Category: Cybercrime

  • Microsoft Teams to Implement New Feature to Block Screen Captures in Meetings

    Microsoft Teams to Implement New Feature to Block Screen Captures in Meetings

    Microsoft is set to enrich its Teams application with a new feature aimed at safeguarding sensitive information during virtual meetings. The ‘Prevent Screen Capture’ functionality will restrict users from taking screenshots, ensuring that shared content remains confidential, as announced in a new roadmap entry by the tech giant.

    To enhance security, participants joining from unsupported platforms will automatically enter audio-only mode, reinforcing the protection of sensitive data. This feature is expected to begin rolling out globally for Android, desktop, iOS, and web users in July 2025. Microsoft emphasized, “if a user attempts to take a screen capture, the meeting window will turn black,” effectively blocking unauthorized captures (source).

    While the new screen capture feature holds promise, Microsoft has acknowledged that it cannot entirely prevent the capture of sensitive information. Users may still take photos of their screens, potentially compromising data shared during meetings. Therefore, while the initiative represents a positive step, it is not a complete safeguard against data leakage.

    This development follows a similar move by Meta, which recently introduced the Advanced Chat Privacy feature for WhatsApp, designed to protect user data in private chats and group conversations by preventing the saving of shared media. As Microsoft continues to enhance its Teams services, it will also implement a town hall screen privilege management update in Teams Rooms, alongside new interactive services like BizChat and Copilot, further broadening the capabilities of the platform.

    Microsoft’s efforts come on the heels of a recent announcement at the Enterprise Connect conference, where the company disclosed that Teams boasts over 320 million monthly active users across 181 markets and 44 languages (source). As digital communication platforms evolve, maintaining security and user privacy remains a critical focus for Microsoft and its competitors alike.

  • Surge in Vulnerabilities Plagues SonicWall Devices, Heightening Cybersecurity Concerns

    Surge in Vulnerabilities Plagues SonicWall Devices, Heightening Cybersecurity Concerns

    SonicWall, a California-based cybersecurity vendor, is facing a significant rise in vulnerabilities within its range of devices and software, putting users at increased risk of cyber intrusions. The year commenced with the company unveiling nine security advisories on January 7, and as of now, the total number of publicly disclosed vulnerabilities has escalated to 20.

    Moreover, these vulnerabilities are prominent in the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerabilities (KEV) catalog, reflecting a growing trend as cybercriminals specifically target SonicWall products. According to cybersecurity authorities, four vulnerabilities have been actively exploited in SonicWall products this year, culminating in a total of 14 exploited vulnerabilities since late 2021, eight of which have been implicated in ransomware campaigns.

    The latest wave of vulnerabilities includes a trio originating from SonicWall Secure Mobile Access (SMA) 100 Appliances, as well as a critical defect in the SonicWall SonicOS. The identified vulnerabilities include CVE-2023-44221, CVE-2021-20035, CVE-2025-23006, and CVE-2024-53704. These vulnerabilities pose serious risks as they may allow malicious actors to achieve remote code execution, granting them control over affected devices.

    In a troubling turn of events, SonicWall recently disclosed three additional vulnerabilities: CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821, impacting the SMA 100 series. Despite SonicWall’s prompt action to release patches for these vulnerabilities, concerns persist that exploitation may have already occurred, as indicated by Ryan Emmons of Rapid7.

    SonicWall, which has yet to sign the CISA’s secure-by-design pledge, announces measures to enhance security among its products, including introducing security features by default in its latest devices. However, with a significant portion of vulnerabilities stemming from outdated technology, the cybersecurity landscape illustrates the urgency for vendors in addressing potential threats before they escalate further.

  • Google Settles Texas Lawsuit with $1.375 Billion Payment Over Privacy Violations

    Google Settles Texas Lawsuit with $1.375 Billion Payment Over Privacy Violations

    Google has reached an unprecedented settlement with the state of Texas, agreeing to pay nearly $1.4 billion to resolve two lawsuits accusing the company of unlawfully tracking users’ locations and maintaining their biometric data without consent. The $1.375 billion settlement stands as one of the largest privacy-related fines imposed on the tech giant to date.

    This substantial payment surpasses any previous settlements Google has made to settle similar legal actions taken by other states. In November 2022, the company settled a case with a coalition of 40 states for $391 million. Following that, in January 2023, Google paid $29.5 million to Indiana and Washington, and later in September, it forked out another $93 million to settle with California over privacy practices.

    The legal challenges stem from allegations filed in 2022 regarding Google’s deceptive practices in tracking user data. A statement from Texas Attorney General Ken Paxton highlighted that Google had been tracking individuals’ movements, private searches, and even their biometric information, such as facial geometry and voiceprints, without properly informing users. The lawsuits claimed that Google tracked users’ locations even when they had disabled the Location History feature and collected sensitive data without explicit consent. (source)

    Paxton emphasized the significance of this settlement, stating it represents a victory for Texans’ privacy rights and serves as a warning to corporations that misuse personal data will come at a significant cost. Following the lawsuit, Google announced plans to enhance its privacy controls, aiming to store Maps Timeline data locally on users’ devices, thereby reducing concerns about data retention on their servers. (source)

    In a broader context, the settlement reflects ongoing regulatory pressures on Google, which is currently facing scrutiny from antitrust agencies in both Europe and the United States. The tech giant is being urged to reconsider its business practices, with some policymakers advocating for a potential breakup of certain divisions to promote fair competition in the tech market. (source)

  • Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension Healthcare Data Breach Exposes Information of Over 430,000 Patients

    Ascension, one of the largest private healthcare systems in the United States, has confirmed that a recent data breach has compromised the personal and healthcare information of over 430,000 patients. The breach was disclosed in notification letters sent to affected individuals in April, revealing that the data was stolen during a cyber incident affecting a former business partner of the organization earlier in December.

    The breach allowed attackers to access sensitive personal health information, including details about inpatient visits, such as physician names, admission and discharge dates, diagnosis, billing codes, and medical record numbers. Additionally, personal details such as names, addresses, phone numbers, email addresses, dates of birth, race, gender, and Social Security numbers (SSNs) were also exposed.

    Ascension stated in a public communication, “On December 5, 2024, we learned that Ascension patient information may have been involved in a potential security incident. Our investigation determined on January 21, 2025, that Ascension inadvertently disclosed information to a former business partner, and some of this information was likely stolen from them due to a vulnerability in third-party software used by the former business partner.” Source

    The incident has particularly impacted individuals in Texas and Massachusetts, where the totals are reported as 114,692 and 96 respectively. Although Ascension initially withheld the exact number of affected individuals, an April 28 filing with the U.S. Department of Health & Human Services (HHS) later revealed that 437,329 individuals were impacted by the breach.

    To assist those affected, Ascension is offering two years of complimentary identity monitoring services, which include credit monitoring, fraud consultation, and identity theft restoration services. Despite this, details surrounding the breach affecting the former business partner remain sparse, though experts suggest that it may be linked to a series of ransomware attacks exploiting a critical flaw in Cleo secure file transfer software. Source

    Only last year, Ascension notified nearly 5.6 million patients and employees of a major ransomware attack attributed to the Black Basta group, which resulted from an employee inadvertently downloading a malicious file. This incident significantly disrupted Ascension’s operations, forcing staff to revert to manual record-keeping and halt non-emergency medical services. Source

    With a workforce exceeding 142,000, Ascension operates 142 hospitals and 40 senior care facilities across North America and reported revenues of $28.3 billion in 2023. As the healthcare industry grapples with increasing cyber threats, Ascension’s incident underscores the need for stringent data security measures.

  • Crisis in CVE Funding Sparks Urgent Rethink in Vulnerability Management

    Crisis in CVE Funding Sparks Urgent Rethink in Vulnerability Management

    A funding crisis involving the Common Vulnerabilities and Exposures (CVE) program has raised alarms within the cybersecurity community, prompting a critical reevaluation of vulnerability management practices. The CVE program, a vital resource for security professionals, consolidates publicly disclosed vulnerabilities, enabling organizations to prioritize and mitigate security risks effectively. Recent developments highlight the fragility of this system, particularly as the CVE program faced funding cuts before the Cybersecurity and Infrastructure Security Agency (CISA) intervened with an 11-month funding extension.

    Despite this temporary solution, the longer-term prospects for the CVE program remain unclear. The immediate funding crisis spotlighted concerns about the evolving landscape of cyber threats, especially as the number of disclosed vulnerabilities has surged, with over 40,000 CVEs identified in 2024 alone. Security analysts argue that traditional prioritization methods—relying heavily on CVSS scores—may no longer suffice in the face of sophisticated cybercriminal tactics.

    Ferhat Dikbiyik of Black Kite expressed concerns that security teams must now adapt their approaches. “Traditional vulnerability management says: Patch the loudest alert,” he noted. “But that’s no match for ransomware gangs who weaponize a vulnerability days after disclosure.” The shift, according to Dikbiyik, should focus on real-world risk, considering questions such as exploitability and vendor exposure. This reflects a broader sentiment in the field, particularly following JPMorgan Chase’s assessment of flaws in the CVSS scoring system.

    Experts, including Haris Pylarinos from Hack The Box, advocate leveraging automation and AI technologies to enhance vulnerability triage processes, aiming for a proactive rather than reactive stance on security. Yet, cybersecurity leaders caution that organizations relying solely on CVSS metrics may find themselves unprepared for contemporary threats.

    As vulnerability management evolves, implementing robust patch management processes and maintaining comprehensive inventories of software and devices are critical. Rik Ferguson from Forescout emphasized the importance of understanding the operational context of vulnerabilities, particularly in complex environments like hospitals where precision in security is paramount. “If you are responsible for a hospital environment, you absolutely need to know which fridge stores the sandwiches and which one stores the blood or meds,” he explained.

    The incidents surrounding the CVE funding crisis serve as a clarion call for the cybersecurity community, underscoring the importance of adapting strategies to contend with an increasingly challenging threat landscape. As organizations strive for resilience, blending proven security fundamentals with active, real-time intelligence appears vital for effectively navigating the future of cybersecurity.

  • FBI Warns of Cybercriminal Exploitation of Outdated Routers

    FBI Warns of Cybercriminal Exploitation of Outdated Routers

    The Federal Bureau of Investigation (FBI) has issued a warning about the increasing manipulation of end-of-life (EoL) routers by cybercriminals. These outdated devices, no longer receiving critical security updates from vendors, are being turned into proxies for malicious activities, according to a recent advisory.

    Cybercriminals are reportedly deploying malware on these vulnerable routers and integrating them into residential proxy botnets. The compromised routers then facilitate a variety of illicit operations, obscuring the identities of the attackers as they engage in activities such as cryptocurrency theft and cybercrime-for-hire. As noted in the FBI advisory, “criminals are selling access to compromised routers as proxies for customers to purchase and use.” [source]

    Prominent models targeted by these attacks include several old Linksys and Cisco routers, which are particularly susceptible due to known security flaws. Among the commonly exploited models, the advisory lists the Linksys E1200 and E2500, as well as the Cisco M10, all of which have become prime targets for such exploitation.

    Moreover, the FBI indicates that state-sponsored actors have been using these vulnerabilities not just for cybercrime but for espionage operations aimed at critical U.S. infrastructure. The agency highlights a concerning trend where compromised routers have shown up in operations associated with a variant of malware known as “TheMoon.” This software allows attackers to install proxies on infected routers to enhance their operational secrecy. [source]

    To mitigate these risks, the FBI strongly advises consumers to replace EoL routers with newer devices that receive regular security updates. If replacement is unfeasible, they recommend updating the firmware from the vendor’s official site, changing default login credentials, and disabling remote administration features to reduce exposure to potential botnet infections.

  • Russian Hackers Deploy New LOSTKEYS Malware Using ClickFix Tactics

    Russian Hackers Deploy New LOSTKEYS Malware Using ClickFix Tactics

    The Russian-linked hacking group COLDRIVER is ramping up its cyber espionage efforts by distributing a new malware strain known as LOSTKEYS. This malware operates through a sophisticated social engineering tactic that resembles the ClickFix method. According to the Google Threat Intelligence Group, LOSTKEYS has been observed targeting current and former advisors to Western governments, military personnel, journalists, think tanks, and non-governmental organizations (NGOs). Additionally, individuals linked to Ukraine have also been identified as potential targets.

    LOSTKEYS is designed to steal files based on a predetermined list of file types and directories, while also gathering critical system information for the attackers. The malware was detected in attacks occurring in January, March, and April of 2025, as noted in a recent report by Google. Security researcher Wesley Shields detailed that COLDRIVER’s operation originally specialized in credential theft but has now expanded to include this advanced form of malware deployment.

    COLDRIVER’s tactics have evolved from its initial credential phishing campaigns, diversifying into custom malware attacks. The latest operations begin with a fake CAPTCHA verification on a decoy website, where victims are then directed to execute a PowerShell command that downloads the malware from a remote server. The use of ClickFix is indicative of the group’s effort to refine its attack methods, with potential evasion of virtual machine detection being a key focus.

    Reports indicate that this targeted deployment of LOSTKEYS is part of a broader trend, as other threat actors have also adopted the ClickFix strategy to distribute various malware types, including a banking trojan named Lampion and a macOS information stealer known as Atomic Stealer. The ClickFix technique’s continued popularity among cybercriminals underscores the importance of vigilance in cybersecurity practices.

  • Cybersecurity Community Breathes a Sigh of Relief as CVE Database Funding Extended

    Cybersecurity Community Breathes a Sigh of Relief as CVE Database Funding Extended

    The cybersecurity sector was recently shaken to its core as announcements regarding the future of the Common Vulnerabilities and Exposures (CVE) database created a significant sense of uncertainty. Originally slated to go dark, the database, which serves as a cornerstone for global communication about cybersecurity vulnerabilities, will now continue to operate following an 11-month funding extension granted by the Cybersecurity and Infrastructure Security Agency (CISA). This last-minute reprieve was welcomed by many cybersecurity professionals who rely on the CVE as a critical resource in their everyday work.

    Mitre, which has overseen the CVE for 25 years, faced severe scrutiny as fears about the database’s discontinuation spread throughout the industry. “Losing the CVE would be akin to removing essential language from first responders’ communication,” remarked Keith Ibarguen, Senior Vice President of Engineering at Trustwave. This sentiment emphasizes the integral role the CVE plays in maintaining security across various sectors, bridging communication gaps and enabling a unified approach to vulnerability management.

    While the extension provides temporary relief, it has also ignited discussions about the future of the CVE system. Industry leaders are calling for a comprehensive plan that ensures long-term viability and resilience of the vulnerability database. The cybersecurity community, recognizing the CVE’s foundational importance, has begun actively engaging in dialogue regarding the establishment of a sustainable framework that will prevent such crises from occurring in the future.

    Experts have suggested that collaborative discussions between public and private sectors could pave the way for improved governance of the CVE system. As Keith Ibarguen pointed out, this is an opportune moment for stakeholders to organize and establish a robust and future-proof structure for managing cybersecurity vulnerabilities. The urgency of the situation is clear: timely action is required to ensure that the cybersecurity landscape is not left vulnerable, especially given the rapid evolution of cyber threats.

  • CISA Issues Warning on Cybersecurity Vulnerabilities in US Oil and Gas Sector

    CISA Issues Warning on Cybersecurity Vulnerabilities in US Oil and Gas Sector

    The Cybersecurity and Infrastructure Security Agency (CISA), in conjunction with the FBI, Department of Energy, and Environmental Protection Agency, has issued a warning regarding cyberattacks targeting Operational Technology (OT) and Industrial Control Systems (ICS) within the US oil and natural gas industry. The agencies have observed that many cybercriminals utilize basic intrusion techniques, which, when combined with poor cyber hygiene and unprotected assets, can result in significant operational disruptions and physical damage.

    Gabrielle Hempel, a security operations strategist at Exabeam, noted the recurring issue of systemic negligence in addressing known vulnerabilities across the energy sector. “The energy sector often relies on legacy systems and lacks the resources or knowledge to effectively secure their infrastructure,” Hempel stated. This situation is exacerbated by the growing integration of IT and OT systems, which increases the complexity of securing these environments and makes traditional mitigation measures less effective.

    CISA’s guidance includes a series of recommended actions to fortify defenses against potential threats. One critical measure involves disconnecting OT devices from the public internet to reduce exposure. Thomas Richards, an infrastructure security expert, emphasized that the specific motivations of malicious actors are irrelevant when sensitive systems lack proper protection. Recommendations also include using a private IP network for essential remote access and implementing strong multifactor authentication to secure access points.

    In addition to these measures, organizations are urged to implement stronger password protocols, segment their IT and OT networks, and ensure the capability to revert to manual controls after any cyber incident. Trey Ford from Bugcrowd highlighted the significance of CISA’s warning, as it explicitly addresses threats from unsophisticated hacking activities. This reminder underscores the importance of maintaining fundamental cybersecurity practices to prevent severe system failures.