Skip to content
Get weekly news collection
Metafinanz Security News Collections

Latest Security News Collection

Security news collection - current edition

01

The 10 Mistakes Ransomware Attackers Love

#Ransomware #DataProtection #ITSecurity #NetworkSecurity #IncidentResponse #CyberThreats #SecurityMonitoring #TechnicalDebt #ITManagement#cybercrime #cybersecurity

Ransomware attacks are among the most feared cyber threats for businesses. Despite advanced security technologies, these attacks continue to succeed due to common vulnerabilities. Incident-response teams frequently encounter the same critical errors during their interventions. The good news is that many of these issues can be addressed with simple, targeted measures. Here are the ten most frequent mistakes that facilitate ransomware attacks and how companies can mitigate them.

  1. Unpatched Security Vulnerabilities: Leaving systems unpatched provides an open door for attackers.

  2. Weak Passwords: Easily guessable passwords are an invitation for cybercriminals.

  3. Poor Account Hygiene: Neglecting account management makes it easier for attackers to escalate privileges.

  4. Lack of Network Segmentation: Without proper segmentation, attackers can move quickly through a network.

  5. Inadequate Backups: Without reliable backups, recovery from an attack becomes difficult.

  6. Overworked IT Staff: When IT personnel are stretched thin, security can become a secondary concern.

  7. Poor IT Service Providers: Outsourcing to subpar providers introduces additional vulnerabilities.

  8. Lack of Security Monitoring: Without monitoring, warnings and alerts can go unnoticed.

  9. Technical Debt: Accumulated outdated technology and practices pose inherited security risks.

  10. Panic During Incidents: In a crisis, uncoordinated responses can exacerbate the situation.

To avoid becoming an easy target, companies should not rely on hope. By recognising and systematically addressing these ten problem areas, businesses can implement effective measures to detect and counteract attack attempts early. Ideally, these security measures will be so robust that attacker groups abandon their efforts or are detected promptly—a trend that incident-response teams are increasingly observing.

→ Read more on security-insider.de

02

Top Password Managers to Secure Your Digital Life

#PasswordManager #CyberSecurity #DigitalLife #Bitwarden #SecurePasswords #Passwordless #TwoFactorAuthentication #EncryptedStorage #BrowserExtensions #PasswordHygiene #cybercrime

Password managers are essential tools for maintaining strong, unique passwords across all your accounts. Despite knowing their benefits, many people still rely on weak passwords like “123456” and “password,” which are easily compromised. Memorising all your passwords might work for Memory Grand Master Ed Cooke, but for most of us, password managers are the practical solution.

Password managers offer secure vaults to store and manage your passwords, ensuring they are long, strong, and unique. They provide convenience and enhance your security by creating better passwords, making your online presence less vulnerable to attacks. Here are some of the best password management apps for PC, Mac, Android, iPhone, and web browsers:

Using a password manager not only simplifies your digital life but also significantly enhances your security. For more ways to upgrade your security, check out our guides on VPN providers and data backup solutions

→ Read more on wired.com

03

Native Language Phishing Spreads ResolverRAT to Healthcare Sector

#ResolverRAT #CyberSecurity #Healthcare #Phishing #Malware #Morphisec #AdvancedThreats #DataProtection #CyberThreats #SecurityAwareness #cybercrime

Morphisec researchers have discovered a sophisticated malware threat named ResolverRAT, targeting healthcare and pharmaceutical organisations. The latest attacks were observed around March 10, 2025. ResolverRAT uses advanced techniques to run code directly in computer memory, dynamically figuring out necessary system functions and resources, making it difficult for traditional security software to detect.

The malware is spread through phishing emails designed to create urgency or fear, compelling recipients to click on a malicious link. Once clicked, the link initiates the ResolverRAT infection process. These phishing attacks are highly localised, with emails written in the native language of the targeted country and using alarming subjects such as legal investigations or copyright violations. This multi-language approach indicates a global operation aimed at maximising successful infections through personalised targeting.

→ Read more on hackread.com

04

Midnight Blizzard Targets European Diplomats with Wine Tasting Phishing Lure

#MidnightBlizzard #CozyBear #APT29 #CyberSecurity #Phishing #Espionage #Wineloader #Grapeloader #Diplomats #Russia #cybercrime

The notorious Russian nation-state actor Midnight Blizzard, also known as Cozy Bear or APT29, is targeting European diplomats with a sophisticated phishing campaign. The attackers are using emails that invite recipients to wine tasting events, aiming to deploy a newly discovered loader called Grapeloader. This loader eventually infects victims with a new variant of the modular backdoor Wineloader.

The campaign has specifically targeted Ministries of Foreign Affairs and embassies across multiple European countries. Wineloader is designed to gather sensitive information from compromised devices, including IP addresses, process names, Windows usernames, machine names, process IDs, and privilege levels. This backdoor has been observed in previous Midnight Blizzard campaigns, which are linked to Russia’s foreign intelligence service (SVR) and specialise in espionage and intelligence gathering against governments and critical industries.

→ Read more on infosecurity-magazine.com

05

Critical Security Flaw in Asus AiCloud Routers: Urgent Update Required

#Asus #AiCloud #CyberSecurity #FirmwareUpdate #CVE20252492 #RouterSecurity #TechSafety #NetworkSecurity #DataProtection #CriticalVulnerability #CyberAttack

A critical security vulnerability has been discovered in Asus AiCloud routers, allowing hackers to craft requests that execute functions without authorisation. This flaw, rated 9.2 out of 10 in severity, has prompted Asus to urge users to update their router firmware immediately.

Asus has released new firmware updates to address this issue. Users can find the latest firmware on the Asus support or relevant product pages. For those unable to update quickly or whose devices are end-of-life, Asus recommends disabling AiCloud and other internet-accessible services such as remote access from WAN, port forwarding, DDNS, VPN server, DMZ, port triggering, and FTP.

Additionally, Asus advises using different passwords for the wireless network and router administration page to enhance security. It remains unclear if threat actors are currently exploiting this vulnerability, but taking these precautions can help protect against potential attacks.

→ Read more on cybernews.com

06

Token Theft via Fake PyPI Package Targets Crypto Users

#TokenTheft #PyPI #SupplyChainAttack #CryptoSecurity #OpenSource #CCXT #MEXC #APIKeys #JFrog #CyberCrime

Amid the ongoing crypto hype and the financial sector’s reliance on open-source components, JFrog has warned of a significant supply-chain attack. Security researchers discovered a malicious Python package on PyPI, named “ccxt-mexc-futures,” targeting users of the MEXC exchange. Disguised as an extension of the popular CCXT trading library, the package redirects trading requests to fraudulent infrastructure, stealing API keys and credentials.

The package mimics the structure and functionality of the legitimate CCXT library, seamlessly integrating into existing trading processes. This incident highlights the sophisticated methods attackers use to exploit trust in established open-source components. Developers, platform operators, and investors must prioritise security in their development and operational processes.

The attackers manipulated three key functions of the CCXT interface—describe, sign, and prepare_request_headers—redirecting API calls to attacker-controlled servers. This sophisticated attack underscores the need for heightened vigilance and robust security measures.

→ Read more on it-daily.net

07

AI-Spoofed Voices Hijack US Crosswalks

#AI #Deepfake #JeffBezos #ElonMusk #MarkZuckerberg #Seattle #SiliconValley #TechPrank #CrosswalkHack #cybercrime #cybersecurity

In a bizarre turn of events, crosswalk buttons in various US cities have been hijacked to emit AI-generated voices of tech moguls like Jeff Bezos, Elon Musk, and Mark Zuckerberg instead of their usual robotic messages. This prank, likely enabled by a freely available service app and poorly secured equipment, has caused both amusement and frustration.

In Seattle, crosswalks played synthetic messages spoofing Bezos, with one clip humorously claiming the crossing was sponsored by Amazon Prime. The prank extended to Silicon Valley, where buttons mimicked voices of Zuckerberg and Musk. While some see it as harmless fun, it poses a nuisance for visually impaired pedestrians who rely on audio cues. The Seattle Department of Transportation is working to address the issue and enhance security measures.

→ Read more on theregister.com

08

Hertz Concludes Investigation into Data Breach

#DataBreach #Hertz #Darknet #ZeroDay #CleoPlatform #PersonalData #DataProtection #Kroll #RegulatoryCompliance #cybercrime

In January 2025, Hertz and 59 other companies faced extortion threats over stolen data published on the Darknet. Hertz has now confirmed the data breach and released initial investigation results. The breach exploited zero-day vulnerabilities in the Cleo data transfer platform in October and December 2024. Hertz’s analysis, completed on April 2, 2025, revealed that personal data of EU individuals, including names, contact details, birth dates, driving licence information, and payment card data, were compromised. A small number of affected individuals also had their ID data exposed.

Hertz has ensured that Cleo is addressing the vulnerabilities and has informed law enforcement and regulatory authorities. The company has also hired Kroll to monitor the Darknet for the compromised data. While no misuse of the stolen information has been reported, Hertz advises affected individuals to remain vigilant for unauthorised activities on their accounts.

→ Read more on heise.de

09

Japan Issues Urgent Warning on Hacked Brokerage Accounts

#Phishing #FinancialFraud #Japan #FSA #BrokerageAccounts #UnauthorizedTrading #DataBreach #RakutenSecurities #NomuraHoldings #cybercrime

Japanese regulators have issued an urgent warning about hundreds of millions of dollars in unauthorised trades conducted through hacked brokerage accounts. The Financial Services Agency (FSA) reported a sharp increase in unauthorised access and trading, primarily due to stolen customer information from phishing websites disguised as legitimate securities companies.

As of April 16, twelve securities firms reported fraudulent transactions, with sales totalling approximately $350 million and purchases around $315 million. Fraudsters gained access to victim accounts, selling stocks and using the proceeds to buy Chinese stocks, which remained in the victim accounts. The FSA noted that there may still be undiscovered cases of unauthorised access.

The affected firms include Rakuten Securities Inc., Nomura Holdings Inc., SMBC Nikko Securities Inc., and SBI Holdings Inc. The FSA assured that brokerages will cover the losses suffered by their customers.

→ Read more on therecord.media

10

Ahold Delhaize Confirms Data Breach in Ransomware Attack

#AholdDelhaize #DataBreach #Ransomware #Hannaford #GiantFood #Ecommerce #DataProtection #INC Ransom #LawEnforcement #cybercrime

Dutch food giant Ahold Delhaize has confirmed that data was stolen during a cyberattack in November 2024. The incident affected Giant Food pharmacies and Hannaford supermarkets, temporarily knocking Hannaford’s ecommerce portal offline. Despite the disruption, Ahold Delhaize stores remained open, and operations were restored shortly after the attack was contained.

The company revealed that attackers likely exfiltrated files from its internal systems. Ahold Delhaize is working to identify affected individuals and has notified law enforcement. The breach was disclosed on the same day the INC Ransom group added the company to its Tor-based leak site, claiming the theft of 6 TB of data and threatening to publish it.

→ Read more on securityweek.com

Contact us

+49 89 360 5310 | security-awareness@metafinanz.de

The editors are not responsible for the content of each article.