Cyber Bites - 14th March 2025 episode artwork

EPISODE · Mar 13, 2025 · 5 MIN

Cyber Bites - 14th March 2025

from Cyber Bites · host Edwin Kwan

* Critical PHP Vulnerability Under Mass Exploitation Worldwide* Hacktivist Group Claims Responsibility for X Outages, Musk Blames "Massive Cyberattack"* Cybercriminals Use Bogus Copyright Claims to Spread Malware on YouTube* Former Software Developer Found Guilty of Sabotaging Employer's Systems* Melbourne Man Charged in Mobile Number Porting ScamCritical PHP Vulnerability Under Mass Exploitation Worldwidehttps://www.bleepingcomputer.com/news/security/critical-php-rce-vulnerability-mass-exploited-in-new-attacks/A critical PHP remote code execution vulnerability, CVE-2024-4577, is being actively exploited in widespread attacks targeting Windows systems globally.The vulnerability, patched in June 2024, allows unauthenticated attackers to execute arbitrary code, leading to complete system compromise.While initial reports indicated targeted attacks against Japanese organizations, new data reveals a significant increase in exploitation attempts worldwide, including the United States, Singapore, Germany, and China.Threat intelligence firm GreyNoise reports observing a surge in exploitation attempts since January 2025, with numerous exploit codes available online.The attacks involve attempts to steal credentials, establish persistence, elevate privileges, and deploy adversarial tools. This vulnerability has also been previously exploited by ransomware groups and to deploy new malware.Hacktivist Group Claims Responsibility for X Outages, Musk Blames "Massive Cyberattack"https://www.bleepingcomputer.com/news/security/x-hit-by-massive-cyberattack-amid-dark-storms-ddos-claims/https://www.abc.net.au/news/2025-03-11/elon-musk-says-x-outages-result-of-cyber-attack/105035078The hacktivist group Dark Storm has claimed responsibility for distributed denial-of-service (DDoS) attacks that caused multiple worldwide outages on the X platform. X owner Elon Musk confirmed a "massive cyberattack" against the platform, stating it was conducted with significant resources and potentially involved a large, coordinated group or a nation-state.Dark Storm, a pro-Palestinian group active since 2023, posted evidence of their attacks on Telegram, including screenshots and links to website availability monitoring tools. X has since implemented DDoS protection from Cloudflare, displaying captchas to users connecting from suspicious IP addresses.Musk later stated that the cyberattack involved IP addresses originating from Ukraine, but Dark Storm denied any connection to Ukraine. DDoS attacks often utilize botnets and compromised devices from various global locations to generate overwhelming traffic, disrupting targeted websites.Cybercriminals Use Bogus Copyright Claims to Spread Malware on YouTubehttps://securelist.com/silentcryptominer-spreads-through-blackmail-on-youtube/115788/Cybercriminals are exploiting YouTube's copyright claim system to coerce creators into promoting malware and cryptocurrency miners. They are targeting YouTubers who publish tutorials on Windows Packet Divert (WPD) tools, which are popular in Russia for bypassing internet censorship.The attackers pose as copyright holders of these tools, filing false copyright claims and then contacting creators with a "resolution" that involves adding download links to trojanized versions of the software. These malicious versions, hosted on GitHub, contain a cryptominer downloader.Creators, fearing channel bans, often comply. Kaspersky reports that one such video, with over 400,000 views, led to 40,000 malicious downloads before the link was removed. A Telegram channel with 340,000 subscribers also promoted the malware.The malware uses a multi-stage loader, including a Python-based loader and a bloated second-stage executable to evade detection. It disables Microsoft Defender, establishes persistence, and downloads SilentCryptoMiner, a modified XMRig miner. The miner uses process hollowing and pauses activity when monitoring tools are active.While currently targeting Russian users, this tactic could be used to distribute other malware, such as info-stealers or ransomware, on a broader scale. Users are advised to avoid downloading software from links provided in YouTube videos, especially from smaller channels.Former Software Developer Found Guilty of Sabotaging Employer's Systemshttps://www.justice.gov/opa/pr/texas-man-convicted-sabotaging-his-employers-computer-systems-and-deleting-dataA federal jury in Cleveland has convicted a senior software developer, Davis Lu, of sabotaging his former employer, Eaton Corporation's, computer systems. Lu, 55, faces up to ten years in prison.Lu, who worked at Eaton from 2007 to 2019, began deploying malicious code after a demotion in 2019. He created a Java program that crashed production systems by generating infinite resource-consuming threads. He also developed a "kill switch" that locked out thousands of employees worldwide when his employment was terminated. The “kill switch” code was named “IsDLEnabledinAD”, abbreviating “Is Davis Lu enabled in Active Directory”.Investigators found Lu's malware and related code on internal development servers, linking his user account to the sabotage. He attempted to delete data and wipe his company laptop before returning it. Lu confessed to federal investigators in 2019 but pleaded not guilty, leading to the jury trial and his subsequent conviction.Melbourne Man Charged in Mobile Number Porting Scamhttps://www.afp.gov.au/news-centre/media-release/victorian-man-charged-over-alleged-bulk-phone-porting-scamA Melbourne man is facing court after allegedly attempting to steal mobile numbers from identity theft victims. The man, 34, is accused of making 193 unauthorized "port-in" attempts, successfully transferring 44 mobile numbers to his control.The Australian Federal Police (AFP) began investigating in July 2024 after a telecommunications company reported suspicious porting activity. Porting scams allow criminals to bypass multi-factor authentication and access victims' bank accounts.A search warrant executed at the man's residence resulted in the seizure of mobile phones, a computer, SIM cards, and suspected drug items. He has been charged with unauthorized modification of data, which carries a maximum penalty of 10 years imprisonment.The AFP urges individuals to be vigilant for unexpected text messages or service disruptions, as these could indicate an unauthorized porting attempt. Victims are advised to contact their mobile provider and bank immediately, and report the incident to ReportCyber. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Episode metadata supplied by the publisher feed · Published Mar 13, 2025

NOW PLAYING

Cyber Bites - 14th March 2025

0:00 5:39

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

CISO Perspectives (public) N2K Networks This season on CISO Perspectives, host Kim Jones explores some of the challenges of leading through uncertainty. We explore the complexity of the changing nature of regulation and working with the federal government, the evolution of privacy and fraud, and how emerging technologies like AI and quantum computing are changing cyber. When you don’t know what questions to ask, you’re afraid to ask, or don’t know who to ask, CISO Perspectives provides the foundation for learning in this brave new world. Guardians Of Innocence Guardians Of Innocence Guardians of Innocence is a powerful and informative podcast designed to equip parents, teachers, and communities with the knowledge and tools needed to protect children from the growing threat of trafficking. Each episode dives deep into the tactics traffickers use to target vulnerable children—both online and in real life—and provides actionable advice on how to recognize the warning signs.Through expert interviews with cyber safety professionals, law enforcement, and survivors, we uncover the latest grooming methods, share real-world stories, and empower listeners to become vigilant guardians of innocence in their own families and communities.Guardians of Innocence is more than just a podcast; it’s a call to action to safeguard our children, raise awareness, and foster a united front against trafficking.Listen. Learn. Protect. Site Bites Carlton Gover Join host Carlton Gover (from A Life In Ruins podcast on the Archaeology Podcast Network) as he brings on a co-host for each season to discuss a single archaeological site. They'll dive into every aspect of a site over the course of the season. Every episode of the season will be released at the same time so you can binge on a quiet Sunday morning or listen when you can. The Cyber Sleuth Show Cyber Social Hub Step into the world of digital forensics, mobile forensics, OSINT, and cybersecurity with The Cyber Sleuth Show! Hosted by Kevin DeLong, this podcast dives deep into the ever-evolving landscape of digital investigations, featuring expert guests, cutting-edge tools, real-world case insights, and, of course, the occasional terrible dad joke.From law enforcement investigators and forensic analysts to OSINT specialists and cybersecurity pros, we uncover the latest trends, techniques, and challenges in the field—giving you the knowledge you need to find the truth behind digital incidents.🔍 Stay ahead of the curve. Stay informed. Stay sleuthing.📢 Join the community! Connect with fellow digital investigators for FREE at CyberSocialHub.com.🎥 Prefer video? Watch the podcast on YouTube: @CyberSocialHub.🚀 Subscribe now and sharpen your investigative skills!

Frequently Asked Questions

How long is this episode of Cyber Bites?

This episode is 5 minutes long.

When was this Cyber Bites episode published?

This episode was published on March 13, 2025.

What is this episode about?

* Critical PHP Vulnerability Under Mass Exploitation Worldwide* Hacktivist Group Claims Responsibility for X Outages, Musk Blames "Massive Cyberattack"* Cybercriminals Use Bogus Copyright Claims to Spread Malware on YouTube* Former Software...

Can I download this Cyber Bites episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!