{"id":9687,"date":"2025-03-24T10:38:17","date_gmt":"2025-03-24T07:38:17","guid":{"rendered":"https:\/\/cyberone.bg\/?p=9687"},"modified":"2025-03-24T10:38:17","modified_gmt":"2025-03-24T07:38:17","slug":"weekly-cybersecurity-report-week-12-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-12-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 12, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 12, 2025<\/h2>\n<p>\u00a0<\/p>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<p>\u00a0<\/p>\n<h3><strong>1 \u2013 Huge leak at Pennsylvania Teachers Association: Sensitive information of more than 500,000 people exposed<\/strong><\/h3>\n<p>The Pennsylvania State Education Association (PSEA) has revealed that a security incident led to the leak of sensitive personal information of more than half a million people, including financial details and health information.<\/p>\n<p>Scope of the breach:<\/p>\n<p>\u2013 517,487 people affected according to the Maine Attorney General\u2019s Office<\/p>\n<p>\u2013 The organization represents more than 178,000 educators in the state of Pennsylvania<\/p>\n<p>Information exposed:<\/p>\n<p>\u2013 Full names and dates of birth<\/p>\n<p>\u2013 Driver\u2019s license and ID numbers<\/p>\n<p>\u2013 Social Security numbers (SSN)<\/p>\n<p>\u2013 Bank account and credit card details<\/p>\n<p>\u2013 PIN codes and passwords<\/p>\n<p>\u2013 Passport and taxpayer ID numbers<\/p>\n<p>\u2013 Health insurance information and medical records<\/p>\n<h3><strong>2 \u2013 HCA Healthcare, a network of 186 hospitals, has apparently been hit by a cyberattack<\/strong><\/h3>\n<p>The attack group Babuk claims to have breached the systems of HCA Healthcare, one of the largest healthcare providers in the United States.<\/p>\n<p>Details of Incident:<\/p>\n<p>\u2013 Babuk Group Claims Email, Session IDs, and Other Data Were Exposed<\/p>\n<p>\u2013 It\u2019s Still Not Clear Whether Information Has Already Been Leaked or Whether the Company Has Suffered Significant Damage<\/p>\n<h3><strong>3 \u2013 Large-Scale Cyberattack: Over 100 Car Dealerships Affected by Video Service Provider Hack<\/strong><\/h3>\n<p>Security researchers this week uncovered a sophisticated cyberattack that affected more than 100 car dealerships across the U.S. The attackers exploited a security flaw in LES Automotive, a popular video platform in the automotive industry, to distribute malware to visitors to the dealerships\u2019 websites.<\/p>\n<p>Stages of the Attack:<\/p>\n<p>\u2013 The attackers first infiltrated the LES Automotive systems, a video service provider for car dealerships<\/p>\n<p>\u2013 Through the already compromised platform, malicious code was injected into the websites of all dealerships using the service<\/p>\n<p>\u2013 The attack used a fraudulent technique called ClickFix to distribute the SectopRAT spyware<\/p>\n<p>\u2013 Security researcher Randy McEwen Detected clues that the attackers are likely Russian speakers<\/p>\n<p>How the ClickFix scam works:<\/p>\n<p>\u2013 The user sees a fake window asking for human verification or fixing an error on the website<\/p>\n<p>\u2013 When the button is clicked, a malicious command is secretly copied to the computer\u2019s memory<\/p>\n<p>\u2013 The user is instructed to open the Windows \u201cRun\u201d menu<\/p>\n<p>\u2013 The instructions prompt the user to paste and run the malicious command, which installs the spyware<\/p>\n<p>A worrying trend:<\/p>\n<p>\u2013 The ClickFix technique is gaining popularity among attack groups<\/p>\n<p>\u2013 In October 2024, US authorities warned of Russian attackers using this method<\/p>\n<p>\u2013 Microsoft recently identified similar attacks targeting the hotel and tourism industry<\/p>\n<p>\u2013 Experts expect a further increase in such attacks during 2025<\/p>\n<h3><strong>4 \u2013 Security researchers identify vulnerabilities in Chinese car manufacturer affecting hundreds of thousands of vehicles<\/strong><\/h3>\n<p>Several security vulnerabilities in car manufacturer\u2019s products A Chinese security researcher, Yinji Cao, and Xinfeng Chen will present their findings at the upcoming Black Hat Asia conference, demonstrating effective research methods without the need for expensive equipment.<\/p>\n<p>Security vulnerabilities that allow remote control:<\/p>\n<p>\u2013 Researchers have found vulnerabilities in two different car models from the Chinese manufacturer<\/p>\n<p>\u2013 The vulnerabilities allow remote control of the car after a Man-in-the-Middle attack is carried out<\/p>\n<p>\u2013 The first vulnerability is in the infotainment system (IVI) and allows code execution<\/p>\n<p>\u2013 The second vulnerability exists in the car app.<\/p>\n<p>Impact of the breaches:<\/p>\n<p>\u2013 Researchers were able to control various functions in the vehicle, including opening doors, trunk, windows and headlights<\/p>\n<p>\u2013 Using a breach in the app, they were able to intercept all traffic and obtain a token that allows full remote control<\/p>\n<p>\u2013 The attacks carried out are \u201cbeginner level\u201d according to the researchers, and can be carried out by anyone with basic cyber knowledge<\/p>\n<p>Cybersecurity in the automotive industry:<\/p>\n<p>\u2013 Many car companies still lag in the area of \u200b\u200b\u200b\u200bcybersecurity for their products<\/p>\n<p>\u2013 A study by Synopsys and SAE International found that typical automotive organizations have only nine full-time employees focused on managing information security and cyber for products<\/p>\n<p>\u2013 30% of respondents reported that they do not have any security staff in their organization<\/p>\n<p>\u2013 Organizations that do operate security programs test less than half of the hardware, software and other technologies included in their vehicles<\/p>\n<h3><strong>5 \u2013 California Cryobank, one of the world\u2019s largest sperm banks, reports a security breach that led to the exposure of sensitive customer information.<\/strong><\/h3>\n<p>The breach occurred when attackers were able to access the company\u2019s systems and steal personal data, including names, Social Security numbers, driver\u2019s license numbers, financial account details and health insurance information.<\/p>\n<p>The company recently began notifying victims and offering them free credit monitoring services.<\/p>\n<p>At the same time, law firms have already begun exploring the possibility of filing class action lawsuits over the sensitive data leak.<\/p>\n<h3><strong>6 \u2013 Elite Plastic Surgery in Michigan experienced a cyberattack, affecting nearly 20,000 patients.<\/strong><\/h3>\n<p>The information exposed included names, dates of birth, Social Security numbers and health insurance information.<\/p>\n<p>Although there is no evidence of misuse of the information, those affected received free credit monitoring and identity theft protection services.\u200b<\/p>\n<p>\u00a0<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 12, 2025 \u00a0 Information security updates and events from the past week \u00a0 1 \u2013 Huge leak at [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8606,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-9687","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=9687"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9687\/revisions"}],"predecessor-version":[{"id":9688,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9687\/revisions\/9688"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8606"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=9687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=9687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=9687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}