SecurityWeek Briefing.

"Cisco patches 10 vulnerabilities in IOS XR."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 13 March 2025, 1633 UTC.

Content and Source:  Email subscription via https://feedly.com

Please check link or scroll downs to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

 SecurityWeek

85K followers48 articles per week

#security#tech

92

Today

Cisco Patches 10 Vulnerabilities in IOS XR

by Ionut Arghire / 27min

Cisco has released patches for 10 vulnerabilities in IOS XR, including five denial-of-service (DoS) bugs. The post appeared first on SecurityWeek .

Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign

4 TTPs

•

by Ionut Arghire / 1h

•

Surge in SSRF exploitation detected

Threat actors are likely targeting Grafana path traversal bugs for reconnaissance in a SSRF exploitation campaign targeting popular platforms. The post appeared first on SecurityWeek .

Microsoft Warns of Hospitality Sector Attacks Involving ClickFix

6 TTPs

•

by Eduard Kovacs / 1h

•

Phishing campaign targets Booking.com users

A cybercrime group named Storm-1865 has targeted hospitality organizations via fake Booking.com emails and the use of social engineering. The post appeared first on SecurityWeek .

DeepSeek’s Malware-Generation Capabilities Put to Test

7 TTPs

•

by Eduard Kovacs / 3h

Researchers have analyzed the ability of the Chinese gen-AI DeepSeek to create malware such as ransomware and keyloggers. The post appeared first on SecurityWeek .

North Korean Hackers Distributed Android Spyware via Google Play

7 TTPs

•

by Eduard Kovacs / 3h

•

North Korean spyware found on Play Store

The North Korea-linked APT37 has been observed targeting Android users with spyware distributed via Google Play. The post appeared first on SecurityWeek .

Medusa Ransomware Made 300 Critical Infrastructure Victims

17 TTPs

•

by Ionut Arghire / 3h

•

Medusa ransomware targets critical infrastructure

CISA, FBI, and MS-ISAC warn of Medusa ransomware attacks targeting critical infrastructure organizations. The post appeared first on SecurityWeek .

Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution

by Matias Madou / 4h

Organizations can align their processes with one of two global industry standards for self-assessment and security maturity—BSIMM and OWASP SAMM. The post appeared first on SecurityWeek .

QuamCore Emerges From Stealth With $9 Million to Build a Quantum Computer

QuamCore raises 9M for quantum computing

•

by Kevin Townsend / 5h

QuamCore’s secret sauce is a patented architecture that will allow the integration of 1 million qubits in a single cryostat. The post appeared first on SecurityWeek .

Yesterday

Security Validation Firm Pentera Banks $60M Series D

Pentera secures 60M funding

•

by SecurityWeek News / 22h

Israeli startup in the automated security validation space secures a $60 million round led by Evolution Equity Partners. The post appeared first on SecurityWeek .

Mandiant Uncovers Custom Backdoors on End-of-Life Juniper Routers

6 TTPs

•

by Ryan Naraine / 1d

•

Chinese hackers exploit Juniper routers

China-nexus cyberespionage group caught planting custom backdoors on end-of-life Juniper Networks Junos OS routers. The post appeared first on SecurityWeek .

360 Privacy Raises $36 Million for Digital Executive Protection Platform

by Ionut Arghire / 1d

360 Privacy has raised $36 million in equity investment to scour the surface and dark web for leaked PII and remove it. The post appeared first on SecurityWeek .

A Guide to Security Investments: The Anatomy of a Cyberattack

by Torsten George / 1d

Organizations must recognize that security is not about the number of tools deployed, it is about ensuring those tools effectively disrupt the attack chain at every stage. The post appeared first on SecurityWeek .

Zoom Patches 4 High-Severity Vulnerabilities

4 TTPs

•

by Eduard Kovacs / 1d

Zoom has patched five vulnerabilities in its applications, including four high-severity flaws. The post appeared first on SecurityWeek .

Fraud Losses Reached $12.5 Billion in 2024: FTC

Consumers lost 125 billion dollars

•

by Ionut Arghire / 1d

FTC says reported losses to fraud exceeded $12.5 billion in 2024, with $5.7 billion lost to investment scams. The post appeared first on SecurityWeek .

Beware of DeepSeek Hype: It’s a Breeding Ground for Scammers

IoC > 1 domain

•

by Stu Sjouwerman / 1d

•

12 TTPs

•

Cybercriminals exploit DeepSeek popularity

Exploiting trust in the DeepSeek brand, scammers attempt to harvest personal information or steal user credentials. The post appeared first on SecurityWeek .

China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days

3 TTPs

•

by Eduard Kovacs / 1d

Dragos case study reveals that Volt Typhoon hacked the US electric grid and stole information on OT systems. The post appeared first on SecurityWeek .

Fortinet Patches 18 Vulnerabilities

5 TTPs

•

by Eduard Kovacs / 1d

Fortinet has published 17 new advisories to inform customers about 18 vulnerabilities patched in its products. The post appeared first on SecurityWeek .

Trump Administration Halts Funding for Two Cybersecurity Efforts, Including One for Elections

CISA cuts election security funding

•

by Associated Press / 1d

The Trump administration has cut millions of dollars in federal funding from two cybersecurity initiatives, including one dedicated to helping state and local election officials. The post appeared first on SecurityWeek .

Newly Patched Windows Zero-Day Exploited for Two Years

3 TTPs

•

by Ionut Arghire / 1d

Microsoft on Tuesday patched a zero-day vulnerability in the Windows Win32 kernel that has been exploited since March 2023. The post appeared first on SecurityWeek .

PowerSchool Portal Compromised Months Before Massive Data Breach

3 TTPs

•

by Ionut Arghire / 1d

•

PowerSchool network breached months prior

Hackers used compromised credentials to access PowerSchool’s PowerSource portal months before the December 2024 data breach. The post appeared first on SecurityWeek .

Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks

by SecurityWeek News / 1d

How hyper agenda-driven threat actors, cybercriminals, and nation-states integrate digital, narrative, and physical attacks to target organizations through their executives. The post appeared first on SecurityWeek .

US Hasn’t Determined Who Was Behind Cyberattack That Caused Outage on Musk’s X

by Associated Press / 1d

US officials have not determined who was behind an apparent cyberattack on the social media site X that limited access to the platform for thousands of users. The post appeared first on SecurityWeek .

Mar 11, 2025

ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens

5 TTPs

•

by Eduard Kovacs / 1d

•

CVE-2024-56336

Industrial giants Siemens and Schneider Electric have released March 2025 Patch Tuesday ICS security advisories. The post appeared first on SecurityWeek .

Are Threat Groups Belsen and ZeroSevenGroup Related?

Command and Control (Enterprise TA0011)

•

by Kevin Townsend / 1d

Kela admits that its evidence for a connection between Belsen and ZeroSevenGroup is largely circumstantial, primarily based on styles. The post appeared first on SecurityWeek .

Apple Ships iOS 18.3.2 to Fix Already-Exploited WebKit Flaw

CVE-2025-24201

•

by Ryan Naraine / 1d

Apple warns that the WebKIt bug "may have been exploited in an extremely sophisticated attack against specific targeted individuals.” The post appeared first on SecurityWeek .

Microsoft Flags Six Active Zero-Days, Patches 57 Flaws: Patch Tuesday

7 TTPs

•

by Ryan Naraine / 1d

•

PatchTuesday

Redmond ships major security updates with warnings that a half-dozen Windows vulnerabilities have already been exploited in the wild. The post appeared first on SecurityWeek .

Patch Tuesday: Critical Code Execution Bugs in Adobe Acrobat and Reader

2 TTPs

•

by Ryan Naraine / 1d

•

PatchTuesday

Adobe documents 35 security flaws in a wide range of products, including code-execution issues in the Acrobat and Reader applications. The post appeared first on SecurityWeek .

UK Government Report Calls for Stronger Open Source Supply Chain Security Practices

by Kevin Townsend / 1d

Report from the Department for Science, Innovation & Technology (DSIT) finds weaknesses in current practices. The post appeared first on SecurityWeek .

New Ballista IoT Botnet Linked to Italian Threat Actor

11 TTPs

•

by Eduard Kovacs / 1d

Cato Networks has analyzed a new IoT botnet named Ballista, which targets TP-Link Archer routers. The post appeared first on SecurityWeek .

New York Sues Insurance Giant Over Data Breaches

New York sues Allstate over data breach

•

by Ionut Arghire / 2d

The New York Attorney General sued National General and its parent company Allstate over two data breaches. The post appeared first on SecurityWeek .

SAP Patches High-Severity Vulnerabilities in Commerce, NetWeaver

Process Injection (Enterprise T1055)

•

by Ionut Arghire / 2d

SAP released 21 new security notes and updated three security notes on March 2025 security patch day. The post appeared first on SecurityWeek .

Edimax Says No Patches Coming for Zero-Day Exploited by Botnets

4 TTPs

•

by Eduard Kovacs / 2d

•

CVE-2025-1316

Edimax is aware that CVE-2025-1316 has been exploited in the wild, but the impacted devices were discontinued over a decade ago. The post appeared first on SecurityWeek .

Sola Security Deposits Hefty $30M Seed Funding

by SecurityWeek News / 2d

The financing was provided by S Capital and investor Mike Moritz, S32, Glilot Capital Partners, and several angel investors. The post appeared first on SecurityWeek .

1,600 Victims Hit by South American APT’s Malware

8 TTPs

•

by Ionut Arghire / 2d

•

CVE-2024-43451

South American cyberespionage group Blind Eagle has infected over 1,600 organizations in Colombia in a recent campaign. The post appeared first on SecurityWeek .

CISA Warns of Ivanti EPM Vulnerability Exploitation

3 TTPs

•

by Ionut Arghire / 2d

CISA has added three critical-severity flaws in Ivanti EPM to its Known Exploited Vulnerabilities catalog. The post appeared first on SecurityWeek .

Hackers Take Credit for X Cyberattack

2 TTPs

•

21by Eduard Kovacs / 2d

Information is coming to light on the cyberattack that caused X outages, but it should be taken with a pinch of salt. The post appeared first on SecurityWeek .