<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 3/13/2025

SHARE

Breaches

Volt Typhoon Strikes Massachusetts Power Utility

Chinese APT Volt Typhoon struck a US power utility in Massachusetts in 2023, in a prolonged attack that aimed to exfiltrate sensitive data regarding its operational technology (OT) infrastructure. It's the first known assault on a US power utility by the group, which gained notoriety last year for an attack spree on US telecoms, and which consistently targets critical infrastructure globally. READ MORE...

Hacking

DeepSeek's Malware-Generation Capabilities Put to Test

Researchers at security firm Tenable have analyzed the ability of the Chinese gen-AI DeepSeek to develop malware such as keyloggers and ransomware. The DeepSeek R1 chatbot was released in January and it has made many headlines since, including regarding its susceptibility to jailbreaks. Just like all major LLMs, DeepSeek has guardrails designed to prevent its use for malicious purposes, such as creating malware. READ MORE...


Lazarus Group deceives developers with 6 new malicious npm packages

Lazarus Group has burrowed deeper into the npm registry and planted six new malicious packages designed to deceive software developers and disrupt their workflows, researchers at cybersecurity firm Socket said in a Monday blog post. The North Korea-linked threat group embedded BeaverTail malware into the npm packages to install backdoors and steal credentials and data in cryptocurrency wallets, according to Socket. READ MORE...

Software Updates

Update your iPhone now: Apple patches vulnerability used in "extremely sophisticated attacks"

Apple has patched a vulnerability in iPhone and iPad that was under active exploitation by cybercriminals. The update is available for: iPhone XS and later, iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and later, iPad Air 3rd generation and later, iPad 7th generation and later, and iPad mini 5th generation and later. If you use any of these then you should install updates as soon as you can. READ MORE...

Malware

Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat

The Medusa ransomware gang continues to present a major threat to the critical infrastructure sector, according to a newly-released joint advisory from the FBI, Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing and Analysis Center (MS-ISAC). As of February 2025, the Medusa ransomware operation had hit over 300 organisations from a variety of critical infrastructure sectors with affected industries including education, health, legal, and more. READ MORE...


North Korean Hackers Distributed Android Spyware via Google Play

A North Korean APT actor has been targeting Korean and English-speaking users with an Android surveillance tool distributed via Google Play, cybersecurity firm Lookout warns. Dubbed KoSpy, the spyware has been in use since March 2022, posing as utility applications to infect unsuspecting users, and abusing Google Play and the Firebase Firestore for app distribution and configuration retrieval. READ MORE...

Exploits/Vulnerabilities

Expired Juniper routers find new life - as Chinese spy hubs

Chinese spies have for months exploited old Juniper Networks routers, infecting the buggy gear with custom backdoors and gaining root access to the compromised devices. According to a Tuesday report from Google Threat Intelligence and a Juniper Networks security advisory, the affected Juniper MX routers were running end-of-life hardware and software. Juniper issued a patch today to fix the issue. READ MORE...


'Ballista' Botnet Exploits 2023 Vulnerability in TP-Link Routers

A global Internet of Things (IoT) botnet campaign, dubbed "Ballista," has been targeting unpatched TP-Link routers since the beginning of 2025. The botnet exploits a remote code execution vulnerability in TP-Link Archer routers, tracked as CVE-2024-1389, allowing it to spread itself throughout the Internet automatically. The earliest recorded exploitation attempts of the vulnerability date back to April 2023. READ MORE...

On This Date

  • ...in 1868, the impeachment trial of Andrew Johnson begins, the first ever pursued against an incumbent American president.
  • ...in 1921, Mad Magazine artist Al Jaffee, who drew the long-running "Fold-In" feature for 56 years before retiring in 2020, is born in Savannah, GA. He turns 102 today!
  • ...in 1942, the U.S. Army establishes the War Dog Program, AKA the "K-9 Corps." Later that same year, similar programs were started for the Navy, Marines, and Coast Guard.
  • ...in 2013, Jesuit archbishop Jorge Bergoglio is elected Pope of the Roman Catholic Church, choosing the papal name of Francis.