Cybersecurity Current Events - Jan. 13th, 2025

Cybersecurity Current Events - Jan. 13th, 2025

This week in cybersecurity brings a mix of alarming incidents, legal battles, and critical warnings. From phishing campaigns and data breaches to unconventional device hacks and nation-state cyber disputes, the world of cybersecurity never fails to entertain.

Below, we break down the key stories, their implications, and actionable steps to stay protected from even the most unnexpected attacks.


1. Apple iPhone USB-C Vulnerabilities Exploited

Summary: Thomas Roth, a well-known security researcher under the hacker handle "stacksmashing," recently detailed an exploit involving the ACE3 custom USB-C controller, which is integrated into Apple's iPhone 15 and iPhone 15 Pro models. Roth is known for his expertise in reverse-engineering and hardware security, creating videos that explain his findings. The ACE3 controller, responsible for managing USB power delivery, is actually a full microcontroller running a complete USB stack connected to internal device busses. Roth demonstrated how, through a combination of reverse engineering, side-channel analysis, and electromagnetic fault injection, he was able to execute code on the device. His work highlighted how such a critical part of the device’s infrastructure could be manipulated, showcasing both the potential risks and sophisticated techniques that modern hackers may use against high-end consumer devices.

Timeline: January 12, 2025

Actors: N/A

Key Implications:

  • Potential compromise of data across millions of devices.
  • Loss of trust in secure accessory ecosystems.
  • Risks to high-value targets using iPhones for sensitive operations.

Actionable Steps:

  1. Avoid connecting iPhones to unverified accessories.
  2. Update iOS and security settings regularly.
  3. Monitor device logs for unusual activities.

Additional Resources: Read more at Forbes.


2. PayPal Phishing Attacks Surge

Summary: A sophisticated phishing campaign, labelled as a “no-phish phishing", is targeting PayPal users through fake payment notifications and fraudulent account suspension alerts. Victims are tricked into sharing their login credentials on cloned PayPal websites.

Timeline: Ongoing since early January 2025.

Actors: Unconfirmed, suspected to involve global phishing syndicates. Paypal has responded by helping to change passwords and urges their users to activate multi-factor authentication.

Key Implications:

  • Compromised PayPal accounts can result in financial theft.
  • Personal information used for further fraud or identity theft.

Actionable Steps:

  1. Verify emails by checking sender addresses and links.
  2. Enable two-factor authentication (2FA) on PayPal accounts.
  3. Report phishing attempts directly to PayPal.

Additional Resources: Read more at Colitco.


3. Gmail Private Key Hack Targets Users

Summary: Gmail is being used as a relay to exfiltrate stolen private keys to bypass standard authentication. As of right now, two threat actors have been found to be targeting Solana crypto wallets. The malicious npm packages are described as legitimate tools, with around a million downloads every week. There has been petition for the package's removal.

Timeline: Reported January 12, 2025

Actors: Malicious npm packages. AI-driven.

Key Implications:

  • Unauthorized access to Solana crypto wallets and the use of funds.
  • Exfiltration attempts are less likely to be flagged by security protocols because Gmail is considered a trusted email server.
  • The attack code can maintain multiple keys simultaneously which allows an attacker to compromise multiple accounts at once.

Actionable Steps:

  1. Regularly review and update Gmail account recovery options.
  2. Be cautious with third-party integrations that require Gmail access.
  3. Monitor account activity for suspicious logins.

Additional Resources: Read more at Forbes.


4. Telefónica Internal Ticketing System Breached

Summary: Telefónica confirmed a breach in its internal ticketing system, leading to the leak of sensitive employee and client data. The attack exploited compromised employee credentials. There was no report of extortion before the data was released onto a public forum.

Timeline: January 11, 2025

Actors: Claimed by four unidentified hackers using the aliases, DNA, Grep, Pryx, and Rey. Members of Hellcat Ransomware, a recently launched ransomware operation responsible for the Schneider Electric breach.

Key Implications:

  • Loss of confidential data tied to customer services.
  • Potential exploitation of exposed data in subsequent attacks.

Actionable Steps:

  1. Patch and audit internal ticketing systems.
  2. Implement strict access controls and monitoring.
  3. Notify affected parties and provide guidance on mitigation.

Additional Resources: Read more at BleepingComputer.


5. A New Hack Leads to Major Location Data Leak Exposing Intimate Details

Summary: More than 10 terabytes of stolen data in a massive cyberattack on Gravy Analytics exposing the location data of millions of users, including sensitive travel patterns and frequently visited areas. Companies that have been compromised include Tinder, Spotify, Citymapper, Mumsnet and Sky News. A sample released on a commonly-known hacking forum is shown to provide the information of easily identify individuals within the military and governement, the location of users homes, and the precise coordinates of users phones at any given time throughout the day.

Timeline: January 10, 2025

Actors: Believed to be Russia-based hackers. Implemented via software development kits used in the apps that are sending users' location data.

Key Implications:

  • Risk of targeted attacks and privacy violations.
  • Potential misuse of sensitive location data for surveillance.

Actionable Steps:

  1. Restrict app permissions for location tracking.
  2. Use virtual private networks (VPNs) and anonymizing tools.
  3. Regularly review privacy settings on mobile apps.

Additional Resources: Read more at Sky News.


6. Microsoft Takes Legal Action Against Hacking Group

Summary: Microsoft has filed a lawsuit against a prominent hacking group, Azure AI, exploiting security flaws to target enterprise environments via hacking-as-a-service and selling their services and information to malicious groups with detailed guides on how to produce and distribute harmful content. The case focuses on preventing future misuse of these vulnerabilities.

Timeline: Filed January 11, 2025

Actors: N/A. Genertive AI.

Key Implications:

  • Sets a legal precedent for corporate action against cybercriminals.
  • Highlights the critical need for proactive patch management.

Actionable Steps:

  1. Stay informed about updates and patches for Microsoft products.
  2. Deploy advanced endpoint detection solutions.
  3. Ensure contractual security clauses when working with vendors.

Additional Resources: Read more at The Hacker News.


7. UK Warns About Smart Device Vulnerabilities

Summary: The UK government issued a warning about security risks linked to internet-connected devices, including "smart" sex toys. The advisory urges manufacturers to prioritize security in product design.

Timeline: January 11, 2025

Actors: N/A (Warning issued by UK government).

Key Implications:

  • Highlights potential privacy risks of IoT devices.
  • Encourages industry-wide adoption of better security practices.

Actionable Steps:

  1. Avoid using unvetted IoT devices.
  2. Regularly update firmware on connected devices.
  3. Educate users on privacy settings and secure usage.

Additional Resources: Read more at Forbes.


8. Russia’s Real Estate Database Hack

Summary: Hackers claimed to have accessed Russia’s real estate database, exposing personal and sensitive information. A potential 2 billion lines of data includes full names or the name of the legal entity, dates of birth, passports, addresses, and phone numbers of property owners.

Timeline: January 11, 2025

Actors: Silent Crow. 82 million lines of data potentially exposed on Telegram.

Key Implications:

  • Political and economic implications if data is verified.
  • Risk of broader data exploitation targeting high-profile individuals.

Actionable Steps:

  1. Secure sensitive national databases with advanced encryption.
  2. Monitor underground forums for potential leak activity.
  3. Conduct independent verification of breach claims.

Additional Resources: Read more at Kyiv Independent.

Kicking off the week with unexpected cybersecurity risks—from the alarming vulnerability of smart sex toys to critical data breaches exposing personal information, and even AI-driven attacks. And it’s only Monday. For both corporations and individuals, whether it’s a phishing campaign, a legal battle, or flaws in everyday devices, staying informed is essential to protecting our businesses and personal lives.



Partnering with EIP Networks for People-First Cybersecurity

EIP Networks remains committed to a person-first approach to cybersecurity, delivering tailored solutions to meet your organization's unique needs. Stay ahead of threats by engaging with our current events and weekly roundups here on our Blog, LinkedIn or X (Twitter), and learn how to fortify your security posture by booking an assessement with our expert team. #WeDoThat

Subscribe to our Newsletter

We hate spam as much as you do. Subscribe to our Newsletter and receive knowledgeable, insightful information no more than once per month.

Quick Links

Policies & Disclosures

Follow Us