast. You can look for Fix it, just get rid of it wherever you get your podcasts. Thank you for listening to the podcast that brings you more of the top cyber news stories and more cowbell. I'm Sean Kelly.