IT Security Newsletter - 3/17/2025
ClickFix: How to Infect Your PC in Three Easy Steps
A clever malware deployment scheme first spotted in targeted attacks last year has now gone mainstream. In this scam, dubbed "ClickFix," the visitor to a hacked or malicious website is asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. ClickFix attacks mimic the "Verify You are a Human" tests that many websites use to separate real visitors from content-scraping bots. READ MORE...
100 Car Dealerships Hit by Supply Chain Attack
The websites of over 100 car dealerships were found serving malicious ClickFix code after a third-party domain was compromised in a supply chain attack. As part of the compromise, a threat actor infected LES Automotive, a shared video service unique to dealerships, so that websites using the service would serve a ClickFix webpage to their visitors. A ClickFix attack relies on malicious code on a webpage to display a prompt to the user, asking them to fix an error or perform a reCAPTCHA challenge. READ MORE...
Threat Actor Impersonates Booking.com in Phishing Scheme
Though the concept of phishing is well established, as are its many variants, there's an emerging technique known as "ClickFix" that relies on sophisticated social engineering to gain access to a victim. That's according to Microsoft, which published threat intelligence on March 13 regarding a threat actor tracked as Storm-1865. The actor was observed using ClickFix in attacks primarily targeting the hospitality industry. READ MORE...
Nvidia Patches Vulnerabilities That Could Let Hackers Exploit AI Services
Nvidia recently patched a couple of Riva vulnerabilities that could allow hackers to abuse AI services. Riva is a set of GPU-accelerated multilingual speech and translation services designed for building customizable, real-time conversational AI for large language models (LLMs) and retrieval-augmented generation (RAG). A security advisory published by Nvidia on March 10 reveals that Riva is impacted by two improper access control issues. READ MORE...
Malicious Adobe, DocuSign OAuth apps target Microsoft 365 accounts
Cybercriminals are promoting malicious Microsoft OAuth apps that masquerade as Adobe and DocuSign apps to deliver malware and steal Microsoft 365 accounts credentials. The campaigns were discovered by Proofpoint researchers, who characterized them as "highly targeted" in a thread on X. The malicious OAuth apps in this campaign are impersonating Adobe Drive, Adobe Drive X, Adobe Acrobat, and DocuSign. READ MORE...
Threat Actor Tied to LockBit Ransomware Targets Fortinet Users
Since January, threat actors have been exploiting two Fortinet vulnerabilities tracked as CVE-2024-55591 and CVE-2025-24472 to deploy SuperBlack ransomware. It's believed that the threat actor, dubbed "Mora_001" by researchers at Forescout Research-Vedere Labs, is responsible for the attacks that use Russian-language artifacts and other characteristics. Mora_001 is exploiting the two vulnerabilities within FortiOS and FortiProxy in order to gain super-administrator access. READ MORE...
Free file converter malware scam "rampant" claims FBI
Whether you're downloading a video from YouTube or converting a Word document into a PDF file, there's a chance that you might be unwittingly handing your personal information straight into the hands of cybercriminals. That's the warning that has been issued by the FBI, whose Denver Field Office raised the alarm about the danger of boobytrapped file-conversion tools being used to spread malware. READ MORE...
Researchers astonished by tool's apparent success at revealing AI's "hidden objectives"
In a new paper published Thursday titled "Auditing language models for hidden objectives," Anthropic researchers described how custom AI models trained to deliberately conceal certain "motivations" from evaluators could still inadvertently reveal secrets, due to their ability to adopt different contextual roles they call "personas." The researchers were initially astonished by how effectively some of their interpretability methods seemed to uncover these hidden training objectives. READ MORE...
Critical RCE flaw in Apache Tomcat actively exploited in attacks
A critical remote code execution (RCE) vulnerability in Apache Tomcat tracked as CVE-2025-24813 is actively exploited in the wild, enabling attackers to take over servers with a simple PUT request. Hackers are reportedly leveraging proof-of-concept (PoC) exploits that were published on GitHub just 30 hours after the flaw was disclosed last week. The malicious activity was confirmed by Wallarm security researchers, who warned that traditional security tools fail to detect it. READ MORE...
- ...in 1905, Albert Einstein finishes his scientific paper detailing his quantum theory of light, which was universally rejected until later experiments led to its acceptance.
- ...in 1948, science fiction author William Gibson, whose 1984 novel "Neuromancer" helped popularize the concept of cyberspace, is born in Conway, SC.
- ...in 1959, Tenzin Gyatso, the 14th Dalai Lama, flees Tibet for India, where he lives in exile to this day.
- ...in 1969, Golda Meir becomes the first female Prime Minister of Israel.