WEEKLY TOP TEN: February 03, 2025, 16:00 GMT
- Israeli Spyware Firm Linked to WhatsApp Zero Click Vulnerability
Meta has announced that they are taking action to resolve a targeted spyware campaign against journalists and activists. The source of this attack is believed to be Israeli spyware company Paragon, who developed and utilized a zero-click RCE exploit against the WhatsApp encrypted messaging application - Malvertising Campaign Used to Hijack Microsoft Advertiser Accounts
A new Google malvertising campaign has been observed posing as legitimate software or services; however, the advertised pages contain credential harvesters, which aim to steal Microsoft Advertiser accounts to further expand and propagate the attackers’ capabilities and campaign. - Community Health Center Suffers Large Data Breach
The non-profit health organization Community Health Center has suffered a data breach from an unidentified attacker. This comes in a string of attacks against the healthcare industry, with Frederick Health and NY Blood Center both having suffered the same fate in the past week. It is estimated that the information of around one million patients was impacted. - Law Enforcement Seizes Hacker Forums Cracked and Nulled in Operation Talent
Two hacker forums cracked[.]io and nulled[.]to have been seized in a joint law enforcement operation. These forums were front runners in popularity and activity in the cybercrime underground. Two individuals in Spain have been arrested in relation to these forums, with both forums sharing the same owner/administrator. - AWS and Azure Cloud Infrastructure Used in Cybercrime
Researchers have uncovered what they dub “Infrastructure laundering,” a technique in which attackers rent infrastructure from legitimate cloud service providers to mask their criminal activities behind seemingly legitimate IP addresses and machines. - Google Bans Over Two Million Malicious Android Applications
In their 2024 report, Google stated that over the past year, they have blocked around 2.4 million applications from the Google Play Store that violated user privacy or contained malicious content, with an associated 158,000 bad developer accounts also being removed. - Chinese Linked Backdoors Found in Two Healthcare Monitor Devices
Two popular models of healthcare monitors, which show patient vitals within hospitals, have been found to have a backdoor communicating with Chinese-based IP addresses. This backdoor could provide access to hospital networks and patients’ vital data. - Malicious Android Applications Delivered via Fake Wedding Invites
A new phishing campaign has been observed in which a malicious APK is attached to a fake wedding invitation, telling users to download the app in order to RSVP to the supposed wedding. The delivered malware steals call logs, messages, and emails and uses the collected information to further spread itself to victims’ contact lists. - Voyager PHP Server Vulnerability Leads to One-Click RCE
A new vulnerability has been discovered in the popular PHP package Voyager. A single click on a malicious link can lead to remote code execution on the victim’s device, giving attackers the ability to run any malicious code or application they desire. - New Mirai Botnet Variant Discovered
A new variant of the infamous Mirai botnet, AquaBot, has been discovered. This specific variant targets Mitel VOIP phones via a command injection vulnerability, allowing attackers to add the phones to their botnet, which can be used for DDoS or other attacks.
Our Threat Operations and Intelligence team compiles a daily digest of the most recent online cybersecurity risks. The following top 10 stories were selected from the 40+ original ones we determined to be most significant during the course of the week, ranking by highest risk and using multiple sources when available: