CyberNews: 02/10/2025 Edition

Published by Dunateo on 2025-10-02

Today’s roundup

  • Warning: Beware of Android Spyware Disguised as Signal Encryption Plugin and ToTok Pro
  • New WireTap Attack Extracts Intel SGX ECDSA Key via DDR4 Memory-Bus Interposer
  • Expired US Cyber Law Puts Data Sharing and Threat Response at Risk
  • OpenSSL patches 3 vulnerabilities, urging immediate updates
  • Broadcom Issues Patches for VMware NSX and vCenter Security Flaws
  • Google Sheds Light on ShinyHunters' Salesforce Tactics
  • China-linked hacking group Phantom Taurus targeting embassies, foreign ministries
  • Millions impacted by data breaches at insurance giant, auto dealership software firm
  • 1.2 million people had information stolen during cyberattack on WestJet

    • Summary

    Cybersecurity researchers uncovered two Android spyware campaigns (ProSpy and ToSpy) impersonating Signal and ToTok applications, targeting UAE users via fake websites. Academics demonstrated a hardware-based WireTap attack bypassing Intel SGX security on DDR4 systems, enabling passive decryption of encrypted data. The expiration of the US Cybersecurity Information Sharing Act (CISA 2015) risks disrupting federal cyber defense coordination and CISA operations. OpenSSL patched three vulnerabilities (CVE-2025-9230/31/32), including a moderate-severity flaw allowing memory corruption and potential code execution. Broadcom issued critical patches for VMware NSX and vCenter vulnerabilities. Google's Mandiant detailed UNC6040 (ShinyHunters) tactics exploiting Salesforce social engineering for data theft. Chinese APT Phantom Taurus targeted foreign ministries and telcos across Africa, Asia, and the Middle East with espionage operations. Motility Solutions suffered a ransomware attack exposing dealership data, while WestJet disclosed a breach affecting 1.2 million customers’ personal information.

    Want to dig deeper?

    Vulnerabilities

    CVE-2025-9230 Medium