🚨 Week 6 Debrief: UK Demands Apple Backdoor; Lazarus LinkedIn Scam, UAE Cyber Arrest, WhatsApp Spyware, DeepSeek Bans, AI & Crypto Gulf Funding and more

💻 Malware and Vulnerabilities

Google Chrome Desktop Stable Channel Updated on February 4, 2025: A stable channel update for the Google Chrome desktop was released on February 4, 2025. This update includes 12 security fixes.

Cisco Security Advisories Highlight Vulnerabilities in Cisco Products: Cisco publishes 9 security advisories regarding vulnerabilities in their products, providing information on the impact of the vulnerability, the affected Cisco products, and any available workarounds. 1 classified as Critical, 2 are High and 6 are Medium impact.

DeepSeek AI Models Face Government Bans Amidst Espionage Concerns: The Chinese AI company is facing bans in Italy and Australia due to concerns about potential espionage and the Chinese government's influence, as outlined in its National Intelligence Law. While DeepSeek models are censored to comply with Chinese law and have shown vulnerabilities in security testing, the company has released open-source versions that can be deployed locally, and detailed technical papers describing its training processes.

WhatsApp Disrupts Paragon Spyware Campaign Targeting Journalists and Civil Society: WhatsApp has disrupted a hacking campaign linked to Paragon, an Israeli spyware maker, that targeted approximately 90 users, including journalists and members of civil society, in over two dozen countries, using malicious PDFs sent via WhatsApp groups. This is the first time that Paragon has been publicly linked to a hacking campaign that allegedly targeted journalists and members of civil society, despite having a contract with the U.S. Immigration and Customs Enforcement.

📈 Breaches and Incidents

OneDrive/SharePoint Bulk Downloads Signal Potential Data Exfiltration: Large downloads of files from OneDrive or SharePoint, indicated by a high number of unique files downloaded or large ZIP archive sizes, can signal potential by threat actors or insiders. The user agent "OneDriveMpc-Transform_Zip/1.0" and the creation of a ZIP archive in a user's Downloads folder named "OneDrive_yyyy_MM_dd.zip" are key indicators for investigation.

Kazakhstan to Audit Foreign Ministry After Suspected Russia-Linked Cyberattack The hacker group behind this operation — tracked as UAC-0063 — is potentially linked to the Russian state-sponsored threat actor APT28, also known as Fancy Bear or BlueDelta.

Solana Pump.fun Tool DogWifTool Compromised to Drain Crypto Wallets Hackers have compromised the Windows version of the DogWifTools software for promoting meme coins on the Solana blockchain in a supply-chain attack that drained users' wallets.

🚨 Threat Intel & Info Sharing

NSA Offers Deferred Resignation and Early Retirement Options: The National Security Agency (NSA) has offered its entire workforce the option of deferred resignation with pay and benefits through September, and the Office of Personnel Management is offering voluntary early retirement authorization. These offers are in response to pressure from the Department of Government Efficiency to reduce the federal workforce. There have also been attempts to restructure the agency's leadership and install political appointees . These factors suggest the administration is actively seeking to reduce the size of the NSA workforce, and could be interpreted as a purge of the agency.

Spanish Police and Guardia Civil Arrest Hacker in Joint Operation Targeting 40+ Cyberattacks: A joint operation by the Spanish National Police and the Guardia Civil has led to the arrest of a hacker responsible for over 40 cyberattacks targeting strategic organizations, including the Guardia Civil, the Ministry of Defense, NATO, and the US Army. The individual, who used multiple pseudonyms on the dark web, also possessed over 50 cryptocurrency accounts, highlighting their knowledge of blockchain technology.

Cryptomining Attacks Surge Globally, Exploiting Cloud and AI Infrastructure: A significant spike in malicious cryptomining activity occurred in 2023 and continued into 2024, with attackers increasingly targeting cloud and hosting services, as well as higher education institutions, for their computational resources. The rise of generative AI and its reliance on GPUs is creating new opportunities for cryptominers who are expected to start targeting AI infrastructures.

Lazarus Group Exploits LinkedIn with Sophisticated Recruiting Scam Targeting Global Organizations: The North Korea-linked Lazarus Group is actively targeting organizations through fake LinkedIn job offers, using a sophisticated campaign to deliver malware and steal sensitive data, including cryptocurrency wallet information and login credentials from Windows, macOS, and Linux systems. This campaign highlights the increasing use of social platforms by state-sponsored threat actors to gain access to classified information, proprietary technologies, and corporate credentials, particularly in sectors such as aviation, defense, and nuclear industries.

Black Hat USA 2024 videos: Videos from the Black Hat USA 2024 security conference, which took place in August are now available on Youtube.

⚖️ Laws, Policies and Regulations

France Pushes for Backdoors in Encrypted Messaging Apps Amidst Geopolitical Tensions: French lawmakers have passed an amendment requiring encrypted messaging services like WhatsApp, Signal, and Telegram to provide intelligence agencies access to message content, citing national security concerns. This move, supported by the Interior and Justice ministers and drawing inspiration from the UK, comes as France is also expanding satellite surveillance to combat organized crime.

UK Demands Apple Backdoor Access to Encrypted Data, Threatening Global Security: The UK government has issued a secret order requiring Apple to create a backdoor for government security officials to access all encrypted data, including that of users worldwide, which could have severe implications for data privacy and security. This unprecedented demand, made under the Investigatory Powers Act, has been criticized by Apple and privacy advocates, who warn that such backdoors could be exploited by criminals and other governments.

UK Foreign Office Concerned Over British Cyber Expert Jailed in UAE: The British Foreign Office is in contact with Emirati authorities and supporting the family of Andrew Grunstein, a British-Australian cyber specialist and head of Pegasus Intelligence, who was arrested in Dubai in mid-January. Grunstein's case involves national security concerns, and he is known for providing services to Beacon Red, the cyber offensive subsidiary of the Emirati defense conglomerate EDGE Group.

EU Issues AI System Definition Guidelines to Facilitate AI Act Application: The European Commission has published non-binding guidelines on the definition of an AI system to assist providers in determining whether a software system falls under the AI Act's regulations, which first began to apply on February 2, 2025, and include rules on AI system definitions, AI literacy, and prohibited AI use cases. These , designed to be updated as needed, aim to ensure the effective application of the AI Act, which classifies AI systems into different risk categories such as prohibited, high-risk, and those with transparency obligations.

⚖️ Cybersecurity Start Ups and VCs

France Seeks Gulf Funding for AI Projects Amidst Geopolitical Tech Race: As a high-profile AI summit convenes in Paris, French President Emmanuel Macron is actively engaging in corporate diplomacy to secure Gulf funding for French AI projects, with a focus on attracting investments from key figures involved in defense and advanced technology, while navigating the complex landscape of international tech partnerships involving entities with ties to China. France is particularly interested in the Abu Dhabi sovereign wealth fund, MGX, which has a major focus on AI investments and is headed by Tahnoon bin Zayed Al Nahyan.

📊 Trends, Reports, Analysis

Ransomware Payments Plummet 35% as Law Enforcement and Victim Resilience Increase: Ransomware payments decreased by approximately 35% year-over-year in 2024, totaling $813.55 million, due to increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay. Despite a rise in data leak site postings and new ransomware strains, fewer victims paid, reflecting a shift in the ransomware ecosystem with a rise of lone actors targeting smaller to mid-sized organizations.

📅 Upcoming Events

🚀 We’re thrilled to welcome Tauseef Aslam to our expert panel at "Third-Party Ecosystem Resilience in a Volatile Cybersecurity Landscape" – a must-attend event for CISOs and executives navigating today’s complex cybersecurity challenges.

This is a limited virtual event tailored for CISOs and executives. It is free to join so register today Form

We hope you enjoyed our email briefing! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email [email protected].

Thank you for being a part of our newsletter community and you can be part of the community by joining our LinkedIn Group.