From the CloudCast Studios, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Wednesday, February 12th, 2025.

Headlines this week:

• 
  
• Critical Remote Code Execution Vulnerability in Microsoft Outlook
  
• Ransomware Payments Decline by 35% in 2024
  
• GrubHub Discloses Data Breach Affecting Users and Partners
  
• Spyware Firm Cuts Ties with Italy Amid Targeting Allegations
  
• Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys
  
• Lazarus Group Targets Professionals with Job-Themed Malware
  
• SparkCat Malware Campaign Targets Cryptocurrency Wallets
  
• Silent Lynx Group Targets Central Asian Organizations
  
• Engineer IMI Suffers Cyberattack Following Similar Incident at Smiths Group
  
• Taiwan Bans DeepSeek AI Over National Security Concerns
  

Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or CloudCast, please visit skyhighsecurity.com.

Sources:

• 
  
• Taiwan Bans DeepSeek AI Over National Security Concerns: diesec.com
  
• Critical Remote Code Execution Vulnerability in Microsoft Outlook: diesec.com
  
• Ransomware Payments Decline by 35% in 2024: diesec.com
  
• GrubHub Discloses Data Breach Affecting Users and Partners: diesec.com
  
• Spyware Firm Cuts Ties with Italy Amid Targeting Allegations: diesec.com
  
• Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys: thehackernews.com
  
• Lazarus Group Targets Professionals with Job-Themed Malware: thehackernews.com
  
• SparkCat Malware Campaign Targets Cryptocurrency Wallets: thehackernews.com
  
• Silent Lynx Group Targets Central Asian Organizations: thehackernews.com
  
• Engineer IMI Suffers Cyberattack Following Similar Incident at Smiths Group: cybersecurity-review.com
  

———–

CloudCast is hosted by Skyhigh Security’s very own Digital Experience Manager, Scott Schlee. Scott’s engaging demeanor and wit, backed by over 20 years in digital media production and web development, has led to successful collaborations with top-tier brands. His experience includes hosting and producing a wide range of podcasts and videos. Scott has been recognized for his outstanding work, including an award-winning digital short and a Webby Awards nomination for Viral Marketing (Branded). Beyond his professional achievements, Scott’s personal journey as a decade-long pancreatic cancer survivor has led him to share his story with the U.S. Congress and other organizations as an advocate for increased cancer research funding.

Transcript

From the CloudCast Studios, I’m Scott Schlee, and these are your cybersecurity headlines for the week of Wednesday, February 12th, 2025.

A Critical Remote Code Execution Vulnerability Has Been Discovered in Microsoft Outlook: The Cybersecurity and Infrastructure Security Agency issued an urgent alert about an actively exploited vulnerability in Microsoft Outlook. Attackers can execute remote code by bypassing Outlook’s protections using a simple URL trick, endangering sensitive data. Federal agencies and private organizations are urged to apply patches promptly to mitigate this threat.

GrubHub Has Disclosed A Data Breach Affecting Users and Partners: Food delivery service GrubHub reported a data breach resulting from a compromised third-party service provider account. Exposed information includes names, emails, phone numbers, and partial payment details of some campus diners. GrubHub has terminated the unauthorized access, enhanced security measures, and advises users to maintain strong, unique passwords.

Paragon Solutions Cuts Ties with Italy Amid Targeting Allegations: Israeli spyware company Paragon Solutions has severed relationships with its Italian clients following allegations that its software was used to target government critics. A recent spyware campaign affected 90 users across 24 countries, including journalists and activists, prompting an investigation by Italian authorities into the misuse of surveillance tools.

Microsoft Warns of Attacks Exploiting ASP.NET Machine Keys: Microsoft identified over 3,000 publicly disclosed ASP.NET machine keys that attackers are exploiting to inject and execute malicious code using the Godzilla post-exploitation framework. This technique, known as ViewState code injection, poses significant risks to web applications. Organizations are advised to review and secure their ASP.NET configurations to prevent such attacks.

Lazarus Group Is Targeting Professionals with Job-Themed Malware: The North Korean-linked Lazarus Group has launched a campaign using fake LinkedIn job offers in the cryptocurrency and travel sectors to distribute malware. The malicious code is capable of infecting Windows, macOS, and Linux systems, highlighting the group’s evolving tactics and the need for vigilance among professionals receiving unsolicited job communications.

SparkCat Malware Campaign Is Targeting Cryptocurrency Wallets: A new malware campaign dubbed SparkCat has been identified, leveraging fake apps on both Apple’s App Store and Google’s Play Store to steal mnemonic phrases associated with cryptocurrency wallets. Notably, this marks one of the first instances of a stealer with optical character recognition capabilities being discovered in the Apple App Store. The malicious apps have since been removed, but users are advised to remain cautious when downloading wallet-related applications.

Silent Lynx Group Is Targeting Central Asian Organizations: A previously unidentified hacking group, dubbed Silent Lynx, has been targeting entities in Kyrgyzstan and Turkmenistan, including embassies, legal firms, government-backed banks, and think tanks. The attackers deploy a PowerShell script that utilizes Telegram for command-and-control operations. Attribution points to a Kazakhstan-origin threat actor, with tactical overlaps observed with the YoroTrooper group.

IMI Suffers A Cyberattack Following A Similar Incident at Smiths Group: Engineering firm IMI confirmed a cyberattack affecting its global systems, occurring shortly after a similar breach at rival company Smiths Group. While specific data accessed remains undisclosed, the incident underscores the increasing targeting of engineering and manufacturing sectors by cybercriminals. Organizations in these industries are urged to bolster their cybersecurity defenses.

Taiwan Bans DeepSeek AI Over National Security Concerns: Taiwan has prohibited the use of DeepSeek, a Chinese-developed AI chatbot, citing risks of data leakage and potential censorship issues. This move aligns with actions taken by other countries concerned about the security implications of foreign AI technologies. The ban underscores the growing global apprehension regarding AI governance and data privacy.

And let’s end the week off with some positive news. Ransomware Payments Declined by 35% in 2024: Despite a record number of ransomware attacks in 2024, totaling 5,263 incidents, ransom payments decreased to $813.55 million—a 35% drop from the previous year. This decline is attributed to improved cybersecurity measures, robust backups, and intensified law enforcement actions against ransomware groups. The trend indicates a shift in how organizations are managing and responding to ransomware threats.

And those are your headlines for the week. Thank you again for listening to Skyhigh Cloudcast. If you’ve enjoyed this episode, be sure to subscribe on your favorite platform so you never miss an update. If you like the show, please leave us a review. It helps others find the podcast. For more information about Skyhigh Security or Cloudcast, please visit skyhighsecurity.com.

Please Note: All transcripts are generated using speech recognition software and human transcription, and may contain errors. Please check the corresponding audio before quoting in print.

.accordion-flush .accordion-item .accordion-button, .accordion-flush .accordion-item .accordion-button.collapsed {
border-radius: 0;
border-top: solid 1px #ededed;
border-bottom: solid 1px #ededed;
background-color: #f8f9fa;
}
.accordion-button:focus {
box-shadow:none;
}
.accordion-body {
border-bottom: solid 1px #ededed;
border-left: solid 1px #ededed;
border-right: solid 1px #ededed;
}
.font-italic {
font-style: italic;
}