Travel on the Cyber Express

The U.S. has succeeded in extraditing a suspected LockBit ransomware developer who was arrested last year. Rostislav Panev, 51, a dual Russian and Israeli national, was arrested last year in Israel on a U.S. provisional arrest request. The U.S. Department of Justice (DOJ) announced yesterday that Panev has been extradited to the U.S. on charges that he was a developer for the LockBit ransomware group. Following an initial court appearance before U.S. Magistrate Judge André M. Espinosa, Panev was detained pending trial. “Rostislav Panev’s extradition to the District of New Jersey makes it clear: if you are a member of the LockBit ransomware conspiracy, the United States will find you and bring you to justice,” U.S. Attorney John Giordano said in a statement. “Even as the means and methods of cybercriminals become more sophisticated, my Office and our FBI, Criminal Division, and international law enforcement partners are more committed than ever to prosecuting these criminals.” Panev’s extradition comes as the LockBit ransomware group tries to relaunch following a year of international law enforcement efforts. LockBit Ransomware Developer Worked for Group Since Launch According to court documents and statements, Panev was a developer of the LockBit ransomware group from its inception around 2019 through at least February 2024. “During that time, Panev and his LockBit coconspirators grew LockBit into what was, at times, the most active and destructive ransomware group in the world,” the DOJ statement said. The LockBit group claimed more than 2,500 victims in at least 120 countries, including 1,800 in the U.S., the DOJ said. According to Cyble data, Lockbit has been by far the most active ransomware group in recent years. Even after a year of reduced activity, the group’s 2,700+ victims are still triple the total of the next nearest group, the CL0P ransomware group. However, one attack in particular was ill-advised, a 2022 attack on the Toronto Hospital for Sick Children, which led to an apology from LockBit along with a free decryptor – and increased law enforcement attention. LockBit extracted at least $500 million in ransom payments from victims and caused billions of dollars in other losses, the DOJ said. LockBit members were comprised of “developers” like Panev, who designed the LockBit malware code and maintained operational infrastructure, and “affiliates,” who carried out attacks and extorted victims. They split the ransom payments. Panev Evidence Cited A superseding complaint alleges that at the time of Panev’s arrest last August, law enforcement found on his computer the administrator credentials for an online repository that was hosted on the dark web and contained source code for multiple versions of the LockBit builder, which allowed affiliates to generate custom builds for particular victims. The repository also contained source code for LockBit’s StealBit tool, which was used for exfiltration, the DOJ said, adding that law enforcement also discovered access credentials for the LockBit control panel maintained by the developers for affiliates. The complaint also alleges that Panev “exchanged direct messages through a cybercriminal forum with LockBit’s primary administrator,” alleged by the U.S. to be Dmitry Yuryevich Khoroshev, also known as LockBitSupp, LockBit, and putinkrab. Those messages discussed work that needed to be done on the LockBit builder and control panel. Between June 2022 and February 2024, the U.S. claims that the primary LockBit administrator “made a series of transfers of cryptocurrency, laundered through one or more illicit cryptocurrency mixing services, of approximately $10,000 per month to a cryptocurrency wallet owned by Panev. Those transfers amounted to over $230,000 during that period.” The DOJ said that in interviews with Israeli authorities following his arrest, “Panev admitted to having performed coding, development, and consulting work for the LockBit group and to having received regular payments in cryptocurrency for that work, consistent with the transfers identified by U.S. authorities.” That work allegedly included code to disable antivirus software, to deploy malware to multiple computers connected to a victim network, and to print the LockBit ransom note to all printers connected to a victim network. The U.S. says Panev “also admitted to having written and maintained LockBit malware code and to having provided technical guidance to the LockBit group.” Seven LockBit members have now been charged in the District of New Jersey, according to the DOJ. Beyond Panev and Khoroshev, who remains at large, other previously charged LockBit suspects include: Affiliates Mikhail Vasiliev, also known as Ghostrider, Free, Digitalocean90, Digitalocean99, Digitalwaters99, and Newwave110, and Ruslan Astamirov, also known as BETTERPAY, offtitan, and Eastfarmer, who pled guilty and are awaiting sentencing. Affiliates Artur Sungatov and Ivan Kondratyev, also known as Bassterlord, have also been charged and remain at large, as has Mikhail Matveev, also known as Wazawaka, m1x, Boriselcin, and Uhodiransomwar. Rewards of up to $10 million have been offered for the at-large suspects.

Zoom has released important security patches addressing several vulnerabilities that affect its applications, including four high-severity flaws. These Zoom vulnerabilities was discovered by the company’s offensive security team and quickly acted to secure its platform.  On March 11, 2025, Zoom informed users about the release of updates for five Zoom vulnerabilities, among which four are classified as high severity. These vulnerabilities, identified by the Common Vulnerability and Exposure (CVE) system, are tracked as CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150. They affect Zoom Workplace apps, Zoom Rooms controllers, and the Zoom Meeting SDK. Affected versions of these products are prior to version 6.3.0.  Breakdown of Zoom Vulnerabilities  The vulnerabilities in Zoom apps range in their nature, with several related to memory management issues that could be exploited for privilege escalation. Specifically, these issues include:  CVE-2025-27440: This vulnerability affects Zoom Workplace apps, including those for Windows, macOS, Linux, iOS, and Android. It allows an authenticated attacker to escalate their privileges via network access. The CVSS (Common Vulnerability Scoring System) score for this vulnerability is 8.5, indicating a high level of severity. Users are advised to update their apps to version 6.3.0 or later to mitigate the risks associated with this flaw.  CVE-2025-27439: Similar to the previous vulnerability, CVE-2025-27439 is also a privilege escalation issue, caused by a buffer underflow in Zoom Workplace apps. Again, this flaw allows an authenticated attacker to exploit network access to escalate privileges. It shares the same CVSS score of 8.5 and affects the same range of platforms. Updating to version 6.3.0 or higher is recommended to address this issue.  CVE-2025-0151: The third high-severity vulnerability, CVE-2025-0151, involves a use-after-free error in Zoom Workplace apps. This issue could also allow an attacker to escalate privileges through network access, but it specifically targets a memory management flaw where the app fails to properly handle freed memory. Like the other two high-severity issues, CVE-2025-0151 has a CVSS score of 8.5.  CVE-2025-0150: This vulnerability affects Zoom Workplace apps for iOS, allowing an attacker to trigger a denial of service (DoS) condition. While the severity is somewhat lower than the others (CVSS score of 7.1), it still poses a security risk as it can cause the application to become unresponsive when triggered by an authenticated user via network access. Additional Medium-Severity Vulnerability  Along with these high-severity Zoom vulnerabilities, the company also patched a medium-severity flaw related to the insufficient verification of data authenticity. This issue, tracked as CVE-2025-0149, allows an unprivileged user to conduct a DoS attack via network access. The CVSS score for this vulnerability is 6.5, indicating that while it’s less critical, it still warrants attention. Affected products include Zoom Workplace apps for Windows, macOS, iOS, and Android. Affected Products and Version Updates  The vulnerabilities in Zoom apps affect several products across multiple platforms. These include:  Zoom Workplace Desktop App for Windows, macOS, and Linux  Zoom Workplace App for iOS and Android  Zoom Rooms Controller and Client Apps  Zoom Meeting SDK for multiple platforms (Windows, iOS, Android, macOS, Linux)  For users to protect themselves from these vulnerabilities in Zoom, it is critical to update to version 6.3.0 or higher, where these security flaws have been resolved. Zoom has made the latest updates available for download at zoom.us/download.  Conclusion  Zoom’s offensive security team discovered and addressed several critical vulnerabilities, including CVE-2025-27440, CVE-2025-27439, CVE-2025-0151, and CVE-2025-0150, demonstrating the company’s proactive approach to securing its platform. By quickly patching these issues, which involve memory management flaws and potential denial-of-service risks, Zoom reinforces its commitment to user security. The company urges all users to update their apps promptly to mitigate the potential for exploitation, emphasizing the importance of regular software updates in protecting against cybersecurity threats and ensuring the continued safety of millions of Zoom users worldwide.

Cupertino, California – March 13, 2025 – Cyble, a leading global cybersecurity and threat intelligence provider, is proud to announce that it has been honored as a Silver Winner in four distinguished categories at the prestigious Globee Cybersecurity Awards 2025. These accolades recognize Cyble’s pioneering work in developing AI-driven security solutions that proactively combat cyber threats. The company secured Silver in the following categories: AI-Driven Threat Detection AI-Powered Incident Response and Management Outstanding Threat Detection and Response Advanced Threat Intelligence About the Globee Cybersecurity Awards 2025 The Globee Cybersecurity Awards celebrate cybersecurity organizations and innovators that demonstrate outstanding advancements, technological excellence, and measurable impact in safeguarding businesses and individuals from the evolving cyber threat landscape. Winning in four key categories is a testament to Cyble’s dedication to staying at the forefront of cybersecurity innovation, providing cutting-edge solutions that empower enterprises to detect, mitigate, and respond to sophisticated cyber threats in real-time. Commenting on this recognition, Beenu Arora, CEO and Co-founder of Cyble, expressed his appreciation: “We are deeply honored to be recognized as a Silver Winner in four key categories at the Globee Cybersecurity Awards 2025. This achievement underscores the relentless commitment, passion, and expertise of our global team in developing AI-powered cybersecurity solutions that protect businesses from ever-evolving digital threats. At Cyble, we remain steadfast in our mission to drive security innovation, equipping organizations with intelligence-driven tools to enhance their cyber resilience and safeguard their digital ecosystems. With an increasing number of cyber adversaries leveraging AI to execute sophisticated attacks, Cyble continues to expand its capabilities to provide proactive threat intelligence, attack surface management, dark web monitoring, and incident response solutions. The company’s AI-powered approach enhances its ability to detect and mitigate cyber risks before they escalate, ensuring its customers remain ahead of threats in an increasingly complex digital landscape. Cyble’s recognition at the Globee Cybersecurity Awards 2025 reinforces its role as a trusted partner for businesses, government entities, and organizations worldwide. By integrating artificial intelligence, machine learning, and real-time threat intelligence, Cyble enables organizations to strengthen their security postures, reduce risk exposure, and respond effectively to cyber threats. For the full list of winners and more details about the Globee Cybersecurity Awards 2025, visit: https://globeeawards.com/cybersecurity/winners/. About Cyble Cyble is an award-winning cybersecurity organization dedicated to helping enterprises, governments, and individuals protect their digital ecosystems. By leveraging AI, ML, and extended threat intelligence expertise, Cyble offers comprehensive coverage across adversaries, infrastructure, exposures, weaknesses, and targets. Headquartered in Cupertino, California, U.S., Cyble has a global presence with offices in Australia, Malaysia, Singapore, Dubai, Saudi Arabia, Europe, UK, and India. For more information, visit www.cyble.com. Media Contacts: Cyble Inc. enquiries@cyble.com +1 888 673 2067

The Australian Securities and Investments Commission (ASIC) has taken legal action against FIIG Securities Limited (FIIG) over alleged systemic and prolonged cybersecurity failures. The proceedings, filed in the Federal Court of Australia, highlight serious deficiencies in FIIG’s cybersecurity measures that persisted for more than four years, ultimately leading to a significant data breach. ASIC alleges that between March 2019 and June 8, 2023, FIIG failed to implement adequate cybersecurity measures, leaving the company and its clients vulnerable to cyber threats. A hacker reportedly infiltrated FIIG’s IT network on May 19, 2023, remaining undetected until June 8, 2023. This resulted in the theft of approximately 385GB of confidential data, affecting around 18,000 clients. The stolen information included highly sensitive personal data such as names, addresses, birth dates, driver’s licenses, passports, bank account details, and tax file numbers. Alarmingly, FIIG was unaware of the breach until it was contacted by the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) on June 2, 2023. However, the company only launched an investigation six days later, despite the warning from ASD’s ACSC. ASIC’s Concerns ASIC Chair Joe Longo emphasized the importance of cybersecurity measures, stating, “This matter should serve as a wake-up call to all companies on the dangers of neglecting cybersecurity systems.” He added that cybersecurity is not a “set and forget” matter and requires continuous monitoring and improvement. ASIC expects companies, particularly financial service providers, to proactively manage their cybersecurity risks to protect customers and maintain trust in the financial system. ASIC has accused FIIG of failing to: Implement and monitor properly configured firewalls to defend against cyberattacks. Regularly update and patch software and operating systems to address security vulnerabilities. Provide mandatory cybersecurity awareness training for staff. Allocate sufficient financial, technological, and human resources for cybersecurity risk management. FIIG Securities: Legal and Regulatory Implications As an Australian Financial Services (AFS) licensee, FIIG is legally required under the Corporations Act 2001 (Cth) to have adequate risk management systems in place. ASIC has been actively enforcing cybersecurity obligations for financial service providers, making this case its second cybersecurity enforcement action. In May 2022, ASIC took action against RI Advice, another AFS licensee, for failing to implement adequate risk management systems to address cybersecurity threats. The Federal Court ruled that RI Advice had breached its obligations to act efficiently and fairly by failing to safeguard client information. ASIC is now seeking declarations of contraventions, civil penalties, and compliance orders against FIIG. This case highlights ASIC’s commitment to ensuring AFS licensees maintain strong cybersecurity measures to protect investors and the broader financial system. The Broader Cybersecurity Challenge FIIG’s role as an AFS licensee involves providing custodial and trading services, maintaining records of client investments, and managing funds and fixed-income investments. The nature of its business and the sensitive data it holds make it a prime target for cybercriminals. Cybersecurity experts have pointed out that the issue is not just the breach itself but FIIG’s failure to implement reasonable and adequate measures to mitigate cybersecurity risks. Annie Haggar, Partner and Head of Cybersecurity at Norton Rose Fulbright Australia noted in a LinkedIn post that ASIC’s case provides insight into what constitutes ‘adequate’ cybersecurity protections. She highlighted key factors that ASIC considers when evaluating a company’s cybersecurity framework: The nature of the business and its responsibilities as an AFS licensee. The type and sensitivity of information stored, including financial and personal data. The value of assets under the company’s control. The likelihood of cyber threats and the potential consequences of a successful attack. Missed Cybersecurity Measures ASIC has outlined several key cybersecurity measures that FIIG allegedly failed to implement, including: An up-to-date and tested incident response plan. Effective privileged access management controls. Regular vulnerability scanning to identify security weaknesses. Deployment of next-generation firewalls and Endpoint Detection and Response (EDR) solutions. Keeping software and systems patched and updated. Implementing multi-factor authentication (MFA) for enhanced security. Properly configuring a Security Information and Event Management (SIEM) system monitored by skilled personnel. Conducting security awareness training for employees. Establishing processes to continuously review and improve cybersecurity controls. Industry and Regulatory Response ASIC has consistently warned financial service providers about the need for strong cybersecurity practices. Following its 2023 Cyber Pulse Survey (REP 776), ASIC urged Australian organizations to prioritize cybersecurity and enhance their resilience against cyber threats. The regulator has made cybersecurity a key enforcement priority, aiming to hold companies accountable for failing to meet their obligations under the Corporations Act. Companies that fail to meet these obligations may face regulatory action, financial penalties, and reputational damage. ASIC’s lawsuit against FIIG Securities highlights the growing regulatory focus on cybersecurity compliance within the financial sector. This case reinforces the need for financial institutions to adopt a proactive approach to cybersecurity by implementing adequate protections, regularly updating their security measures, and ensuring that their staff is well-trained in cyber risk management. For businesses handling sensitive financial data, cybersecurity should not be an afterthought. It must be a continuous priority to safeguard customer information and maintain trust in the digital financial ecosystem.

Sean Plankey has been nominated to be the next director of the U.S. Cybersecurity and Infrastructure Security Agency (CISA). Plankey will succeed Jen Easterly, who left the agency as the second Trump administration was sworn in. Plankey must be confirmed by the Senate, where his nomination was referred to the Committee on Homeland Security and Governmental Affairs. Easterly welcomed her successor in a LinkedIn post, saying that “Sean will bring great cyber expertise, private sector creds, a warrior spirit, and steady leadership to Team CISA.” Plankey’s experience will be beneficial as he takes over the top U.S. cybersecurity agency amid cuts to its red team, election security and other areas, as part of the Department of Governmental Efficiency (DOGE) effort and a general desire by Republicans that the agency focus on its core mission of protecting U.S. critical infrastructure. Plankey Brings Distinguished Experience as Next CISA Director Plankey is a U.S. Coast Guard Academy and University of Pennsylvania graduate, with degrees in management and IT. He served in the first Trump Administration from 2018 to 2020, first as Director for Cyber Policy at the National Security Council and then as Principal Deputy Assistant Secretary for Cybersecurity, Energy Security, and Emergency Response at the Department of Energy. He also served as Deputy CIO for Naval Intelligence. Sean Plankey, nominated as CISA director While at the NSC, his roles included Director for Maritime Cyber Policy, Pacific Cyber Policy, and National Defense Cyber Policy. Plankey, a United States Coast Guard veteran, was awarded a Bronze Star and received recognition from former President Barack Obama for his work with the U.S. Cyber Command in Afghanistan. His private sector roles have included Global Cyber Intelligence Advisor at BP and, most recently, General Manager and Global Head of Cybersecurity Software for Indigo Vault, a post-quantum encryption document protection platform. Plankey Takes Over Amid Challenges from Russia, China Plankey will take the helm of an agency that has faced persistent cyberattacks and disinformation campaigns from adversaries such as China, Russia, Iran and North Korea. China in particular is believed to be burrowed into U.S. critical infrastructure, and U.S. officials have speculated that the country may be preparing for an eventual invasion of Taiwan. Showing the potential of such challenges, Easterly speculated in a recent LinkedIn post that China, Russia, Iran and North Korea could potentially unite as an alternative to the “Five Eyes” (FVEY) alliance of the U.S., UK, Canada, Australia and New Zealand. “[T]he emergence of an AI-powered FOUR EYES intelligence-sharing alliance among China, Russia, Iran, and North Korea could have far-reaching implications for global security,” Easterly wrote. “America must anticipate this shift, enhancing our AI capabilities in intelligence & counterintelligence to maintain our strategic edge. In addition, we must ensure the continued vitality and efficacy of the FVEY alliance.”

Apple has released a series of crucial security updates designed to patch vulnerabilities across its ecosystem of devices. On March 11, 2025, the tech giant rolled the Apple security update with iOS 18.3.2, iPadOS 18.3.2, macOS Ventura, macOS Sonoma, macOS Sequoia, visionOS 2.3.2, and tvOS 18.3.1, addressing multiple security flaws that could potentially have been exploited by cybercriminals.   List of the Fixes in the Apple Security Update  One of the most notable releases is iOS 18.3.2 and iPadOS 18.3.2, which have been issued to iPhone, iPad, and iPod touch users. This update is particularly important as it fixes a vulnerability within WebKit, Apple’s browser engine. The flaw could allow maliciously crafted web content to break out of the Web Content sandbox, a core security mechanism. This is a significant issue, as it could lead to unauthorized actions on a device, potentially allowing attackers to gain access to sensitive information.  Apple has also addressed reports that this vulnerability may have been exploited in what the company describes as “an extremely sophisticated attack” targeting specific individuals. Apple did not provide further details about the attack, but it is clear that this fix is essential for protecting users against potential threats.  The update also includes a patch for an out-of-bounds write issue, which could have enabled malicious actors to bypass security protections. With improved checks now in place, the risk of exploitation has been reduced. Users with devices including the iPhone XS and later and various iPad models should ensure they update their devices to iOS 18.3.2 to stay protected.  Sylvain Cortes, VP Strategy, Hackuity, shared his remarks on this Apple security update. “iPhone and iPad users should update their devices now, following the release of a critical fix in iOS 18.3.2 to a significant WebKit flaw, vulnerability CVE-2025-24201, that enables attackers to break out of Web Content sandbox and Cupertino. The flaw poses a significant risk to users of older versions of the operating system, particularly those released before iOS 17.2. Keeping devices up to date with the latest software ensures protection from both known and emerging vulnerabilities”, denoted Cortes.  macOS Ventura and macOS Sonoma Receive Key Updates  For Mac users, macOS Ventura and macOS Sonoma received the Safari 18.3.1 update, which addresses the same WebKit vulnerability found in iOS. This update is equally critical for macOS users, as the flaw in WebKit could lead to the same potential security risks. Apple’s patch improves the system’s ability to detect and prevent unauthorized actions by strengthening the WebKits. As with iOS 18.3.2, macOS users are advised to install this update as soon as possible. Apple has highlighted that this issue may have been actively exploited in attacks aimed at specific high-profile targets, which highlights the importance of applying the patch promptly to avoid possible security breaches.  macOS Sequoia 15.3.2 and visionOS 2.3.2 Address Similar Issues  In addition to updates for iOS and macOS, Apple also released macOS Sequoia 15.3.2 and visionOS 2.3.2, both addressing the same vulnerability in WebKit. These updates are particularly relevant for users of Apple’s new macOS Sequoia and Apple Vision Pro devices. Apple’s visionOS 2.3.2 update for the Apple Vision Pro is notable because it extends WebKit’s security improvements to the company’s pioneering augmented reality (AR) headset. Users of the Apple Vision Pro should ensure that their device is updated to version 2.3.2 to protect their personal information and protect against potential threats exploiting this WebKit flaw.  Safari 18.3.1 Update for Web Browsing Security  For users relying on Safari for web browsing, Safari 18.3.1 addresses the same WebKit vulnerability present in the other updates. As Apple’s default browser on macOS Ventura and macOS Sonoma, Safari plays a crucial role in the security of Mac devices. By patching this security hole, Apple is ensuring that users can continue to browse the web safely without the risk of exploitation. While the CVE-2025-24201 vulnerability may seem technical in nature, the implications are far-reaching, particularly for users involved in sensitive activities or those who may be targeted by advanced persistent threats (APTs). The patch provided by Safari 18.3.1 ensures that users can continue using Safari without compromising their security.  tvOS 18.3.1: Security Update for Apple TV 4K  Finally, tvOS 18.3.1 has been released for the Apple TV 4K (3rd generation). Although this update does not have any published CVE entries, it is still an important part of Apple’s broader security update cycle. Apple TV users should install the update to ensure that their device remains secure.  Conclusion   Users of macOS Ventura, macOS Sonoma, macOS Sequoia, iOS 18.3.2, and iPadOS 18.3.2 are urged to update their devices immediately to protect against serious security vulnerabilities. Apple’s Rapid Security Responses address a critical WebKit flaw that could have been exploited in targeted attacks. To update, simply go to Settings or System Preferences, select Software Update, and install the latest versions. Keeping devices updated is crucial to preventing unauthorized access and ensuring data security.

The Indian Computer Emergency Response Team (CERT-In) has issued a vulnerability note (CIVN-2025-0043) regarding an information disclosure vulnerability in Tinxy smart devices. The vulnerability has been assigned the CVE identifier CVE-2025-2189 and has been classified with a medium severity rating. As smart home automation continues to grow in popularity, vulnerabilities in connected devices pose a significant risk to users’ security and privacy. This latest discovery highlights the importance of proper security measures in smart devices to prevent unauthorized access and data breaches. Affected Systems The vulnerability impacts several Tinxy smart devices, including: Tinxy Wi-Fi Lock Controller v1 RF Tinxy Door Lock with Wi-Fi Controller Tinxy 1 Node 10A and 16 Smart Wi-Fi Switches Tinxy 2, 4, and 6 Node Smart Wi-Fi Switches Tinxy Smart 15 Watts 3 in 1 Square Panel Ceiling Light Tinxy Smart 8 Watts 3 in 1 Round Panel Ceiling Light These devices are commonly used in home automation, allowing users to remotely control locks, lights, and switches via Wi-Fi-enabled systems. CVE-2025-2189: Overview of the Vulnerability The reported vulnerability could potentially allow an attacker with physical access to the device to retrieve sensitive information stored within it. The compromise of plaintext credentials stored in the firmware increases the risk of unauthorized access, making it a security concern for users who rely on Tinxy smart devices for automation and security. Who Should Be Concerned? The vulnerability is particularly relevant for: Homeowners and end-users who use Tinxy smart devices for home automation. IT administrators and security professionals managing Tinxy-enabled smart environments. Businesses and organizations utilizing Tinxy smart switches and locks for security and convenience. Tinxy Smart Devices: Risk and Impact Assessment CERT-In has assessed this vulnerability as medium risk, meaning that while it may not pose an immediate threat to remote users, it impacts confidentiality and could lead to unauthorized access if exploited. Key risks include: Compromise of stored credentials: Attackers could retrieve plaintext login details stored in the firmware. Unauthorized device control: A malicious actor may gain access to the smart switch or lock, leading to security breaches. Potential escalation of attacks: Gaining access to one smart device could be used as a foothold for broader attacks on a smart home network. Technical Description Tinxy smart devices are Wi-Fi-enabled automation products that provide users with remote control over home security, lighting, and appliances. The vulnerability exists because of the storage of plaintext credentials within the device firmware. An attacker with physical access to the device could exploit this issue by extracting the firmware binary, analyzing its contents, and obtaining the hardcoded credentials stored on the device. Once these credentials are retrieved, an attacker could potentially: Access the smart home network where the device is deployed. Manipulate device settings without the owner’s permission. Exploit further security weaknesses in related home automation systems. How Was the Vulnerability Discovered? This vulnerability was discovered and reported by Shravan Singh from Mumbai, India. Researchers continue to emphasize the need for strong encryption practices in IoT (Internet of Things) and smart home devices to prevent such security flaws. Mitigation and Workarounds CERT-In has recommended the following measures to mitigate the risks posed by this vulnerability: Perform a risk assessment: Evaluate the security implications of continuing to use Tinxy smart devices. Implement strict physical security measures: Ensure that unauthorized individuals do not have direct access to smart devices. Follow vendor instructions: Check for firmware updates and apply any patches or security mitigations provided by Tinxy. Consider discontinuing the use of affected devices: If a permanent fix is not available, users should look for alternative, more secure smart home solutions. Best Practices for Securing Smart Devices As IoT devices become more prevalent, users should adopt best practices to enhance their security: Regularly update firmware: Always install the latest security patches and firmware updates provided by the manufacturer. Use strong, unique passwords: Avoid using default or weak passwords for smart home devices. Enable network segmentation: Keep IoT devices on a separate network from critical systems. Disable unnecessary features: Turn off remote access or cloud synchronization if not needed. Monitor network activity: Use security monitoring tools to detect unusual behavior in connected devices. Conclusion The disclosure of CVE-2025-2189 serves as a reminder that physical security is just as important as network security. Users and administrators of Tinxy smart devices must take proactive steps to protect sensitive data, limit unauthorized access, and stay updated on vendor-recommended mitigations. By implementing recommended security measures and staying informed about vulnerabilities, users can minimize risks and ensure a safer smart home experience.

Microsoft’s Patch Tuesday March 2025 update includes fixes for six actively exploited zero-days and an additional 10 vulnerabilities at higher risk of attack. In all, the Patch Tuesday March 2025 update fixes 57 Microsoft CVEs and republishes an additional 10 non-Microsoft CVEs, including nine Chrome vulnerabilities and one from Synaptics. Here’s a breakdown of the higher-risk vulnerabilities included in the Microsoft report, plus additional updates from other vendors issuing patch Tuesday fixes. Zero Days: Patch Tuesday March 2025 The six zero-day vulnerabilities range in severity from 4.6 to 7.8 (CVSS:3.1). They include: CVE-2025-24983 is a 7.0-severity Windows Win32 Kernel Subsystem Elevation of Privilege/Use After Free vulnerability. The vulnerability, reported by Filip Jurčacko of ESET, requires an attacker to win a race condition in order to gain SYSTEM privileges. CVE-2025-24984 is a 4.6-rated Windows NTFS Information Disclosure/ Insertion of Sensitive Information into Log File vulnerability. Reported anonymously, the vulnerability requires physical access to the target computer to plug in a malicious USB drive to potentially read portions of heap memory. CVE-2025-24985 is a 7.8-severity Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability. Reported anonymously, the vulnerability requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability. CVE-2025-24991 is a 5.5-rated Windows NTFS Information Disclosure/Out-of-bounds Read vulnerability. Also requiring a local user on a vulnerable system to mount a specially crafted VHD, the vulnerability could potentially allow an attacker to read small portions of heap memory. CVE-2025-24993 is a 7.8-rated Windows NTFS RCE/Heap-based Buffer Overflow vulnerability. Reported anonymously, the vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally. CVE-2025-26633 is a 7.0-severity Microsoft Management Console Security Feature Bypass/Improper Neutralization vulnerability. Reported by Aliakbar Zahravi of Trend Micro, the vulnerability requires that a user open a specially crafted file sent by email or via a compromised website. CISA followed by adding the six Microsoft zero-days to its Known Exploited Vulnerabilities (KEV) catalog. Other High-Risk Microsoft Vulnerabilities In addition to the six zero-days under active attack, Microsoft reported that an additional 10 vulnerabilities are “more likely” to be exploited. These vulnerabilities range in severity from 4.3 to 8.1 and include: CVE-2025-21180, a Windows exFAT File System Remote Code Execution vulnerability CVE-2025-21247, a MapUrlToZone Security Feature Bypass vulnerability CVE-2025-24035, a Windows Remote Desktop Services Remote Code Execution vulnerability CVE-2025-24044, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability CVE-2025-24045, a Windows Remote Desktop Services Remote Code Execution vulnerability CVE-2025-24061, a Windows Mark of the Web Security Feature Bypass vulnerability CVE-2025-24066, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability CVE-2025-24067, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability CVE-2025-24992, a Windows NTFS Information Disclosure vulnerability CVE-2025-24995, a Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Other Vendors with Patch Tuesday Updates Other vendors releasing updates on March 2025 Patch Tuesday include: Adobe (Acrobat and Reader and InDesign) Apple Fortinet Ivanti SAP

Elon Musk’s social media platform X (formerly Twitter) faced a major outage on March 10, following what Musk claimed was a “massive cyberattack” targeting the platform’s infrastructure. The billionaire suggested the attack originated from IP addresses traced back to Ukraine, triggering a wave of speculation online. Musk made the claim during an interview with Fox News, stating the platform’s infrastructure suffered a coordinated disruption. While the exact details remained unclear at the time, he mentioned that the attackers aimed to bring down X’s systems. The platform experienced widespread service disruptions, leaving millions of users unable to access their accounts. According to Musk, the X DDoS attack appeared to be sophisticated, with multiple IP addresses linked to the Ukraine region. However, he refrained from directly accusing the Ukrainian government or any specific threat group. He believed a “large, coordinated group and/or a country” was behind the attack. “We are still investigating, but the source of the attack points to Ukraine,” Musk said in the interview. Dark Storm Team Claims Credit for X DDoS Attack The claim ignited debates in the cybersecurity and geopolitical communities. Some experts expressed caution, emphasizing that IP addresses do not always reflect the origin of an attack. Threat actors often use compromised servers in different regions to mask their true identity. A CNN report noted that the outage, which began around 6 a.m. ET, peaked when nearly 40,000 users reported issues with accessing X. The disruptions slowly subsided around 2 p.m. ET. Musk stated in a Fox interview that the platform was operational again. Meanwhile, a pro-Palestinian hacking group called Dark Storm Team allegedly claimed responsibility for the outage. Some claimed the group, known for launching Distributed Denial of Service (DDoS) attacks, targeted X due to Musk’s perceived bias in content moderation related to the Israel-Palestine conflict. However, independent digital creator Ed Krassenstein, who allegedly spoke with the leader of the Dark Storm group, tweeted that the attack was “just a demonstration of our strength,” with no political motives. Message from alleged Dark Storm leader to Ed Krassenstein. (Source: X) Krassenstein added that the DDoS operators said the IPs did not originate from Ukraine, and that Musk “must provide evidence for his claim,” as they adamantly deny this to be the case. The attackers also warned  they “can attack again. A stronger attack this time.” Dark Storm also revealed their other targets – possibly for some media attention – which include: the wallet application of private banks “SEDAD Wallet” (BMI[.]MR) and “GBM Banque” (gbm-banque[.]com), stating the banks claimed their services couldn’t be stopped, thus issuing a direct challenge to the hackers. Cybersecurity Analysts Skeptical; Ukraine Pushes Back Cybersecurity analysts are examining whether Dark Storm Team was genuinely behind the attack or if it was a smokescreen to obscure a more coordinated state-sponsored campaign. Given the geopolitical implications, the attack has sparked concerns about further escalation in the ongoing Ukraine-Russia conflict. Dark Storm Team has previously targeted entities in Israel, NATO-aligned nations, and Western companies. Their claim, made via Telegram, included screenshots and technical details, though no concrete evidence has yet been provided. This has led some experts to question whether Dark Storm was acting alone or as part of a broader coordinated effort. X was previously targeted in a DDoS attack in August last year when the tech billionaire was about to start a live streaming of an interview with the then Republican presidential candidate Donald Trump. Musk initially called the downtime a technical glitch but soon attributed the glitches to a DDoS attack. Also Read: DDoS Attack Behind Glitches in Musk-Trump Interview on X, Claims Tesla CEO Musk’s statements drew criticism from Ukrainian officials. Ukraine has reportedly dismissed the claim, stating that it had no involvement in the cyberattack. Officials said such allegations could inadvertently benefit Russia’s ongoing information warfare. The incident has renewed discussions around social media platforms’ resilience to large-scale cyberattacks. Security experts call for the need for X to strengthen its infrastructure, given its significant influence on public discourse. While investigations are ongoing, the attack showed how state and non-state actors target influential platforms to disrupt communication channels or advance geopolitical agendas. Musk said X’s security team was working around the clock to prevent further incidents.

Even though U.S. fraud complaints declined slightly in 2024, fraud victims lost a lot more money than they did in 2023. That’s one of the takeaways from the FTC’s annual fraud report released yesterday. So while fraud complaints in 2024 dipped to 2.6 million from 2023’s 2.62 million, U.S. fraud losses soared by 25% to $12.5 billion. More people lost money in 2024 too. One in three (33%) of those 2.6 million complaints involved financial loss, compared to one in four (25%) in 2023. Part of the reason for the growing fraud losses could be that AI and deepfakes have made scam tactics more convincing, as they have with phishing and spoofing attacks. Below is a deeper look at the FTC fraud report via the data found on the agency’s public Tableau page. FTC Fraud Report: ID Theft, Other Complaints Rise While fraud complaints declined slightly, identity theft complaints increased to 1.14 million in 2024 from 1.04 million in 2023. The category of “other” saw the biggest increase, from 1.91 million reports in 2023 to 2.76 million in 2024. The image below summarizes the FTC findings. 2024 FTC fraud data (source: FTC) The “other” category includes credit bureaus, banks and lenders, debt collection, auto-related, credit cards and other business and financial services. Investment Fraud Remains Most Costly – and Growing Investment-related fraud remains by far the most costly, with 79% of the 118,960 complainants reporting financial loss, with a median loss of $9,196, up from 2023’s $8,000 median loss. In all, complainants lost $5.7 billion to investment scams. In 2020, investment-related fraud totaled $424 million on 29,070 complaints, for a median loss of $1,545, so losses in that category have soared since the start of the COVID-19 pandemic. Over the 2020-2024 time period, investment-related fraud has grown from number 10 on the FTC fraud report list to number 4. After investment-related fraud, business and job-related fraud were the next most costly in 2024, with a median loss of $2,250, up $90 from 2023. Business and job-related fraud has also grown dramatically, vaulting from eight place to third since 2020, and the number of complaints have doubled during that time period. The next three most costly fraud types in 2024 were mortgage foreclosure relief and debt management; prizes, sweepstakes and lotteries; and travel, vacation and timeshare plans. Imposter scams were by far the biggest source of fraud complaints at nearly 846,000, but complainants only lost money an average of 22% of the time, and the median loss was $800, so perhaps people are getting better at recognizing fraud. Among all payment methods, people lost more money through bank transfers or payments ($2 billion), followed by cryptocurrency at $1.4 billion – not surprising, as such payments can be difficult to reverse. People reported losing money more often when they were contacted through social media, the FTC said. The report also shows that fraud can hit anyone. People aged 20-29 reported losing money more often than people 70 and above – but losses were highest when older adults lost money. Avoiding Scams as U.S. Fraud Losses Soar Growing U.S. fraud losses show that it’s more important than ever to avoid getting scammed, and AI and deepfakes will continue to make scams more convincing. To minimize your chances of getting scammed or defrauded, block unwanted calls and texts and report them as spam. And if you weren’t expecting a request for money or financial or personal information, assume it’s a scam. Trustworthy organizations likely won’t be asking for personal information or money via text, email or phone call. Don’t respond to pressure tactics or urgency, which is a common scammer tactic. And report fraud attempts to the FTC.