111 words

1 minute

GUARD 23.02.2025

2025-02-23

summary

Data Breaches/Leaks#

Lietvaris (document management system utilized in Latvia) - November 1st 2024 - 25 million records
- Source: https://cybernews.com/security/lietvaris-platform-leak-exposed-millions-records/
- Reason: unprotected Elasticsearch cluster
- Leaked data: Names and surnames, National IDs, Home addresses
Vivifi (Indian digital lending app)- Nov 28th 2024 - 36k files
- Article: https://cybernews.com/security/vivifi-data-leak/
- Leaked data: - Passports, National ID cards, Driver’s licenses, Voter IDs, Utility bills, Lease/rental agreements, Bank statements, Salary slips, Employment letters, Taxpayer Identification – PAN cards, Vivifi’s loan agreements, Communication with clients
- Reason: misconfigured Amazon AWS S3 bucket

Vulnerabilities#

OpenSSH - MiTM and DoS
MS Power Pages - Privilege Escalation
- Article: https://thehackernews.com/2025/02/microsoft-patches-actively-exploited.html
- CVEs:
  - CVE-2025-21355
  - CVE-2025-24989
Citrix - Privilege Escalation

AI#

Cybercriminals weaponizing AI
- Article: https://cybernews.com/security/ai-malware-pioneers/

Titbits#

$1.4 Billion Stolen From ByBit - Crypto Theft
- Article: https://www.theblock.co/post/342667/crypto-exchange-bybit-hacked-as-over-1-billion-worth-of-eth-leaves-wallets
Quantum-Resistant Digital Signatures for Google Cloud KMS
- Article: https://www.darkreading.com/cloud-security/google-quantum-resistant-digital-signatures-cloud-kms

GUARD 23.02.2025

https://typetherapy.blog/posts/guard/guard_23_02_2025/

Author

Type Therapy Blog

Published at

2025-02-23

License

CC BY-NC-SA 4.0

GUARD 23.03.2025

GUARD 16.02.2025

Data Breaches/Leaks

Vulnerabilities