🚨Week 15 Debrief: Critical Windows Patch, Russian Cable Threat, UK Cyber Governance Code, North Korean Espionage and EU Security Strategy...

Microsoft's April 8, 2025 Patch Tuesday addressed at least 120 Windows vulnerabilities, including a zero-day vulnerability in the Windows Common Log File System (CLFS), identified as CVE-2025-29824, which is marked as "actively exploited". This use-after-free bug allows a local attacker to gain SYSTEM privileges. It has a CVSS severity score of 7.8/10 and requires only low-level privileges with no user interaction. Microsoft's threat intelligence team discovered the issue, and the company believes it is being exploited by professional hacking teams.

Microsoft has attributed the exploitation activity to the ransomware group Storm-2460, which used PipeMagic malware in these attacks. The targets include organizations in the information technology (IT) and real estate sectors of the United States, the financial sector in Venezuela, a Spanish software company, and the retail sector in Saudi Arabia. Notably, a patch for Windows 10 is not yet available and will be shipped at a later date.

KEY TAKEAWAYS:

Other vendors who released updates or advisories in April 2025 include:

• Apache fixed a maximum severity RCE flaw in Apache Parquet.

• Apple backported fixes for actively exploited flaws to older devices.

• Google released security updates for 62 Android vulnerabilities, including two zero-days exploited in targeted attacks.

• Ivanti released its April security updates as well as a fix earlier this month to patch a critical Connect Secure remote code execution flaw exploited by Chinese threat actors.

• Fortinet released security updates for numerous products, including a critical flaw that allows attackers to change admin passwords in FortiSwitch.

• MediaTek released security updates as part of its April 2025 security bulletin.

• Minio released security updates for an "incomplete signature validation for unsigned-trailer uploads" flaw, urging users to upgrade ASAP.

• SAP releases security updates for multiple products, including three critical flaws.

• WinRAR disclosed a flaw that prevented Mark of the Web updates from propagating to extracted files.

💻 Malware and Vulnerabilities

Malware Lurks in Fake Office Add-ins on SourceForge to spread fake Microsoft Office add-ins containing cryptocurrency-stealing malware. These malicious projects mimicked legitimate tools, tricking users into downloading them from search results. The malware included a miner and a clipper. Users should download software from verified sources and scan files.

Medical Device Cyber Risks Alarm Congress A Northeastern cybersecurity expert warned Congress that hackers could access medical equipment, potentially disabling devices or administering incorrect dosages, posing a real threat to human lives. Professor Kevin Fu, former FDA medical device security director, testified on these vulnerabilities.

📈 Breaches and Incidents

Moroccan Data Breach An Algerian hacker group, JabaRoot DZ, claimed responsibility for cyberattacks on Moroccan institutions, including the CNSS and Ministry of Employment, potentially resulting in Morocco's largest data leak. Sensitive data, such as salary information and company details, may have been compromised, despite initial denials from the Ministry. This follows a previous CNSS data security incident in 2020. The attacks are linked to tensions between Algeria and Morocco.

Dutch Ministries Hit by Data Breach Several Dutch ministries, including the Interior and Economic Affairs, have been affected by a major data breach. The impact and cause are currently unclear as investigations are underway. The government has confirmed the breach and is following official procedures, including involving the Dutch Data Protection Authority. The exact scope and measures to limit consequences will be clearer in the coming days.

Oracle Notifies on Data Exposure, Denies Breach Oracle has begun notifying customers about a data exposure affecting a legacy system, with millions of records offered on the dark web. Despite the leak of sensitive data like encrypted credentials, Oracle claims it's "not a breach". The incident involves data as recent as 2024, contradicting Oracle's claim that the affected system was decommissioned in 2017.

OCC Email System Breach Exposed Hackers breached the Treasury's OCC email system in June 2023, accessing over 150,000 emails including sensitive data on financial institutions. The attackers compromised an administrator's account. Congress was notified of this "major information security incident" in April 2025.

Vendor Attack Compromises DBS and Bank of China Singapore Customer Data A ransomware attack on printing vendor Toppan Next Tech led to the potential compromise of data from over 11,000 DBS and Bank of China Singapore customers. The exposed information includes names and addresses from customer statements but no login or financial details. Both banks are contacting affected customers and enhancing account monitoring.

🚨 Threat Intel & Info Sharing

Subsea Cable Threat Sparks Internet Blackout Fears Telecom companies warn of a rise in suspected Russian attacks on subsea cables, risking global internet and power infrastructure. Over 500 cables carry 95% of international data. Nato has been warned of potential blackouts, and the UK is monitoring Russian activity. Enhanced security measures are urged.

Crypto Scam Funds Recovered U.S. authorities seized over $8.2 million in USDT cryptocurrency linked to "romance baiting" scams. Victims were manipulated into investing in fraudulent platforms. The funds were frozen and reissued, potentially allowing for restitution to those affected by this financial fraud.

Russia Steps Up VPN Blocking Russia is actively intensifying its blocking of VPN services to restrict access to prohibited online content. Hundreds of VPNs have been blocked since 2024, with efforts increasing since August 2023. Authorities identify VPNs by technical parameters like IP addresses. The goal is to limit access to unwanted information.

North Korean IT Infiltration Uncovered Thousands of North Korean IT workers are using fake identities to get hired by Fortune 500 companies, generating hundreds of millions annually for Kim Jong Un's regime. They use AI to enhance their schemes and even employ Americans to bypass security. Companies are urged to strengthen identity checks.

Copilot Gets Visual on Windows Microsoft is testing Copilot Vision, allowing its AI assistant to "see" your screen and apps to offer guidance and analyze content, even within programs like Photoshop. File search within Copilot is also being tested. These features are currently being tested with US Windows Insiders, with a broader release for Windows 11 users expected in the coming weeks or months.

CISA Braces for Deep Cuts The US cybersecurity agency, CISA, faces potential staff cuts of nearly 40%, prompting worries from experts about weakened threat intelligence sharing with the private sector and undermining national security. Actions by Homeland Security Secretary Noem and the Trump administration are cited as reasons for the cuts.

Australia Busts $35M Crypto Scam Network Australia's financial regulator shut down 95 companies linked to crypto "pig butchering" and romance scams. These fraudulent operations amassed over $35 million in losses from nearly 1,500 victims across 14 countries. The scams used fake businesses to lure investors. The scammers established 95 companies using false details and fake registrations, posing as legitimate crypto businesses. These entities operated under the pretense of offering legitimate services.

⚖️ Laws, Policies and Regulations

Trump ordered a criminal investigation into alleged CISA censorship under former head Chris Krebs and is revoking security clearances for Krebs and some at SentinelOne. This follows Krebs' confirmation of the 2020 election results and accusations of using CISA for a "partisan mission" by censoring "disfavored speech" on COVID-19 and Hunter Biden's laptop. A review of CISA's activities is also directed. These actions are considered "unprecedented and punitive," especially for SentinelOne.

Strengthen Your Cyber Resilience: New Government Guidance The UK government has launched the Cyber Governance Code of Practice, providing boards and directors with guidance on managing digital risks and protecting against cyber attacks. This free resource helps senior leaders govern cyber risks effectively. It's part of a wider package including training and a toolkit.

Apple "Backdoor" Case Goes Public After UK Loses Secrecy Bid The UK Home Office failed to keep details of Apple's appeal against a "backdoor order" secret. The Investigatory Powers Tribunal rejected the government's national security argument, allowing the case to proceed publicly, a win for open justice advocates.

⚖️ Cybersecurity Start Ups and VCs

AI cybersecurity company Adaptive Security announced a $43 million funding round.

Headline: £50M Boost for UK Cyber Startups The UK government is backing a new £50m fund to support early-stage cybersecurity startups. Managed by Osney Capital, the fund aims to invest in 30 companies to fuel growth in the UK's burgeoning cyber sector, which saw significant revenue and job increases last year. This investment underscores the national importance of cybersecurity.

📊 Trends, Reports, Analysis

UK Cyber Breaches Decline but Phishing Remains Top Threat The 2025 Cyber Security Breaches Survey reveals a decline in overall cyber breaches for UK businesses, down to 43% from 50% in 2024. However, phishing attacks remain the most prevalent, affecting 85% of businesses experiencing breaches. Small businesses showed improved cyber hygiene, while high-income charities saw declines in some risk management areas.

📅 Upcoming Events

🚀 Join us for an exclusive virtual event in April, where AI and cybersecurity experts will discuss how AI and Machine Learning are revolutionizing cyber defense. This session will feature expert panel discussions exploring AI-driven threat detection, automated response strategies, and the future of intelligent security.

This is a limited virtual event tailored for CISOs and executives. It is free to join so register today Form

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.