As your dedicated cybersecurity services provider, Cyberone equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.
Weekly Cybersecurity Report | Week 4, 2025
1 – Indian insurance agency MedSave suffers ransomware attack
Databreaches reports that a group called 0mid16B attacked the agency.
MedSave works with several insurance companies in India and provides insurance services to about 5,000 hospitals in the country.
The attacker 0mid16B claims to have stolen 561GB, including sensitive data, and sets a deadline of 3 days for negotiations to begin.
2 – Conduent, a company that provides business services to government institutions and major companies in the US, reports that it was attacked by a cyberattack.
Following the attack, the company’s services were disrupted last week.
Initially, the company claimed that these were service failures but later confirmed that it was a cyberattack
3 – Otelier, a company that provides a booking platform for various hotels, reports a data leak after attackers broke into the company’s cloud environment.
The company, which provides services to approximately 10,000 hotels around the world, reports that attackers gained access to databases that are located in the Amazon cloud and held this access from July to October 2024.
The attackers claim to have stolen 8TB of information, including information about guests at the various hotels.
4 – BleepingComputer reports that the attackers gained access to the company’s network using stolen identification data from one Employees.
Several chains were affected by the attack, for example, the Marriott hotel chain reports that it disabled its automated booking system immediately after learning of the incident until the investigation is complete.
Incidentally, the attacker initially thought the database belonged to the Marriott hotel chain and demanded a ransom from them but did not receive a response, it later turned out that the database belonged to Otelier.
The HIBP website reports that the number of records leaked is about 436,000.
5 – A school in Cheshire announced a temporary closure after falling victim to a “ransomware attack”.
Blycon High School closed to students while a cybersecurity firm investigates the data breach.
The school principal said that the school may have to be closed for a long time, “after all staff devices are cleaned, teachers will spend time re-planning lessons and start working on Google Classroom so that students can complete them at home”.
The school will reopen “as soon as it is safe to do so.”
6 – US bank falls victim to ransomware attack – sensitive customer and employee information stolen
The ransomware group RansomHub claims to have hacked Mission Bank in California and stolen 2.7 terabytes of sensitive information. The bank confirmed that it detected a breach in its systems in early December 2024.
Details of the attack: Personal information of employees and customers was stolen, including social security numbers and account details, internal reports and information about previous breaches, records of payments and banking activity
Threats from the attackers:
– Demand for ransom payment by January 31, 2025
– Threat to publish all stolen documents
– Intention to pass information to lawyers for lawsuits
– Sending instructions for lawsuits against the bank
The bank completed its initial investigation on December 28 and identified the affected customers. The attackers are threatening to reveal all the information if the ransom is not paid on time.
7 – Security researchers hack Tesla chargers and other car systems on the second day of Pwn2Own competition
Another day of serious security vulnerabilities was revealed at the Pwn2Own Automotive 2025 competition, as researchers managed to hack into electric car chargers and in-car entertainment systems. The researchers won cash prizes for exposing previously undiscovered security vulnerabilities.
Key hacks:
– WOLFBOX charger hacked using a combination of two security vulnerabilities
– Tesla wall charger hacked using a number range check bug
– ChargePoint HomeFlex charger hacked using command injection
– Alpine iLX-507 multimedia system hacked, and a special message installed
Awards and achievements:
– The Summoning team won $50,000 for hacking WOLFBOX charger
– PHP Hooligans team received $50,000 for hacking Tesla charger
– Viettel team won $18,750 for hacking ChargePoint
– ANHTUD team received $10,000 for hacking Alpine system
8 – Huge hack for Harry Potter publisher: details of millions of customers stolen
Scholastic Publishing, which publishes the Harry Potter series in the US, was hacked and a hacker managed to steal data from millions of customers through its employee portal The company.
Scope of the leak:
– 4.2 million unique email addresses
– Contact information for parents and educators
– Phone numbers and residential addresses
– Names of customers’ children who signed up for the service
Method of the breach:
– Stealing login details of an infected employee
– Intrusion into the company’s employee portal
– Access to customer databases
– The attacker claimed to have acted “out of boredom”
The hacker, who calls himself “Parasocial”, stated that he did not intend to publish the information and emphasized: “This is a lesson to be learned the hard way – use two-factor authentication”
https://www.dailydot.com/debug/furry-hacks-scholastic-8-million-records-stolen/
9-Pwn2Own Final Day: Security Researchers Hack Automotive Systems and Electric Chargers
The third and final day of the Pwn2Own Automotive 2025 competition ended with an impressive string of achievements, as security researchers successfully demonstrated hacks into a wide range of automotive systems.
Last day’s achievements:
– Researcher Sina Kheirkhah hacked into ChargePoint charger and demonstrated a new security vulnerability
– Synacktiv group revealed vulnerabilities in Sony entertainment system and Autel charger
– PHP Hooligans team managed to hack into Kenwood system via command injection
– New researcher in the competition, Evan Grant, presented a unique attack method on Kenwood
Results:
– 49 new security vulnerabilities were exposed over the three days of the competition
– Prizes totaling $886,250 were distributed
– Sina Kheirkhah won the title of “Master of Pwn” with 30.5 points and $222,250
The competition revealed the urgent need to improve cybersecurity in electric vehicle systems, especially in electric charging and entertainment systems.
https://www.zerodayinitiative.com/blog/2025/1/23/pwn2own-automotive-2025-day-three-and-final-results
The cybersecurity attacks highlighted in this report aren’t just incidents, they’re blueprints of the adversary’s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our services.
