Information Security News – 1/27/2025

Ransomware Attackers Are “Vishing” Organizations Via Microsoft Teams

Article Link: https://www.helpnetsecurity.com/2025/01/21/ransomware-attackers-are-vishing-organizations-via-microsoft-teams-email-bombing/

• Cybercriminals are impersonating IT support through Microsoft Teams, using phishing tactics to gain remote access to corporate systems and deploy ransomware.
• Attackers flood employees’ inboxes with spam to create confusion, then contact them via Teams, offering fake assistance. Trusting the deception, victims unknowingly grant access, allowing malware installation and data theft.
• This technique has been linked to multiple threat groups, some exploiting Teams for direct malware execution, while others use Microsoft’s Quick Assist tool to alter settings and deploy ransomware like Black Basta.
• Information security advisors are urging companies to take proactive steps to restrict external Teams communication, limit remote access permissions, and train employees to recognize suspicious IT requests to avoid falling victim to these attacks.

FTC Orders GM to Stop Collecting and Selling Driver’s Data

Article Link: https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/

• In a landmark privacy ruling, the Federal Trade Commission (FTC) has ordered General Motors and its OnStar unit to stop collecting and selling drivers’ location and behavior data without clear permission.
• Investigators found GM was tracking vehicle locations every three seconds and monitoring driving habits like hard-braking and speeding, then selling that data to third parties, including consumer reporting agencies, without drivers’ knowledge.
• Under the settlement, GM is banned from sharing this data for five years and must be upfront with drivers about what’s being collected, while also giving them easy ways to access, delete, or restrict its use.
• This decision signals a major step in protecting consumer privacy. Drivers should review their vehicle’s data settings, stay informed on privacy policies, and take steps to control who gets access to their personal information.

Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One

Article Link: https://cybersecuritynews.com/brave-browser-vulnerability-malicious-website/

• A newly discovered vulnerability in the Brave browser, tracked as CVE-2025-23086, could let malicious sites disguise themselves as trusted ones, putting users at risk.
• The bug, found in desktop versions 1.70x to 1.73x, exploits how Brave displays site origins in file dialogs, allowing attackers to trick users with deceptive redirects.
• Brave Software has patched the issue in version 1.74.48, but anyone using an outdated version remains vulnerable to phishing and data theft.
• Technology security experts urge users to update immediately and stay cautious when downloading files, even from sites that appear legitimate.
  

Microsoft: Exchange 2016 and 2019 reach end of support in October

Article Link: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-october/

• Microsoft has announced it will officially end support for Exchange Server 2016 and 2019 on October 14, 2025. That means no more security updates, bug fixes, or technical support, leaving organizations still using these versions open to cyber threats.
• With the deadline approaching, Microsoft is urging businesses to start planning their transition now. Options include migrating to Exchange Online or upgrading to the upcoming Exchange Server Subscription Edition to maintain security and compliance.
• Cyber-risk management professionals warn that delaying action may lead to security risks, operation disruptions, and compliance challenges. IT teams are encouraged to begin mapping out their migration strategy to avoid last-minute complications.

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

Article Link: https://krebsonsecurity.com/2025/01/chinese-innovations-spawn-wave-of-toll-phishing-via-sms/

• A significant increase in SMS phishing attacks impersonating toll road operators has been observed across the United States. These attacks aim to steal payment card information from unsuspecting recipients.
• The surge is attributed to Chinese cybercriminal groups introducing advanced phishing kits that seamlessly integrate with messaging platforms like Apple’s iMessage and Android’s RCS. This integration allows attackers to bypass traditional SMS filters, increasing the effectiveness of their scams.
• States including Minnesota, Florida, and Texas have reported residents receiving fraudulent messages claiming unpaid tolls. Victims who engage with these messages risk having their payment card details stolen and misused.
• Authorities advise the public to be cautious of unsolicited messages requesting personal or financial information. It’s recommended to verify the authenticity of such communications directly with the purported source and avoid clicking on suspicious links.

Coordinated Global Mobile Malware Campaign Targets Banking Apps and Cryptocurrency Platforms

Article Link: https://www.techradar.com/pro/this-coordinated-global-mobile-malware-campaign-targets-banking-apps-and-cryptocurrency-platforms

• A highly coordinated malware campaign is setting its sights on more than 50 financial apps, including 40 banks and 10 cryptocurrency platforms, in an attempt to steal login credentials and drain user accounts.
• Hackers are using two malware strains, Gigabud and Spynote, to deceive users into handing over banking credentials and gain full remote control of infected devices.
• The attack spans multiple countries, with cybercriminals running 11 command-and-control servers and 79 phishing websites disguised as trusted brands.
• Information security professionals recommend users to download apps only from official stores, stay wary of suspicious messages via emails, unusual texts, and social media communications, and keep devices updated to block these threats.
  

Five Cybersecurity Basics That Stand the Test of Time

Article Link: https://www.scworld.com/perspective/five-cybersecurity-basics-that-stand-the-test-of-time

• As cybercriminals evolve, certain security fundamentals remain as powerful today as ever: protecting businesses from attacks, financial losses, and operational chaos.
• Industry experts stress five critical steps: reassessing security tools to eliminate blind spots, training employees to spot scams, running live attack simulations, prioritizing vulnerability patching, and refining incident response plans to minimize damage when breaches happen.
• Many cyberattacks experience success when the basics are neglected. Organizations that stay disciplined with these core defenses dramatically reduce their risk of costly intrusions, ransomware incidents, and data leaks.
• Business heads are pressed to make security a top priority by routinely testing defenses, keeping employees informed, and ensuring response plans are battle-ready for real-world threats.

Why CISOs Must Think Clearly Amid Regulatory Chaos

Article Link: https://www.darkreading.com/cybersecurity-operations/cisos-must-think-clearly-amid-regulatory-chaos

• Corporate accountability for data breaches is entering a new era as the Securities and Exchange Commission (SEC) enforces sweeping regulations directed at tightening security oversight. Companies are now under a federal microscope; executives are required to rapidly disclose major breaches and provide transparent insights into their risk strategies.
• The updated rules demand that publicly traded organizations report significant incidents within just four business days. These changes come as the SEC takes actions like suing SolarWinds, signaling a crackdown on leadership-level answerability for protecting sensitive assets.
• These new requirements shift responsibility from an IT issue to a top business governance priority. Serious information security risk and cyber threat discussions are moving into the boardroom, with regulators demanding answerability from members and executive leadership for how they prevent and respond to attacks.
• Advisors in risk management accentuate the importance of aligning security policies with the new rules, reinforcing compliance frameworks, and establishing clear protocols to address potential incidents.

Ex-CIA Analyst Pleads Guilty to Leaking National Defense Information

Article Link: https://cybersecuritynews.com/cia-analyst-guilty-leak/

• A stunning breach of national security, ex-CIA Asif William Rahman has admitted to leaking highly classified intelligence, a move that sent sensitive U.S. defense information onto social media just one day after he shared it.
• Prosecutors say Rahman accessed, photographed, and transmitted top-secret documents detailing U.S. foreign allies’ military plans. To cover his tracks, he destroyed electronic devices used in the leak.
• Officials warn this breach could have put lives at risk, strained international relations, and compromised intelligence operations. The case is being called one of the most serious national security violations in recent history.
• Rahman faces up to 20 years in prison under the Espionage Act, with sentencing set for May 15, 2025. Federal prosecutors say his actions were a direct threat to national security, and they are pushing for a severe penalty.