{"id":9724,"date":"2025-04-14T17:07:20","date_gmt":"2025-04-14T14:07:20","guid":{"rendered":"https:\/\/cyberone.bg\/?p=9724"},"modified":"2025-04-14T17:07:20","modified_gmt":"2025-04-14T14:07:20","slug":"weekly-cybersecurity-report-week-15-2025","status":"publish","type":"post","link":"https:\/\/cyberone.bg\/en\/weekly-cybersecurity-report-week-15-2025","title":{"rendered":"Weekly Cybersecurity Report | Week 15, 2025"},"content":{"rendered":"<p>As your dedicated cybersecurity services provider,<strong>\u00a0<a href=\"https:\/\/cyberone.bg\/\">Cyberone<\/a><\/strong>\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape.<\/p>\n<h2>Weekly Cybersecurity Report | Week 15, 2025<\/h2>\n<p>\u00a0<\/p>\n<p><strong><u>Information security updates and events from the past we<\/u><\/strong><strong><u>ek<\/u><\/strong><\/p>\n<h3><strong>1 \u2013 South Korean tech giant SK Group hit by Qilin ransomware attack<\/strong><\/h3>\n<p>SK Group, the second-largest conglomerate in South Korea after Samsung and the 100th company on the Fortune Global 500 list, has been targeted by the Qilin ransomware group, according to reports.<\/p>\n<p>The group\u2019s investments in the US alone are estimated at $50 billion<\/p>\n<p>\u00a0<\/p>\n<h3><strong>2 \u2013 Serious breach at US banking regulator: Hackers gained access to sensitive financial data for over a year<\/strong><\/h3>\n<p>The Office of the Comptroller of the Currency (OCC), the federal agency responsible for banking supervision in the US, has revealed that unauthorized parties were exposed to sensitive financial information over a long period of time, in what it described as a \u201csignificant information security incident\u201d.<\/p>\n<p>Details of the breach:<\/p>\n<p>\u2013 An administrative email account for the department, with access to user mailboxes and internal systems, was compromised<\/p>\n<p>Scope of damage:<\/p>\n<p>\u2013 Hackers gained access to approximately 150,000 emails between May 2023 and early 2025<\/p>\n<p>\u2013 \u201cHighly sensitive information regarding the financial condition of federally regulated financial institutions\u201d was stolen<\/p>\n<p>\u2013 The information was used by the department in bank examination and supervision processes<\/p>\n<p>\u2013 The hackers operated for nearly two years before being discovered<\/p>\n<h3><strong>3 \u2013 14,000 ambulance users in Tennessee affected by medical data leak<\/strong><\/h3>\n<p>The head of Hamilton County, Tennessee, confirmed this week that thousands of residents who used ambulance services were affected by a personal and medical data leak. The data leaked from the systems of a debt collection company that works with the district.<\/p>\n<p>What was leaked:<\/p>\n<p>\u2013 Names and Social Security numbers of patients<\/p>\n<p>\u2013 Addresses and dates of birth<\/p>\n<p>\u2013 Banking information and medical records<\/p>\n<p>\u2013 14,000 people affected by the leak<\/p>\n<p>The incident also exposed political tensions, with the county executive suggesting that the internal memo leaked to the press was intended to damage his reputation, amid an ongoing dispute with the county\u2019s attorney general.<\/p>\n<p>The county plans to soon notify all affected people of the leak and the steps they must take to protect their identities.<\/p>\n<p><a href=\"https:\/\/www.govtech.com\/security\/hamilton-county-tenn-acknowledges-ambulance-data-breach\">https:\/\/www.govtech.com\/security\/hamilton-county-tenn-acknowledges-ambulance-data-breach<\/a><\/p>\n<p>\u00a0<\/p>\n<h4><strong>4 \u2013 Researchers uncover security flaw in Nissan Leaf that allows full remote control of the vehicle<\/strong><\/h4>\n<p>A team of researchers from PCAutomotive has revealed that attackers can take full control of Nissan Leaf cars (model 2020) through a weakness in the multimedia system, which allows remote control of critical vehicle functions.<\/p>\n<p>Attack chain:<\/p>\n<p>\u2013 The intrusion begins by exploiting a security flaw (CVE-2025-32059) in the vehicle\u2019s Bluetooth protocol<\/p>\n<p>\u2013 The attackers send manipulative audio data to the multimedia system, which only requires temporary proximity to the vehicle<\/p>\n<p>\u2013 The affected system connects to servers controlled by the attackers via the vehicle\u2019s built-in cellular modem<\/p>\n<p>\u2013 The attackers bypass the vehicle\u2019s security mechanisms through failure in the Renesas RH850 microcontroller and gain control of the internal communication network<\/p>\n<p>Demonstrated capabilities:<\/p>\n<p>\u2013 Remotely unlocking doors and lowering windows without a key<\/p>\n<p>\u2013 Operating horns, headlights, and windshield wipers without physical access to the vehicle<\/p>\n<p>\u2013 Folding\/unfolding side mirrors using remote commands<\/p>\n<p>\u2013 Changing the position of the steering wheel and interfering with steering systems while driving<\/p>\n<p>\u2013 Controlling the vehicle\u2019s steering while it is in motion<\/p>\n<p>Key security flaws:<\/p>\n<p>\u2013 The Bosch Bluetooth system operates without memory protection mechanisms against Buffer overflow attacks<\/p>\n<p>\u2013 The filtering system in the vehicle\u2019s internal communication network (CAN Bus) does not effectively check for abnormal messages<\/p>\n<p>\u2013 The multimedia system runs on an outdated version of Linux (3.14 from 2013) without checking digital signatures for the code<\/p>\n<p>A company representative stated: \u201cWe are implementing over-the-air update capabilities and hardware improvements for future models. Current Leaf owners will receive critical software updates at service centers by the third quarter of 2025.\u201d<\/p>\n<h3><strong>5 \u2013 Food giant WK Kellogg reveals data leak related to Clop ransomware<\/strong><\/h3>\n<p>American food giant WK Kellogg is warning employees and suppliers that company data was exposed because of an attack on Cleo in 2024.<\/p>\n<p>The information exposed:<\/p>\n<p>\u2013 The information exposed includes the names and Social Security numbers (SSNs) of victims<\/p>\n<p>\u2013 The compromised servers were used to transfer employee files to human resources service providers<\/p>\n<p>\u2013 The company is offering victims free identity monitoring and fraud protection services for a year through Kroll<\/p>\n<p>WK Kellogg spun off from Kellogg\u2019s in October 2023. The company, with annual revenue of $2.7 billion, owns popular breakfast cereal brands such as All-Bran, Corn Flakes, Froot Loops and Frosted Flakes.<\/p>\n<p>\u00a0<\/p>\n<h3><strong>6 \u2013 Port of Seattle: Attack Ransomware exposes data of 90,000 people<\/strong><\/h3>\n<p>The Seattle Port Authority, the government agency responsible for the city\u2019s seaport and airport, is notifying 90,000 people whose personal information was stolen in a ransomware attack<\/p>\n<p>Scope of the incident:<\/p>\n<p>\u2013 About 90,000 people received notices of personal information being exposed<\/p>\n<p>\u2013 71,000 of the victims are residents of Washington state<\/p>\n<p>\u2013 The breach was carried out by the Rhysida ransomware group<\/p>\n<p>\u2013 The port refused to pay the ransom, despite the hackers\u2019 threats to publish the stolen information<\/p>\n<p>The information exposed:<\/p>\n<p>\u2013 Employee, contractor and parking user data<\/p>\n<p>\u2013 Names, dates of birth, Social Security numbers (or last 4 digits)<\/p>\n<p>\u2013 Driver\u2019s license numbers and other government IDs<\/p>\n<p>\u2013 Some of the victims\u2019 medical information<\/p>\n<p>The attack, which took place in August, disrupted several systems at the airport, including check-in systems, passenger display boards, a website The port\u2019s website, and the flySEA app. The port stressed that at no point was flight safety or the use of seaport facilities compromised, and that payment systems were not compromised by the attack.<\/p>\n<h3><\/h3>\n<h3><strong>\u200e<\/strong><strong>7 \u2013 Texas Bar Association confirms data breach, notifies affected consumers<\/strong><\/h3>\n<p>The Texas Bar Association has confirmed a data breach after identifying unauthorized activity on its network earlier this year. The organization has begun the process of notifying affected consumers.<\/p>\n<p>The information exposed:<\/p>\n<p>\u2013 The investigation found that certain personal information was stolen or exposed during the breach<\/p>\n<p>\u2013 The information includes names and other personally identifiable information (PII)<\/p>\n<p>\u2013 The exact details exposed vary from person to person<\/p>\n<p>\u2013 The bar emphasizes that there is no current evidence of misuse or fraudulent activity with the information exposed<\/p>\n<p>\u00a0<\/p>\n<p><strong><em>The cybersecurity attacks highlighted in this report aren\u2019t just incidents, they\u2019re blueprints of the adversary\u2019s arsenal. To protect your business you need the right partner. Cyberone is here to help! Check out our <a href=\"https:\/\/cyberone.bg\/en\/services\">services<\/a>.<\/em><\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>As your dedicated cybersecurity services provider,\u00a0Cyberone\u00a0equips you with timely and in-depth information about current cyber attacks. Discover a weekly cybersecurity report of the latest exploits and breaches shaping the ever-evolving cybersecurity landscape. Weekly Cybersecurity Report | Week 15, 2025 \u00a0 Information security updates and events from the past week 1 \u2013 South Korean tech giant [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":8615,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[],"class_list":["post-9724","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-weekly-cyber-updates"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9724","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/comments?post=9724"}],"version-history":[{"count":1,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9724\/revisions"}],"predecessor-version":[{"id":9725,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/posts\/9724\/revisions\/9725"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media\/8615"}],"wp:attachment":[{"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/media?parent=9724"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/categories?post=9724"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cyberone.bg\/en\/wp-json\/wp\/v2\/tags?post=9724"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}