Security Affairs.

"PlayStation Network outage has been going on for over 24 hours."

Views expressed in this cybersecurity, cyber espionage, and cyber crime update are those of the reporters and correspondents.  Accessed on 09 February 2025, 0146 UTC.

Content and Source:  Email subscription via https://feedly.com.

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net)

 Security Affairs

70K followers27 articles per week#security#tech

24

Today

PlayStation Network outage has been going on for over 24 hours

by Pierluigi Paganini / 3h

PlayStation Network has been down for nearly a day, with little communication from Sony, leaving players frustrated. PlayStation Network has been down for almost a day all over the world, Sony confirmed it is aware of the global outage, but has yet to provide technical info about the issue. Many users started reporting issues with the PlayStation Network services at around 11 pm on Thursday. “We

Kimsuky APT group used custom RDP Wrapper version and forceCopy stealer

3 TTPs

•

by Pierluigi Paganini / 6h

Researchers spotted North Korea’s Kimsuky APT group launching spear-phishing attacks to deliver forceCopy info-stealer malware. Researchers from AhnLab Security Intelligence Center (ASEC) observed North Korea’s Kimsuky APT group conducting spear-phishing attacks to deliver forceCopy info-stealer malware. Kimsuky cyberespionage group (aka ARCHIPELAGO, Black Banshee, Thallium , Velvet Chollima, APT

Russia’s intelligence recruits Ukrainians for terror attacks via messaging apps

Russia recruits terrorists via messaging apps

•

by Pierluigi Paganini / 11h

and forums, offering quick pay, Ukraine’s law enforcement warns. According to Ukraine’s law enforcement, Russian intelligence is using messaging apps and forums to recruit Ukrainians for terrorist attacks, offering quick pay. Ukrainian authorities have recently seen a rise in terrorist attacks on police, military centers, and postal facilities. The Record Media reported that at least nine attack

Yesterday

U.S. CISA adds Trimble Cityworks flaw to its Known Exploited Vulnerabilities catalog

CVE-2025-0994

•

by Pierluigi Paganini / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Trimble Cityworks vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Trimble Cityworks vulnerability, tracked as CVE-2025-0994 , to its Known Exploited Vulnerabilities (KEV) catalog . Trimble Cityworks is a GIS-centric asset management and permittin

Hospital Sisters Health System impacted 882,782 individuals

Impact (Enterprise TA0040)

•

by Pierluigi Paganini / 1d

•

883000 personal records compromised

The cyberattack on Hospital Sisters Health System in 2023 compromised the personal information of 883,000 individuals. The cyberattack that hit the infrastructure of the Hospital Sisters Health System (HSHS) in August 2023 impacted the personal information of 882,782 individuals. The systems at the hospital were brought down by the attack starting on August 27, 2023, the healthcare organization c

Feb 6, 2025

Attackers used a public ASP.NET machine to conduct ViewState code injection attacks

ASP.NET machine key code injection

•

by Pierluigi Paganini / 1d

Microsoft researchers warn that threat actors are delivering the Godzilla framework using a static ASP.NET machine. In December 2024, Microsoft Threat Intelligence researchers spotted a threat actor using a public ASP.NET machine key to deploy Godzilla malware, exploiting insecure key usage in code. Microsoft has since found over 3,000 public keys that could be used to carry out ViewState code in

U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 2d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability CVE-2022-23748 Da

Cisco addressed two critical flaws in its Identity Services Engine (ISE)

6 TTPs

•

by Pierluigi Paganini / 2d

Cisco addressed critical flaws in Identity Services Engine, preventing privilege escalation and system configuration changes. Cisco addressed multiple vulnerabilities, including two critical remote code execution flaws, tracked as CVE-2025-20124 (CVSS score of 9.9) and CVE-2025-20125 (CVSS score of 9.1), in Identity Services Engine (ISE). A remote attacker authenticated with read-only administrat

Notorious hacker behind 40+ cyberattacks on strategic organizations arrested

18-year-old hacker arrested Alicante

•

by Pierluigi Paganini / 2d

Spanish Police arrested an unnamed hacker who allegedly breached tens of government institutions in Spain and the US. Spanish National Police arrested a hacker responsible for multiple cyberattacks on government institutions in Spain and the U.S.. Targe including the U.S. Army, UN, NATO, and other agencies. Some of the breached organizations are the U.S. Army, United Nations, the International Ci

Feb 5, 2025

Lazarus APT targets crypto wallets using cross-platform JavaScript stealer

14 TTPs

•

by Pierluigi Paganini / 3d

•

Lazarus Group targets crypto wallets

The North Korea-linked APT group Lazarus uses a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Bitdefender researchers reported that the North Korea-linked Lazarus group uses fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver a cross-platform JavaScript stealer to target crypto wallets in a new hacking campaign. Scammers lure victim

U.S. CISA adds Linux kernel flaw to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Linux kernel vulnerability, tracked as CVE-2024-53104 , to its Known Exploited Vulnerabilities (KEV) catalog . The February 2025 Android security updates addressed 48 vulnerabilities, t

U.S. CISA adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog

by Pierluigi Paganini / 3d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft .NET Framework, Apache OFBiz, and Paessler PRTG Network Monitor flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-45195 (CVSS score of 9.8) Apache OFBiz F

SparkCat campaign target crypto wallets using OCR to steal recovery phrases

5 TTPs

•

by Pierluigi Paganini / 3d

•

Kaspersky discovers crypto-stealing malware

In late 2024, Kaspersky experts discovered a malicious campaign, called SparkCat, spreading malware to target crypto wallets. In March 2023, ESET found malware in modified versions of messengers using OCR to scan the victim’s gallery for images with recovery phrases to restore access to crypto wallets. In late 2024, Kaspersky discovered a new malicious campaign, called SparkCat, where the attacke

Feb 4, 2025

International Civil Aviation Organization (ICAO) and ACAO Breached: Cyberespionage Groups Targeting Aviation Safety Specialists

2 TTPs

•

by Pierluigi Paganini / 3d

•

Cyberespionage targets aviation safety experts

The International Civil Aviation Organization (ICAO) is investigating a data breach affecting system and employee security. The International Civil Aviation Organization (ICAO) , a specialized agency of the United Nations, is investigating a significant data breach that has raised concerns about the security of its systems and employees data. In the updated statement published by ICAO, the agency

Online food ordering and delivery platform GrubHub discloses a data breach

2 TTPs

•

by Pierluigi Paganini / 4d

•

GrubHub data breach affects users

Online food ordering and delivery platform GrubHub suffered a data breach that exposed the personal information of drivers and customers. This week the online food ordering and delivery firm GrubHub disclosed a data breach that exposed customer and driver information. Recently, the company detected an anomalous activity within its infrastructure, then it launched an investigation into the attack

Netgear urges users to upgrade two flaws impacting WiFi router models

Netgear patches critical router vulnerabilities

•

by Pierluigi Paganini / 4d

Netgear disclosed two critical flaws impacting multiple WiFi router models and urges customers to address them. Netgear addressed two critical vulnerabilities, internally tracked as PSV-2023-0039 and PSV-2021-0117 , impacting multiple WiFi router models and urged customers to install the latest firmware. The two flaws are, respectively, a remote code execution issue and an authentication bypass v

AMD fixed a flaw that allowed to load malicious microcode

CVE-2024-56161

•

by Pierluigi Paganini / 4d

AMD released security patches to fix a flaw that could bypass SEV protection, letting attackers load malicious microcode. Researchers from Google disclosed an improper signature verification vulnerability, tracked as CVE-2024-56161 (CVSS score of 7.2), in AMD’s Secure Encrypted Virtualization (SEV) . An attacker could trigger the flaw to load a malicious CPU microcode under specific conditions. “

Coyote Banking Trojan targets Brazilian users, stealing data from 70+ financial apps and websites

25 TTPs

•

by Pierluigi Paganini / 4d

•

Coyote Banking Trojan targets Brazil users

Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numero

Feb 3, 2025

Google fixed actively exploited kernel zero-day flaw

3 TTPs

•

by Pierluigi Paganini / 5d

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” r

Web Skimmer found on at least 17 websites, including Casio UK

IoC > 1 domain

•

by Pierluigi Paganini / 5d

•

5 TTPs

•

Casio hit by web skimming attack

Casio Website Infected With Skimmer A threat actor has installed a web skimmer on all pages of the Casio UK’s website, except the checkout page. Jscrambler researchers uncovered a web skimmer campaign targeting multiple websites, including Casio one (casio.co.uk). The experts confirmed that at least 17 victim sites have been compromised, though the number may grow as the investigation continues.

Crazy Evil gang runs over 10 highly specialized social media scams

5 TTPs

•

by Pierluigi Paganini / 5d

•

Crazy Evil Gang targets crypto scams

The Russian-speaking Crazy Evil group runs over 10 social media scams, tricking victims into installing StealC, AMOS, and Angel Drainer malware. Since 2021, the Crazy Evil gang has become a major cybercriminal group, using phishing, identity fraud, and malware to steal cryptocurrency. Security experts identified six Crazy Evil’s subteams, called AVLAND, TYPED, DELAND, ZOOMLAND, DEFI, and KEVLAND,

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Treasury official exits after Musk clash

•

200+by Pierluigi Paganini / 5d

US Sen. Ron Wyden warns of national security risks after Elon Musk ’s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk ’s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system. Sen. Ron Wyden stated that Treasury Secretary Scott Bessent granted Elon Musk’s tea

Feb 2, 2025

Texas is the first state to ban DeepSeek on government devices

Texas bans DeepSeek and RedNote

•

by Pierluigi Paganini / 5d

Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices. The AI-powered chatbot, recently launched globally, has rapidly gained popularity reaching millions of users. Texas is the

Law enforcement seized the domains of HeartSender cybercrime marketplaces

7 TTPs

•

by Pierluigi Paganini / 5d

•

39 domains seized from cybercriminals

U.S. and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza and Manipulators Team) known for selling hacking and fraud tools. U.S. and Dutch authorities participated in the operation, the police seized th

End of feed