Clarify Cyber

This Week in Cyber: January 25th – 31st, 2025

This week saw a concerning rise in significant cybersecurity incidents impacting various sectors. This analysis is intended for business IT leaders and cybersecurity professionals to highlight key threats and inform proactive mitigation strategies.

High-Impact Data Breaches:
  • Apple Device Vulnerabilities (FLOP & SLAP): Newly discovered vulnerabilities (FLOP and SLAP) in Apple silicon chips, dating back to 2021, allow remote data theft from web browsers (Safari and Chrome) on Macs, iPhones, and iPads. Hackers can exploit these side-channel attacks to access sensitive data from services like Gmail and iCloud without physical access. Immediate patching and security awareness training are crucial.
  • ENGlobal Data Breach: Energy contractor ENGlobal experienced a cyberattack resulting in the theft of sensitive personal data and operational disruption lasting six weeks. This highlights the vulnerability of even established companies to sophisticated attacks, emphasizing the importance of robust incident response planning and multi-factor authentication.
  • South African Weather Service Outage: A cyberattack knocked the South African Weather Service offline, disrupting essential services for airlines, farmers, and other stakeholders. This underscores the expanding target range of cyberattacks and the potential impact on critical infrastructure.
  • Ongoing impact of previously reported breaches: Several large-scale breaches from previous months continue to have repercussions. These include ongoing investigations and remediation efforts concerning incidents at Dell (49 million users affected), AT&T (73 million customers), Snowflake (impacting Ticketmaster and other organizations), and the “mother of all breaches” in January 2024 (over 26 billion records).
Ransomware Attacks:
  • While overall ransomware attack volume has decreased since 2021, new variants and tactics continue to emerge. The HellCat ransomware group is notable for employing psychological pressure tactics against victims. The Royal ransomware group continues its attacks across multiple critical infrastructure sectors, warranting close monitoring of CISA and FBI advisories (AA23-061A) for detection and mitigation strategies.
Supply Chain Attacks:
  • No significant new large-scale supply chain attacks were reported this week. However, the ongoing threat remains substantial. The recent vulnerabilities discovered in JetBrains TeamCity (CVE-2024-27198 and CVE-2024-27199), Mitel MiCollab (CVE-2024-55550) and various other software packages serve as a reminder of the persistent risk. Regular patching and careful vendor selection are paramount. Gartner’s prediction that 45% of organizations will experience software supply chain attacks by 2025 underscores the need for robust DevOps security controls and a focus on secure software development practices.
Newly Discovered Vulnerabilities:

Several new vulnerabilities have been reported this week, including those in:

  • Plonky2 SNARK implementation (CVE-2025-24802): A high-severity vulnerability impacting a cryptographic library.
  • Zoom Workplace App (multiple CVEs): Several vulnerabilities affecting various versions of the Zoom app, including escalation of privilege and denial of service flaws.
  • Various other software vulnerabilities: These include flaws in Laravel admin package Voyager, Zyxel CPE devices, SimpleHelp RMM, QNAP NAS backup/recovery app, and others.
Other Significant Incidents:
  • Increased API vulnerabilities: A 1205% surge in AI-related API vulnerabilities in 2024 highlights the emerging risks associated with the increasing adoption of AI technologies.
  • Abuse of Gemini AI tool: Nation-state actors are exploiting Google’s Gemini LLM tool for malicious purposes, emphasizing the need for responsible AI development and deployment.
  • Widespread vulnerabilities in UK government IT systems: A concerning report reveals significant security gaps in numerous critical UK government IT systems.
Recommendations for IT Leaders and Cybersecurity Professionals:
  • Prioritize patching: Immediately address all critical vulnerabilities, particularly those impacting widely used software and infrastructure components.
  • Strengthen incident response planning: Develop and regularly test robust incident response plans to effectively handle data breaches and ransomware attacks.
  • Enhance security awareness training: Educate employees on the latest threats, including phishing techniques and social engineering tactics.
  • Implement multi-factor authentication: Utilize MFA across all systems and accounts to increase security posture.
  • Monitor threat intelligence: Stay informed about emerging threats and vulnerabilities through reliable sources such as CISA, FBI, and reputable security vendors.
  • Improve software supply chain security: Implement robust controls to ensure secure software development practices and carefully vet third-party vendors.
  • Regularly assess your security posture: Conduct regular security assessments and penetration testing to identify vulnerabilities and weaknesses in your systems.

This information is current as of January 31st, 2025. The cybersecurity landscape is constantly evolving, and it is crucial to remain vigilant and adapt to new threats as they emerge.

More Articles & Posts