Cybercrime, Fraud Management & Cybercrime Oregon Man Charged for Operating DDoS Attack Service Mathew J. Schwartz (@euroinfosec) • August 20, 2025 Image: Shutterstock Federal authorities have charged a 22-year-old from Oregon for operating a sophisticated, on-demand distributed denial-of-service (DDoS) attack…
Customs and Border Protection (CBP) authorities in the United States possess broad authority to search electronic devices, including phones, belonging to individuals upon their entry into the country. This policy applies universally, encompassing US citizens as well. Recent statistics indicate…
Mastering Hacking Skills: The Value of Offensive Security Training for Your Entire Security Team
May 14, 2025
Cybersecurity / Ethical Hacking
Organizations across various sectors are witnessing a sharp rise in cyberattacks, with critical infrastructure and cloud-based enterprises being particularly vulnerable. According to Verizon’s 2025 Data Breach Investigations Report, confirmed breaches surged by 18% year-over-year, and the exploitation of vulnerabilities for initial access grew by 34%. As the frequency and severity of attacks increase, many organizations rely on security tools and compliance standards as their primary defenses. While these elements are vital for reducing cyber risk, they are not foolproof solutions. Effective security hinges on the combination of people, processes, and technology, with the emphasis placed on skilled practitioners. Therefore, investing in offensive security training for all roles within the security team becomes crucial. Too often, the potential of offensive operations is underutilized…
Mastering Offensive Security: The Essential Training for Cybersecurity Teams As cyberattacks surge across various sectors, organizations are increasingly vulnerable to threats, especially those targeting critical infrastructure and cloud-based services. The recently published 2025 Data Breach Investigations Report by Verizon highlights…
A significant data breach at Allianz Life has been exposed, with the credential notification site Have I Been Pwned reporting that approximately 1.1 million accounts have been compromised. This figure represents a substantial proportion of Allianz Life’s 1.4 million North…
June 13, 2025
Spyware / Vulnerability
Apple has revealed that a recently patched security flaw in its Messages app was actively exploited to carry out sophisticated cyber attacks on civil society members. Identified as CVE-2025-43200, the vulnerability was remedied on February 10, 2025, through updates to iOS 18.3.1, iPadOS 18.3.1, iPadOS 17.7.5, macOS Sequoia 15.3.1, macOS Sonoma 14.7.4, macOS Ventura 13.7.4, watchOS 11.3.1, and visionOS 2.3.1. According to the company, “A logic issue existed when processing a maliciously crafted photo or video shared via an iCloud Link,” which was resolved with improved security checks. Apple also acknowledged awareness that this vulnerability may have been exploited in “extremely sophisticated” attacks targeting specific individuals. Notably, the updates for iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 also fixed another actively exploited zero-day vulnerability, CVE-2025-24200.
Apple Addresses Exploited Zero-Click Flaw in Messages, Targeting Journalists with Spyware On June 13, 2025, Apple confirmed that a previously undisclosed security vulnerability in its Messages application had been actively exploited in targeted cyberattacks, particularly against members of civil society,…
Microsoft Thwarts Cyber Attack by Chinese State Actor Targeting Western European Governments
On July 12, 2023, Microsoft announced that it successfully defended against a cyber attack launched by a Chinese nation-state actor, aimed at over two dozen organizations, including various government agencies. This espionage campaign, which began on May 15, 2023, sought to obtain sensitive data by gaining access to email accounts linked to approximately 25 entities and a limited number of consumer accounts. The tech giant identified the perpetrator as Storm-0558, a state-sponsored group targeting Western European government bodies. Microsoft stated, “Their focus includes espionage, data theft, and credential access,” and noted the use of custom malware referred to as Cigril and Bling for credential harvesting. The breach was detected on June 16, 2023, after a customer reported unusual email activity to the company.
Microsoft Averts Chinese Cyber Espionage Targeting Western European Governments On July 11, 2023, Microsoft disclosed its successful defense against a sophisticated cyber attack orchestrated by a Chinese state-sponsored group. This operation targeted approximately two dozen organizations, including several governmental entities…
Governance & Risk Management, Healthcare, HIPAA/HITECH Prevailing Weaknesses in Healthcare Security: Navigating Regulatory Scrutiny Marianne Kolbasuk McGee (HealthInfoSec) • August 19, 2025 Federal regulators frequently find that many HIPAA-regulated entities conduct inadequate security risk analyses, if any. (Image: Getty Images)…
Date: May 14, 2025
Categories: Ransomware / Vulnerability
Recent reports indicate that at least two cybercrime groups, BianLian and RansomExx, have taken advantage of a newly revealed security vulnerability in SAP NetWeaver, designated as CVE-2025-31324. This suggests that various threat actors are leveraging the flaw for nefarious purposes. Cybersecurity firm ReliaQuest has released an update today, detailing evidence of activity linked to both the BianLian data extortion group and the RansomExx ransomware faction, also known as Storm-2460 by Microsoft. Investigations show BianLian’s involvement in at least one incident, with infrastructure connections to previously identified e-crime IP addresses. “We located a server at 184[.]174[.]96[.]74 running reverse proxy services initiated by the rs64.exe executable,” the firm stated. “This server is associated with another IP, 184[.]174[.]96[.]70, managed by the same hosting provider, which had previously been flagged as a command-and-control (C2) server.”
Cybercrime Groups BianLian and RansomExx Exploit SAP NetWeaver Vulnerability to Distribute PipeMagic Trojan On May 14, 2025, cybersecurity experts revealed that two distinct cybercriminal organizations, BianLian and RansomExx, have exploited a recently identified vulnerability in SAP NetWeaver, designated as CVE-2025-31324.…
Greater Western Water Experiences Significant Data Breaches Following Billing System Overhaul Greater Western Water, a Victorian Government-owned utility provider, has reported at least 320 breaches of customer privacy subsequent to a transition to a new billing system. This overhaul involved…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported on Thursday that ransomware criminals are taking advantage of unpatched SimpleHelp Remote Monitoring and Management (RMM) systems to compromise clients of an unnamed utility billing software provider. “This incident highlights a growing trend of ransomware groups exploiting unpatched versions of SimpleHelp RMM since January 2025,” the agency stated in an advisory. Earlier this year, SimpleHelp identified several vulnerabilities (CVE-2024-57727, CVE-2024-57728, and CVE-2024-57726) that could lead to information disclosure, privilege escalation, and remote code execution. These vulnerabilities have been actively exploited, including by ransomware groups like DragonForce, to breach specific targets. In a recent report, Sophos revealed that a Managed Service Provider’s SimpleHelp system was compromised by threat actors using these flaws.
Ransomware Groups Exploit Unpatched SimpleHelp Vulnerabilities, Targeting Utility Billing Software Clients On June 13, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) reported a growing threat posed by ransomware actors leveraging unpatched vulnerabilities in SimpleHelp Remote Monitoring and Management…
