<img src="https://secure.ruth8badb.com/159098.png" alt="" style="display:none;">

IT Security Newsletter - 4/2/2025

SHARE

Breaches

Check Point Disputes Hacker's Breach Claims

Check Point is offering reassurances to customers that it did not experience a leak, despite a hacker's claims they stole information from the security vendor. The threat actor, dubbed Corelinjection, posted on BreachForums that they were selling data they allegedly stole from Check Point for the price of 5 bitcoin (roughly $430,000). Corelinjection claimed that the stolen information contained credentials, source code, employee contact details, project documentation, binaries, and more. READ MORE...

Hacking

North Korean IT worker army expands operations in Europe

?North Korea's IT workers have expanded operations beyond the United States and are now increasingly targeting organizations across Europe. Also referred to as "IT warriors," they hide their true identities and pose as workers based in other countries by connecting via laptop farms to fraudulently secure positions as remote freelance IT employees at companies worldwide to generate revenue for the Democratic People's Republic of Korea (DPRK) regime. READ MORE...

Malware

Cybercom discovered Chinese malware in South American nations - Joint Chiefs chairman nominee

So-called hunt forward operations by U.S. Cyber Command have uncovered Chinese malware implanted in Latin American nations, according to President Donald Trump's nominee to be the next chairman of the Joint Chiefs of Staff. Hunt-forward operations involve physically sending defensively oriented cyber protection teams from the U.S. military's Cyber National Mission Force (CNMF) to foreign nations at their invitation to look for malicious activity on their networks. READ MORE...


We Smell a (DC)Rat: Revealing a Sophisticated Malware Delivery Chain

The Acronis Threat Research Unit (TRU) was presented with an interesting threat chain and malware sample for analysis that involved a known cyberthreat along with some interesting twists in targeting and obfuscation. In this article, we'll dissect the complex malware delivery chain and tactics. The focus will be on a multi-stage infection process involving Visual Basic Script (VBS), a batch file, and a PowerShell script. READ MORE...


Gootloader Malware Resurfaces in Google Ads for Legal Docs

The attackers responsible for the Gootloader malware are up to both novel and familiar tricks, with a new threat campaign that hides the infostealing payload in Google Ads that target people looking for legal templates. The malicious ads, discovered by a security researcher who calls himself Gootloader on the X platform and posts on a blog called "Gootloader Details," are delivered via the account of an advertiser, Med Media Group Ltd. READ MORE...

Information Security

Google DeepMind Unveils Framework to Exploit AI's Cyber Weaknesses

Strong defense comes from attacking the enemy's weak points. Google DeepMind has developed an evaluation framework that highlights the areas where adversarial AI is weakest, allowing defenders to prioritize their defensive strategies. DeepMind works at the cutting edge of AI - what it calls Frontier AI. In a new report (PDF), DeepMind analyzes the use of current AI in cyberattacks, and the common frameworks used in evaluating such attacks - and finds them to be lacking. READ MORE...


FTC chief flags data privacy concerns in 23andMe bankruptcy

Federal Trade Commission Chairman Andrew Ferguson on Monday said genetic testing company 23andMe, which recently initiated a bankruptcy proceeding, must honor its data privacy and security commitments in any sale or transfer of individuals' personal data. 23andMe promises a number of protections for user data in a privacy statement posted on its website. The company has indicated since its bankruptcy filing that it will continue to honor its privacy representations. READ MORE...

Exploits/Vulnerabilities

Questions Remain Over Attacks Causing DrayTek Router Reboots

Taiwan-based networking equipment manufacturer DrayTek has shared some clarifications regarding the recent router reboots reported by customers around the world, but some questions remain unanswered. In late March, DrayTek router users in the UK, Australia and other countries started reporting that their devices had been constantly rebooting, causing connectivity issues. When the first reports emerged, the vendor suggested that the exploitation of a vulnerability may be involved. READ MORE...

Science & Culture

One of the last of Bletchley Park's quiet heroes, Betty Webb, dies at 101

Betty Webb MBE, one of the team who worked at the code-breaking Bletchley Park facility during the Second World War, has died at the age of 101. "On Monday 31 March 2025 we lost a proud ATS and Women's Royal Army Corps veteran, Bletchley code breaker, Knight of the Légion d'Honneur, WRAC Association member, and President of our Birmingham Branch," the Women's Royal Army Corps Association (WRAC) said in a statement. READ MORE...

On This Date

  • ...in 1889, inventor Charles M. Hall is given a patent for his method of extracting aluminum, allowing for large-scale production.
  • ...in 1917, President Woodrow Wilson asks Congress for a declaration of war on Germany and the U.S. enters WWI.
  • ...in 1941, radio host Barret Eugene Hansen, AKA "Dr. Demento," who introduced generations of listeners to classic novelty and comedy records, is born in Minneapolis, MN.
  • ...in 1947, country singer/songwriter Emmylou Harris ("Together Again", "Sweet Dreams") is born in Birmingham, AL.