🚨 Week 2 Debrief: AI Phishing: Are You Next? Cyber Insurers Brace for Impac, AI Turning Malicious, Microsoft AI Disruption and US Plans for Drone Supply Chain Protection and more..

This week's update covers significant developments in cyber threats, AI, and data security. Key trends include the growing sophistication of AI-driven attacks, increasing cyber insurance, and persistent state-sponsored hacking. These issues necessitate strong cybersecurity practices and constant vigilance.

Key News and Events:

• AI Phishing: AI-automated spear phishing attacks are as effective as human experts, achieving a 54% click-through rate.

• Cyber Insurance: 89% of executives plan to expand cyber insurance due to rising technological risks.

• Microsoft AI Disruption: Microsoft took action against cybercriminals bypassing AI safety measures to generate harmful content.

• Drone Security: The U.S. Department of Commerce is seeking public comment on securing the drone technology supply chain.

• Government Cyberattacks: Chinese hackers targeted the Philippine President's office and U.S. Treasury Department, though the Philippine government claims no sensitive data was stolen.

• Vulnerability Disclosures: Ivanti has released updates to address critical and high vulnerabilities in Ivanti Connect Secure, Policy Secure and ZTA Gateways. Cisco also released security advisories for product vulnerabilities.

• Data Breaches: Location data company Gravy Analytics and education software provider PowerSchool reported significant data breaches.

• Cybercrime Financing: The U.S. Justice Department indicted Russian nationals for operating crypto mixers used to launder money from cybercrimes.

Join our bespoke Whatsapp Group to expand your professional network, gain insights, and support each other in tackling today’s cybersecurity challenges https://shorturl.at/971us

💻 Malware and Vulnerabilities

• Ivanti Releases Patch for Critical and High Vulnerabilities Affecting Connect Secure, Policy Secure, and ZTA Gateways: Ivanti has released a patch to address a critical vulnerability (CVE-2025-0282) that could lead to unauthenticated remote code execution and a high vulnerability (CVE-2025-0283) that could allow a local authenticated attacker to escalate privileges. The company is aware of a limited number of customers' Connect Secure appliances being exploited by the critical vulnerability and advises all customers to monitor their internal and external Integrity Checker Tool.

• Android Security Bulletin Addresses Critical Remote Code Execution Vulnerability: The January 2025 Android Security Bulletin details a critical vulnerability in the System component that could lead to remote code execution without requiring additional privileges. The bulletin also includes information about other high severity vulnerabilities across Framework and Media Framework components, with security patch levels of 2025-01-01 or later addressing these issues.

• Cisco Issues Security Advisories for Product Vulnerabilities: Cisco has released security advisories for product vulnerabilities, detailing affected versions, publication IDs, and workarounds, with information about the impact of the vulnerabilities and how to mitigate them available on their security advisory page. These vulnerabilities affect Cisco products, and the advisories include at least one CVE (Common Vulnerabilities and Exposures) for each listed security issue.

📈 Breaches and Incidents

• PowerSchool Sued Over December Data Breach Exposing Student and Teacher Information: PowerSchool is facing three federal lawsuits alleging that the education software provider negligently failed to protect the personal information of students, parents, and teachers, which was exposed in a December data breach. The exposed information includes names, addresses, Social Security numbers, contact information, medical and financial information, student grades, bus-stop information, and employment information.

• PowerSchool Faces Lawsuits Over Negligent Data Security Following December Breach: PowerSchool is being sued in three separate federal lawsuits for allegedly failing to adequately protect sensitive personal information of students, parents, and teachers in a December data breach, which included names, addresses, Social Security numbers, and medical and financial data. The lawsuits claim that PowerSchool breached its duties under common law, contract law, industry standards, and the Federal Trade Commission Act.

• Chinese Hackers Breach Philippine President's Office, Government Downplays Data Loss: Chinese state-sponsored hackers, APT41, breached the Office of the President of the Philippines, stealing data including military documents, but the Philippine government claims no sensitive information was compromised. The attacks were detected early, and the government says they were able to secure their databases.

• Apple Settles Siri Privacy Lawsuit for $95 Million: User Payouts and Data Deletion Offered: Apple has agreed to pay $95 million to settle a class-action lawsuit regarding claims that its voice assistant, Siri, recorded private conversations without user consent, with affected customers eligible for up to $20 per device; as part of the settlement, Apple will also permanently delete these private phone call recordings. The settlement follows claims that Siri was sometimes activated without the "Hey, Siri" trigger, potentially recording sensitive conversations, and includes devices purchased between September 17, 2014, and December 31, 2024. The lawsuit alleged that these recordings were shared with third parties and used for targeted advertising, although Apple denies this. Google is also facing a similar lawsuit regarding its voice assistant in the same district.

🚨 Threat Intel & Info Sharing

• Hackers Claim Massive Breach of Location Data Giant Gravy Analytics, Threaten to Leak Data: Hackers claim to have compromised Gravy Analytics, a location data company that has sold smartphone location data to the U.S. government, and are threatening to release the stolen data, which includes customer lists and precise movement information, publicly. This breach highlights the risks of collecting bulk location data and the potential for its misuse, raising serious concerns about deanonymization and tracking, according to a senior threat analyst.

• Former IBM Executive Joins Chinese State-Owned AI Firm as CTO: A former IBM China executive, Xie Dong, has been appointed as the chief technology officer (CTO) at Beijing Electronic Digital and Intelligence (BEDI), a state-owned AI company, as foreign firms scale back operations in China. Xie's focus will be on optimizing AI models’ predictive capabilities and ensuring cost-effectiveness, with BEDI playing an important role in Beijing's computing infrastructure.

• Russian Nationals Indicted for Operating Crypto Mixers That Masked Cybercrime Fund: Three Russian nationals have been indicted for allegedly managing Blender.io and Sinbad.io, cryptocurrency mixing services used to mask the source of funds derived from ransomware attacks and other cybercrimes. The DOJ states these services were utilized by criminals, including state-sponsored hacking groups, to launder their ill-gotten gains.

• ICAO Confirms Data Breach Affecting Recruitment Applications: The International Civil Aviation Organization (ICAO) has confirmed a data breach involving approximately 11,929 individuals' recruitment application data from April 2016 to July 2024, which includes names, email addresses, dates of birth, and employment history. The ICAO is now reaching out to affected individuals and has implemented additional security measures, noting that the breach was limited to the recruitment database and did not affect aviation safety or security systems.

• Chinese Hackers Infiltrate U.S. Infrastructure and Telecom Networks, Posing National Security Threat: Chinese hacking groups, known as Volt Typhoon and Salt Typhoon, have gained access to critical U.S. infrastructure, including ports and utilities, and telecom networks, compromising user data and potentially disrupting operations. These cyber operations are seen as a means for China to position itself for potential conflict with the U.S., including a possible invasion of Taiwan, by gathering intelligence and creating vulnerabilities that could impede U.S. response capabilities.

• Microsoft Disrupts Hacking-as-a-Service Scheme Bypassing AI Safety Measures: Microsoft is taking legal action against a group of cybercriminals who used stolen credentials and custom software to bypass AI safety protocols and generate harmful content, with a court order allowing for the seizure of their internet infrastructure. The defendants used stolen API keys to access Microsoft’s Azure OpenAI service to generate thousands of images that violated content restrictions.

⚖️ Laws, Policies and Regulations

• Ministry of Defence Calls for Enhanced Cyber Resilience in Defence Supply Chain: The Ministry of Defence (MOD) is urging defense industry CEOs and leads to improve cyber security measures, highlighting the need for robust and continuous enhancement due to recent supply chain incidents. The MOD is asking organizations to review their performance against the NCSC’s Cyber Assessment Framework, adopt Active Cyber Defence (ACD) tools, and implement the new Cyber Security Standard for Suppliers.

• Biden Administration Rushes to Finalize Cybersecurity Executive Order After Treasury Hack: The Biden administration is working to issue an executive order to strengthen U.S. cybersecurity, which includes measures for strong identity authentication and encryption, following a recent breach at the Treasury Department attributed to Chinese state-sponsored hackers. The draft order also aims to establish guidelines for securing cryptographic keys used by cloud contractors and improve the basic cybersecurity practices of software providers for the federal government.

• BIS Issues ANPRM to Secure Unmanned Aircraft Systems Supply Chain: The Bureau of Industry and Security (BIS) has issued an advance notice of proposed rulemaking (ANPRM) to gather public comment on securing the drone technology supply chain, citing potential risks from foreign adversaries. The ANPRM seeks feedback on defining UAS components, assessing risks, and evaluating the economic impact of potential regulations.

• Treasury Secretary Yellen Meets with Chinese Vice Premier to Discuss Economic Issues: Treasury Secretary Janet L. Yellen met virtually with Chinese Vice Premier He Lifeng to discuss macroeconomic developments and issues of concern, such as China's non-market policies and industrial overcapacity. Both sides acknowledged the importance of communication and contact.

⚖️ Cybersecurity Start Ups and VCs

• CyberUpgrade, a Lithuanian cybersecurity startup enhancing digital resilience across Europe and the USA gets €2.5 million seed funding.

• Darktrace, a global leader in AI for cybersecurity, announced the proposed acquisition of Cado Security (Cado), a UK-based cyber investigation and response solution provider for the hybrid and multi-cloud world.

📊 Trends, Reports, Analysis

• AI Spear Phishing Attacks Match Human Experts in Success Rate: A recent study shows that AI-automated spear phishing attacks are as effective as those crafted by human experts, achieving a 54% click-through rate, significantly higher than the 12% rate for generic phishing emails. These AI attacks utilize custom tools to gather information and create personalized vulnerability profiles for each target, with an 88% accuracy rate in the information gathered.

• Executives Plan to Expand Cyber Insurance Amid Rising Technological Risks: A recent report by Chubb indicates that 89% of executives plan to expand cyber insurance coverage due to cybersecurity and technological disruptions being identified as top threats to business growth. The survey also reveals that 74% of executives at large companies consider cybersecurity as the top growth risk, with 40% noting cyber breaches and data leaks as the most disruptive and financially burdensome man-made threats.

📅 Upcoming Events

From Risk to Resilience: CISOs Guide to Boardroom Impact: This exclusive series is designed to bring together Saudi Arabia’s leading Chief Information Security Officers (CISOs) to address the unique challenges, opportunities, and advancements in cybersecurity within the Kingdom. It is free to join so register today Form

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our Discord Community or our LinkedIn Group.