136 words

1 minute

GUARD 16.02.2025

2025-02-16

summary

Data Breaches/Leaks#

Hipshipper - December 2nd 2024 - ~millions records
- Source: https://cybernews.com/security/hipshipper-data-leak-exposed-shipping-records/
- Reason: unsecured Amazon AWS bucket
- Leaked data: Names, Home addresses, Phone numbers, Order details (dates of mailing, parcel information, etc.)
Memorial Hospital - November 1st - 120k people affected
- Source: https://www.maine.gov/agviewer/content/ag/985235c7-cb95-4be2-8792-a1252b4f8318/b5d2ed34-3d1c-449e-915a-1683af30ba6a.html
- Leaked data: Names, Social Security Numbers, Dates of birth, Health Insurance Information, Medical Treatment and Medical History
- Article: https://www.darkreading.com/cyber-risk/120k-victims-compromised-memorial-hospital-ransomware
- Reason: Ransomware attack

Vulnerabilities#

Apple USB Vulnerability
- Article: https://thehackernews.com/2025/02/apple-patches-actively-exploited-ios.html
- Source: https://support.apple.com/en-us/122174
- CVE: CVE-2025-24200
VeraCore Zero-Day (threat actor - XE Group)
- Article: https://thehackernews.com/2025/02/xe-hacker-group-exploits-veracore-zero.html
- Source: https://intezer.com/blog/research/xe-group-exploiting-zero-days/
- CVEs:
  - CVE-2024-57968
  - CVE-2025-25181
NVIDIA Container Toolkit Vulnerability
- Article: https://thehackernews.com/2025/02/researchers-find-new-exploit-bypassing.html
- Sources:
  - https://www.wiz.io/blog/nvidia-ai-vulnerability-deep-dive-cve-2024-0132
  - https://nvidia.custhelp.com/app/answers/detail/a_id/5616
- CVE: CVE-2025-23359
AWS IAM User Enumeration
- Article: https://rhinosecuritylabs.com/research/unauthenticated-username-enumeration-in-aws/
- Source: CVE-2025-0693
PostgreSQL BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS)
- Article: https://thehackernews.com/2025/02/postgresql-vulnerability-exploited.html
- Source: CVE-2025-1094

AI#

Be careful with DeepSeek! Red Flag for Businesses.
- Source: https://www.appsoc.com/blog/one-explanation-for-deepseeks-dramatic-savings-ip-theft
- Article: https://www.darkreading.com/cyber-risk/deepseek-fails-multiple-security-tests-business-use

Risk#

Why data leaks happen most often in those States?
- Article: https://www.darkreading.com/cyber-risk/business-cybersecurity-weakest-states
Wanna update US DOGE database?
- Article: https://www.wired.com/story/the-official-doge-website-launch-was-a-security-mess/
- Source: https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/

Cybercrime#

Sandworm Subgroup’s (BadPilot/Seashell Blizzard) Global Cyber Attacks
- Article: https://thehackernews.com/2025/02/microsoft-uncovers-sandworm-subgroups.html
- Source: https://www.microsoft.com/en-us/security/blog/2025/02/12/the-badpilot-campaign-seashell-blizzard-subgroup-conducts-multiyear-global-access-operation/

Titbits#

Maximizing the potential from MFA
- Article: https://thehackernews.com/2025/02/4-ways-to-keep-mfa-from-becoming-too.html
Build Your Own Offensive Security Lab
- Article: https://xphantom.nl/posts/Offensive-Security-Lab/
Leak YouTube emails
- Article: https://brutecat.com/articles/leaking-youtube-emails

GUARD 16.02.2025

https://typetherapy.blog/posts/guard/guard_16_02_2025/

Author

Type Therapy Blog

Published at

2025-02-16

License

CC BY-NC-SA 4.0

GUARD 23.02.2025

GUARD 02.02.2025

Data Breaches/Leaks

Vulnerabilities