🚨 Week 5 Debrief: Europol Takedowns Underground Economy, DeepSeek Data Leaks, Cyber Threat to UK Severe Report, Turkiye Intelligences Cyber Espionage, and more..

Join our bespoke Whatsapp Group to expand your professional network, gain insights, and support each other in tackling today’s cybersecurity challenges https://shorturl.at/971us

💻 Malware and Vulnerabilities

• Google Play Store Security Update: In 2024, Google blocked 2.36 million risky Android apps from the Play Store and banned 158,000 developer accounts for attempting to publish harmful apps. Google also prevented 1.3 million apps from gaining excessive permissions and scanned over 200 billion apps daily with Play Protect, identifying 13 million new malware apps from outside the Play Store.

• Hackers Exploit WordPress Sites to Spread Malware: Hackers are exploiting outdated WordPress sites and plugins to trick visitors into downloading malware that can steal passwords and personal information from both Windows and Mac users. The malware, known as Amos for macOS and SocGholish for Windows, is distributed via fake browser update pages on compromised websites.

• AI Platform Vulnerability Could Have Allowed Complete System Takeover

  Summary: A flaw in the Lightning.AI platform, a popular tool for developing AI systems, would have given attackers root access and the ability to control a user's cloud studio and connected systems. The vulnerability, which has since been patched, could have allowed attackers to steal sensitive data, modify files, and potentially move laterally to other connected systems.

📈 Breaches and Incidents

• DeepSeek Data Exposure: A publicly accessible database belonging to the AI startup DeepSeek was discovered to have exposed over a million lines of log streams, including chat history and API keys. This database exposure allowed for full database control and potential privilege escalation, highlighting the risks associated with the rapid adoption of AI without proper security measures.

• MGM Data Breach Settlement: A $45 million settlement has been preliminarily approved in a class action against MGM Resorts International, following data breaches in 2019 and 2023 that exposed the personal information of millions of customers. The settlement includes cash payments for affected individuals and identity theft protection.

• Crypto Project DogWifTools Hit by Scam: The crypto project DogWifTools, which provides a token bundling tool used to hide the fact that a single entity controls most of a new token's supply, has reportedly been targeted by a third-party attack, resulting in the loss of over $10 million. Some blockchain investigators, however, suspect this was an exit scam by the DogWifTools team, who may have made between $10 and $20 million.

• Ransomware Attack Hits Indian Tech Giant Tata Technologies: Tata Technologies, a major Indian tech firm, suspended some of its IT services after a ransomware attack, though client delivery services remained operational. The company is investigating the incident with cybersecurity experts, but no ransomware group has claimed responsibility and it's unclear if any data was stolen.

🚨 Threat Intel & Info Sharing

• Cybercrime Forums Takedown: Law enforcement has taken down the two largest cybercrime forums in the world. This action represents a significant blow to the cybercriminal underground and its ability to operate. Throughout the course of the action day, 12 domains within the platforms Cracked and Nulled were seized. Other associated services were also taken down; including a financial processor named Sellix which was used by Cracked, and a hosting service called StarkRDP, which was promoted on both of the platforms and run by the same suspects.

• Turkish Cyber Espionage Operation: Turkish intelligence has arrested five individuals for developing and managing software that unlawfully accessed citizens' personal data. The software, falsely marketed to lawyers as integrated with the National Judiciary Informatics System, enabled the illegal access.

• Google's Gemini AI Abused by Hackers: Multiple state-sponsored groups are using Google's Gemini AI to enhance their productivity and conduct research for potential cyberattacks, focusing on tasks such as coding, vulnerability research, and reconnaissance. While these groups, particularly from Iran and China, are not using Gemini for novel AI-enabled attacks, they are leveraging it to discover security gaps, evade detection, and plan post-compromise activities.

• State Privacy Laws Receive Failing Grades, But Some States Push for Stronger Protections. A recent report reveals that many state consumer privacy laws are ineffective, with eight out of nineteen states receiving failing grades due to industry influence and weak protections. However, some states are beginning to push for stronger, more comprehensive privacy legislation that limits data collection, bans the sale of sensitive data, and restricts targeted advertising.

⚖️ Laws, Policies and Regulations

• DeepSeek AI Platform Blocked in Italy. Italy's data protection authority, Garante, has blocked the DeepSeek AI platform due to concerns about data collection, sources, and storage, deeming the company's response to their inquiries insufficient. This action follows a similar ban on ChatGPT in early 2023 and highlights the ongoing scrutiny of AI data practices by European regulators.

• UK Government Cyber Insecurity new report reveals that the UK government's cyber defenses are not keeping pace with the rapidly evolving cyber threat, with significant gaps in cyber resilience found in 58 critical IT systems and a lack of knowledge about the vulnerability of at least 228 legacy systems. One in three cyber security roles in government are vacant or filled by temporary staff, and financial pressures have led to reduced work on building cyber resilience, leaving the government vulnerable to attacks.

• Thailand's New Online Scam Decree. The Thai Cabinet has approved a draft decree that will require banks, telecom operators, and social media platforms to co-pay victims of online scams. This measure is intended to combat the growing number of online scams and call-center gangs by granting more authority to take action against P2P platforms, obligating telecom providers to suspend SIM cards associated with criminal activity, and holding financial institutions, mobile networks, and social media platforms accountable for damages caused.

⚖️ Cybersecurity Start Ups and VCs

• Chainalysis Acquires AI-Powered Fraud Detection Firm: Blockchain analysis firm Chainalysis announced on January 13 that it had acquired AI-powered fraud detection specialist, Alterya. The move is part of Chainalysis’ ambition to become a leader in the prevention and investigation of illicit cryptocurrency transactions. The announcement follows the firm’s acquisition of web3 security solution Hexagate in December 2024.

• CYE Acquires Cloud Security Company Solvo: CYE announced the acquisition of Solvo on January 29, as the firm looks to boost its ability to help customers remediate security gaps across multi-cloud environments. Solvo’s solution will complement CYE’s Hyver platform by providing deep visibility into cloud assets of customers and by addressing configurations. CYE hopes the move will allow it to broaden its market reach.

📊 Trends, Reports, Analysis

• North Korean Hackers Target Global Developers in Sophisticated Data Exfiltration Campaign: A cyberattack campaign dubbed "Phantom Circuit," attributed to the North Korean Lazarus Group, embedded malware in trusted development tools to compromise over 1,500 systems worldwide, targeting cryptocurrency and technology developers. The attackers used a complex infrastructure of VPNs, proxies, and command-and-control servers to steal sensitive data and maintain persistent access.

📅 Upcoming Events

In today’s ever-evolving cybersecurity landscape, protecting your supply chain and ensuring the resilience of your third-party ecosystem is more critical than ever. Join industry leaders and experts in this virtual event as we explore strategies to safeguard your partnerships, mitigate risks, and build a future-proof network.

This is a limited virtual event tailored for CISOs and executives. It is free to join so register today Form

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our Discord Community or our LinkedIn Group.