February 1, 2025

(Select here for a video version of my opening commentary)

Hello all,

Unless your system administrators programmed your web and email filters to block it, the news of the week has been DeepSeek AI, the gains and pitfalls of this seeming revolutionary model, and what it means for governments, the AI industry, security practitioners, and everyone else. The full RedDotSecurity.news post contains a very large number of links to articles that discuss the gamut of questions and findings around this Chinese cyber-bombshell.

Undaunted, or perhaps because of the intense focus on AI, threat actors from nation states, script-kiddies, and cartels of cyber criminals have continued their evil work of stealing, encrypting, and extorting with no sign of slowing. Thankfully there is some good news with the United States, along with authorities from Australia, France, Germany, Greece, Italy, Romania, Spain, and the Netherlands having taken down several major cybercrime marketplaces. Score for the good guys!

Headline NEWS:

• Apple released patches from an actively exploited vulnerability, along with a number of other fixes. If you use iFruit, heed Apple’s advice and update quickly.
• Backdoor sends patient data to China. Epsimed MN-120 patient monitors, which are re-labeled Contec CMS8000 devices, have both been found to have a hard-coded back door that enables remote device takeover, and that they send patient data to a server in China. CISA has analyzed the functionality and has concluded that it can only be a back door, and not some hitherto unknown update mechanism.
• Google Chrome needs to be updated to patch two more defects in the VP8 JavaScript engine.
• Oracle has released a massive amount of updates, as mentioned last week. If you use their WebLogic Server, you should prioritize that update as the current defect could allow for Remote Code Execution (RCE).
• VMware Avi Load Balancer has a high-severity SQL injection vulnerability. Broadcom has made an update available to address this flaw.
• Zyxel has a zero-day vulnerability under active attack. Researchers, GreyNoise, published their findings about it when Zxyel failed to respond to them or to issue a patch. If you use Zyxel, turn off Telnet and any other unused service and if your device is End-of-Life, replace it.

In Ransomware, Malware, and Vulnerabilities News:

• DeepSeek, the Chinese stunned the world last week with their AI model that seemingly performs as well as OpenAI’s O3 and was developed for significantly less money. As the week went on new details have emerged that have thrown major shade on how this was accomplished, the security of any data it receives, and of guardrails against malicious activity. The model itself can be used offline and fully disconnected, working very well. However, potential users need to practice safe computing and understand that if you use DeepSeek’s website, or phone apps, anything and everything that is shared with DeepSeek goes straight to China. Countries worldwide are scrambling to determine how to ensure the safety of their data, privacy of their citizens, and also at the same time, how not dismiss a potential revolution in how AI computes.

In Other News Events of Note and Interest:

• Facebook blocked posts that mentioned Linux In a truly hilarious twist of someone doing a job they are not qualified to perform, Facebook declared that any post that mentioned Linux was related to malware and hacking. Unfortunately for Distro watch, a very popular forum for discussing Linux and its variants, it found itself the subject of the Facebook police. After being locked out of their account for several days, it would appear that Meta has relented and has stated, “This enforcement was in error and has since been addressed. Discussions of Linux are allowed on our services”. That’s good to know, since Meta itself runs on Linux servers.

Musings:

I love being part of the technology industry. I’ve been blessed to live in an age where people from all walks of life, size, shape, nation, color, gender, and ability are benefiting from technological advances that augment nearly every aspect of life. From shopping, farming, travel, leisure, entertainment, employment, nearly everything, is being massively impacted by a dramatic upswell of enablement and lifestyle gains. If you can’t tell, I love to geek out with the best of them. However, please don’t forget to unplug at times. Technology can do unbelievable, seemingly magical things, but it cannot heal as well as an hour in nature, listening to birds sing, smelling fresh cut grass, watching and listening to waves lapping onto a shore, seeing snowflakes gently descend, and gazing at the ever-changing shapes of clouds overhead. Turn off, tune out, and commune with nature, you’ll be glad you did.

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

• Apple Patches Actively Exploited Zero-Day Vuln
• Backdoor found in two healthcare patient monitors, linked to IP in China
• Chrome Security Update – Memory Corruption & Access Vulnerabilities Patched
• Vulnerability in Oracle WebLogic Server Could Lead to Remote Code Execution
• Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
• TeamViewer Windows App Let Attackers Escalate Privileges to System User
• New Zyxel Zero-Day Under Attack, No Patch Available 

Ransomware, Malware, and Vulnerabilities News

• FBI seizes Cracked.io, Nulled.to hacking forums in Operation Talent
• Police dismantles HeartSender cybercrime marketplace network
• US Justice Department says cybercrime forum allegedly affected 17 million Americans
• CISA warns of critical, high-risk flaws in ICS products from four vendors
• IRS Warns of New ‘Smishing’ Scam Targeting American Taxpayers
• House Bill Seeks Stronger Ransomware Defenses For Financial Sector
• AI and the future of national security – Google Blog
• Alibaba releases AI model it says surpasses DeepSeek
• DeepSeek Dropped Another Open-Source AI Model, Janus Pro
• DeepSeek hit with large-scale cyberattack, says it’s limiting registrations
• DeepSeek cyberattack caused by US hackers, Chinese media claims
• DeepSeek’s Popular AI App Is Explicitly Sending US Data to China
• Pentagon scrambles to block DeepSeek after employees connect to Chinese servers
• The International DeepSeek Crackdown Is Underway
• DeepSeek’s AI breakthrough bypasses industry-standard CUDA, uses Nvidia’s assembly-like PTX programming instead
• DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot
• Exposed DeepSeek Database Revealed Chat Prompts and Internal Data
• Recent Jailbreaks Demonstrate Emerging Threat to DeepSeek
• Prompt Injection Tricks AI Into Downloading And Executing Malware
• Hackers use GenAI to attack more frequently and effectively
• One rebel’s malicious ‘tar pit’ trap is driving AI web-scrapers insane
• New Jailbreaks Allow Users to Manipulate GitHub Copilot
• China targeting U.S. service members on social media in “virtual espionage” spy efforts
• Clone2Leak attacks exploit Git flaws to steal credentials
• From Google, H1 2025 Threat Horizons Report – link to a PDF file
• Gmail Security Warning For 2.5 Billion Users
• FortiOS Auth Bypass Vulnerability Exploited to Gain Super-Admin Access
• SonicWall Confirms Exploitation of New SMA Zero-Day
• Critical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code Execution
• Laravel admin package Voyager vulnerable to one-click RCE flaw
• Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits
• PoC Exploit Released for TP-Link Router Web Interface XSS Vulnerability
• New Syncjacking attack hijacks devices using Chrome extensions
• Hackers Exploit RDP Protocol To Gain Windows Access To Control Browser Remotely
• Cisco’s Webex Chat Vulnerabilities Let Attackers Access Organizations Chat Histories
• New Aquabotv3 botnet malware targets Mitel command injection flaw
• Azure Key Vault Vulnerabilities Could Leak Sensitive Data After Entra ID Breach
• OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking
• Industry coalition presses DOGE to act on digital identity
• Meta quietly fixed a WhatsApp bug that let users see view-once media indefinitely
• North Korean IT Workers Holding Data Hostage for Extortion, FBI Warns
• North Korean hackers impersonated recruiters to steal credentials from over 1,500 developer systems
• Only 13% of organizations fully recover data after a ransomware attack
• Cloud Ransomware Developments | The Risks of Customer-Managed Keys
• Costa Rica refinery cyberattack was first deployment for new US response program
• Ransomware gang uses SSH tunnels for stealthy VMware ESXi access
• New ransomware group Funksec is quickly gaining traction
• Inside FunkSec: An Exclusive Interview with a Ransomware Architect
• Lazarus Group Uses React-Based Admin Panel to Control Global Cyber Attacks
• Lynx ransomware infiltration reveals affiliate panel details
• Ohio county IT director resigns after $1.5 million ransomware payment
• Don’t count on ransomware insurance to save you
• Tata Technologies says ransomware attack hit IT assets, investigation ongoing
• Mizuno USA says hackers stayed in its network for two months
• INC Ransom takes responsibility for Stark Aerospace compromise
• ENGlobal reports details of systems outage due to ransomware attack
• ENGlobal says hackers accessed ‘sensitive personal’ data during cyberattack
• Engineering giant Smiths Group says hackers accessed its systems during cyberattack
• Syracuse Police Dept. computer network suffers ‘security incident’
• Ransomware attack disrupts New York blood donation giant
• Engineering giant Smiths Group discloses security breach
• CenterPoint Energy confirms customer data breach
• Insurance firm Globe Life to warn 850,000 of potential data theft following extortion attempt
• PowerSchool starts notifying victims of massive data breach
• BeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API Key
• Outsmart hackers who are out to steal your identity
• WhatsApp says spyware company Paragon Solutions targeted journalists
• MintsLoader Delivers StealC Malware and BOINC in Targeted Cyber Attacks
• WantToCry Ransomware Exploits SMB Vulnerabilities to Remotely Encrypts NAS Drives
• PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks
• USPS Impersonators Tap Trust in PDFs in Smishing Attacks
• US Blocks Open Source ‘Help’ From These Countries
• Microsoft OneDrive for Business allegedly keeps OCR’ed data in an unprotected format
• VMware plugs steal-my-credentials holes in Cloud Foundation
• Hackers Exploit Outdated Electricity Controller Using Flipper Zero to Disconnect Power Supply
• Hackers Use 10,000 WordPress Sites To Deliver Malware To macOS and Microsoft Systems 

Other News Events of Note and Interest

• Cool Tool: PowerToys 0.88 adds a new tool and removes one
• Apple turns its AI on by default in latest software update
• IBM and Palo Alto Networks Warn of Rising Security Costs
• Viasat to Take on Cellular Starlink With New Satellite Constellation
• Comcast unveils ultra-low lag Internet connection
• Tenable buys rival Vulcan for $150M to enhance its vulnerability remediation platform
• DOJ Sues to Stop HPE’s $14B Deal to Buy Juniper Networks
• Trump says Microsoft in talks to buy TikTok
• Nvidia stock suffers record wipeout on DeepSeek fears
• Nvidia says DeepSeek advances prove need for more of its chips
• Chinese algorithm boosts Nvidia GPU performance 800-fold in science computing
• “Everything that moves will be robotic”: Nvidia CEO Jensen Huang says robots and self-driving cars are just around the corner
• What is Jevons paradox? The reason Satya Nadella says DeepSeek’s new AI is good news for tech
• Jack Dorsey is back with Goose, a new, ultra simple open source AI agent building platform
• US Copyright Office says AI generated content can be copyrighted
• Forget OpenAI Operator — here’s an open source AI agent system that works brilliantly for free
• Bitwarden Requires Mandatory Email Verification For Non-2FA Accounts
• The Passkey Future Is Here, But Some Companies Still Make It Too Complicated
• NordVPN launches new “revolutionary” censorship-resistant VPN protocol
• Garmin GPS watches crashing, stuck in triangle ‘reboot loop’
• Let’s Encrypt – Ending Support for Expiration Notification Emails
• Facebook blocked posts that mention Linux related topics – video by John Hammond
• Facebook admits that the Linux topic crackdown was ‘in error’ and has been fixed
• Report: 88% of companies are contemplating leaving Oracle Java
• Only 1 in 10 Oracle Java users want to stay with Big Red
• Microsoft rolls out DeepSeek’s AI model on Azure
• Inside Microsoft’s quick embrace of DeepSeek
• ChatGPT’s advanced AI costs $200/mo. Now it’s free for Windows users
• Microsoft improves text contrast for all Windows Chromium browsers
• Windows 11 24H2 patch breaks audio, Bluetooth, webcams, and more
• Windows 11 KB5050094 update fixes bugs causing audio issues
• Optional Windows 11 update fixes USB audio bugs, among others
• Microsoft’s latest optional patch is a bug-fix bonanza for Windows 11 24H2
• Windows 10 KB5050081 auto installs new Outlook web, direct download .msu with DAC fix
• Microsoft: January Windows security updates break audio playback
• Microsoft confirms Outlook crashes when emailing, replying or forwarding, issues workaround
• Microsoft Teams phishing attack alerts coming to everyone next month
• Stand up to scareware with scareware blocker, now available in preview in Microsoft Edge
• Microsoft just killed the ability to look up words and phrases in Word
• Microsoft is killing its “free” Microsoft 365 VPN feature
• Microsoft is bringing your iPhone to the Windows 11 Start menu
• New Intel-powered Surface Pro and Surface Laptop are official