Information Security News – 3/24/2025

NIST Finalizes Differential Privacy Rules to Protect Data

Article Link: https://www.darkreading.com/data-privacy/nist-finalizes-differential-privacy-rules-to-protect-data

• The National Institute of Standards and Technology (NIST) has locked in new rules on differential privacy, which is a method that injects controlled randomness, or “noise,” into datasets to conceal individual identities while preserving overall trends and insights.
• The framework is already battle-tested, used by Apple, Google, and even the U.S. Census Bureau to prevent re-identification. NIST’s playbook pushes organizations to abandon risky DIY fixes, rely on proven privacy tools, and measure exactly how much protection they’re getting.
• Industries like healthcare and finance can now analyze massive datasets without exposing personal details. Proper safeguards are essential, as repeated queries or continuous data streams can erode privacy protections over time. NIST backs this up with interactive tools on GitHub, along with flowcharts, and sample code to help businesses get it right.
• NIST’s experts’ advice: lock down access to sensitive data, use vetted open-source frameworks, and apply structured evaluation methods to keep personal details secure without ruining data usability.
• NIST SP 800-226: https://csrc.nist.gov/pubs/sp/800/226/final

Criminals are Using CSS to Get Around Filters and Track Email Usage

Article Link: https://www.techradar.com/pro/security/criminals-are-using-css-to-get-around-filters-and-track-email-usage

• Attackers are tapping a new campaign to hide phishing links and tracking pixels in CSS, letting them see when emails are opened, printed, or forwarded, all without triggering alarms.
• The campaign builds upon a hidden text or ‘salting’, letting criminals slip past traditional security measures to gather behavioral intel for their scams and identity theft while in stealth mode.
• This untraceable tracking method weakens standard email defenses by using attributes of the user’s environment, opening the door to spear-phishing or fingerprinting attacks on a larger scale.
• Security analysts are pushing for smarter filtering technology that detects sneaky CSS-based tracking to help stop these covert attacks before they reach inboxes.

Warning Over Free Online File Converters That Actually Install Malware

Article Link: https://www.malwarebytes.com/blog/news/2025/03/warning-over-free-online-file-converters-that-actually-install-malware

• The Federal Bureau of Investigation (FBI) warns that cybercriminals are using free online file converters as bait to spread malware, duping users into compromising their personal and financial information.
• These fraudulent sites convince users to download software or browser extensions that secretly steal sensitive data, including Social Security numbers, banking credentials, and email logins.
• Victims often remain unaware of the infection until they experience identity theft, drained bank accounts, or ransomware attacks, making these scams particularly dangerous.
• The FBI cautions users against unverified file converters, instead recommending built-in software and strong education and awareness initiatives to block and prevent malware infections.

Malicious Adobe, DocuSign OAuth Apps Target Microsoft 365 Accounts

Article Link: https://www.bleepingcomputer.com/news/security/malicious-adobe-docusign-oauth-apps-target-microsoft-365-accounts/

• Cybercriminals are hijacking Microsoft 365 accounts by pushing fake OAuth apps disguised as Adobe Acrobat, Adobe Drive, and DocuSign, deceiving users into granting access.
• These deceptive apps request minimal permissions like ‘profile’ and ‘email,’ but once approved, they siphon names, user IDs, and primary email addresses, handing attackers a direct line into sensitive accounts.
• This campaign is hitting industries across the U.S. and Europe, from government agencies to retail and healthcare. Attackers have even used hacked charity and small business email accounts to send phishing lures, including fake Requests for Proposals (RFPs) that direct victims to malicious login pages.
• Microsoft recommends blocking unverified third-party OAuth apps, conducting frequent security audits, and training employees to spot phishing traps before clicking. Multi-factor authentication (MFA) remains one of the strongest defenses against account takeovers.

Scareware Combined with Phishing in Attacks Targeting macOS Users

Article Link: https://www.securityweek.com/scareware-combined-with-phishing-in-attacks-targeting-macos-users/

• Cyber-scammers have now shifted their focus to macOS, deploying scareware pop-ups that trick users into handing over their credentials.
• After Windows-targeted scareware attacks dropped by 90% due to browser security upgrades, hackers pivoted to macOS, where browser protections are weaker. Compromised websites are now pushing deceptive security warnings designed to lure users into phishing traps.
• This turn of deception puts millions of macOS users in the crosshairs, exposing them to account takeovers, unauthorized access, and financial fraud. With fewer built-in defenses, these scams are extra convincing and more dangerous.
• Security experts warn macOS users to ignore and avoid entering credentials into unexpected or unknown pop-ups, and update browsers to eliminate known vulnerabilities.

Insurer Notifying 335,500 Customers, Agents, Others of Hack

Article Link: https://www.bankinfosecurity.com/insurer-notifying-335500-customers-agents-others-hack-a-27733

• Hackers hit New Era Life Insurance, exposing 335,500 customers’ personal and medical records across multiple states in a major data breach.
• Cybercriminals infiltrated systems between December 9th and 18th, 2024, stealing names, birthdates, insurance IDs, and even Social Security numbers. The breach was detected on December 18th, with investigators confirming the full extent by January 31, 2025.
• This is 2025’s largest reported health insurance data breach, putting thousands at risk of identity fraud. With insurers and healthcare firms frequently targeted, stolen data may be exploited for financial crimes and scams.
• Notification letters were sent on February 11, 2025, informing those affected. New Era is working with forensic investigators and law enforcement, providing steps for customers to track financial statements, secure sensitive data, and enable credit freezes.

Nation-state Groups Hit Hundreds of Organizations with Microsoft Windows Zero-day

Article Link: https://cyberscoop.com/microsoft-windows-zero-day-exploits-nation-states/

• Nation-state hackers are exploiting a Windows zero-day vulnerability to infiltrate organizations worldwide, conduct espionage, and steal both data and cryptocurrency.
• The flaw, tracked as ZDI-CAN-25373, involves how Windows handles shortcut (.lnk) files, letting attackers run hidden commands. Active since 2017, it’s been used by state-sponsored groups from North Korea, Iran, Russia, China, India, and Pakistan.
• At least 300 organizations across government, finance, cryptocurrency, telecommunications, defense, think tanks, and energy sectors have been compromised, with thousands of infected devices. Researchers say that North Korea’s APT43 and APT37 account for nearly half of the attacks.
• Microsoft issued guidance to users against opening unknown files and noted that it may address the flaw in a future update. In the meantime, organizations are urged to tighten security controls, run frequent system audits, and train staff to spot phishing attempts tied to this vulnerability.
• ZDI-CAN-25373: https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

Infostealers Fueled Attacks and Snagged 2.1B Credentials Last Year

Article Link: https://cyberscoop.com/infostealers-cybercrime-surged-2024-flashpoint/

• The Flashpoint 2025 Global Threat Intelligence Report exposes a surge in credential theft that exploded by 33% in 2024, with 3.2 billion stolen records in circulation. Malware infections hit 23 million devices, leading to 2.1 billion credentials snatched by cybercriminals.
• According to the report, hackers are ramping up Ransomware-as-a-Service (RaaS), driving a 10% spike in ransomware attacks. Just five major ransomware groups are behind half of these incidents, showing just how organized these threats have become.
• With threats evolving fast, cybercriminals are blurring the lines between digital, physical, and geopolitical risks. Businesses and individuals are staring down a rising wave of financial fraud, identity theft, and system takeovers, with the odds getting riskier by the second.
• Flashpoint is dropping a high-stakes warning, pushing organizations to step up their threat detection, secure their credentials, and layer defenses before the next attack strikes.
• Flashpoint Report: https://flashpoint.io/blog/flashpoint-global-threat-intelligence-report-gtir-2025/

Alleged Israeli LockBit Developer Rostislav Panev Extradited to U.S. for Cybercrime Charges

Article Link: https://thehackernews.com/2025/03/alleged-israeli-lockbit-developer.html

• Rostislav Panev, a dual Russian-Israeli national, has been sent to the U.S. to face charges for his apparent role in developing and maintaining LockBit’s ransomware, and wreaking havoc since 2019.
• LockBit is one of the most notorious ransomware groups, responsible for attacks on over 2,000 entities across 120 countries, including 1,800 victims in the U.S. The group has extorted at least $120 million in ransom payments, inflicting devastating economic losses and operational disruptions.
• Panev’s extradition is a major win for law enforcement, proving that cybercriminals can and will be tracked down. This case demonstrates the growing international effort to dismantle ransomware networks and hold those responsible accountable.