This is your easyDNS #AxisOfEasy Briefing for the week of January 13th  2025 our Technology Correspondent Joann L Barnes and easyCEO Mark E. Jeftovic send out a short briefing on the state of the ‘net and how it affects your business, security and privacy.

To Listen/watch this podcast edition with commentary and insight from Joey and Len the Lengend click here.

In this issue: 

• Adobe Urges Immediate Updates to Fix Critical Security Flaws in Popular Software
• New Zero-Day Flaw in Fortinet Firewalls Sparks Urgent Security Warning
• Hackers Use Fake YouTube Links to Steal Login Information
• FBI Removes Chinese Malware from Thousands of US Computers
• Hackers Breach Gravy Analytics Exposing Location Data of Millions
  

Elsewhere Online:

Adobe Urges Immediate Updates to Fix Critical Security Flaws in Popular Software

Adobe has released urgent security updates addressing over a dozen vulnerabilities across multiple products on January 14, 2025. The affected software includes Photoshop, Substance 3D Stager, Illustrator for iPad, Animate, and Substance 3D Designer.

The company warns that these flaws could lead to remote code execution attacks. “Users should apply the updates immediately to mitigate risks,” Adobe emphasized in its statement. The patches cover Windows, macOS, and iPadOS platforms.

Photoshop fixes two critical flaws (CVE-2025-21127 and CVE-2025-21122) that allow exploitation via malicious files. Illustrator for iPad resolves two memory safety issues rated critical, exposing iPad users to potential attacks.

Substance 3D Stager and Designer address multiple memory safety defects, each scoring 7.8/10 on the CVSS severity scale. Adobe Animate patches an integer underflow bug affecting Windows and macOS users.

So far, Adobe has reported no known active exploits of these vulnerabilities. Users are strongly urged to update their software promptly to avoid potential threats.

Read: https://www.securityweek.com/adobe-critical-code-execution-flaws-in-photoshop/

New Zero-Day Flaw in Fortinet Firewalls Sparks Urgent Security Warning

Fortinet has identified a critical zero-day vulnerability, CVE-2024-55591, targeting FortiGate firewalls and FortiProxy systems. Discovered in November 2024, attackers exploited management interfaces to create admin accounts and manipulate configurations. Arctic Wolf highlighted unauthorized logins, SSL VPN setups, and lateral credential movement using DCSync techniques.

The flaw, with a CVSS score of 9.6, allows attackers to gain super-admin privileges via crafted Node.js websocket requests. Affected versions include FortiOS 7.0.0–7.0.16 and FortiProxy 7.0.0–7.0.19. Fortinet advises users to upgrade immediately and restrict interface exposure.

“The diversity of victim profiles suggests opportunistic targeting,” Arctic Wolf noted. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the flaw to its Known Exploited Vulnerabilities catalog, mandating federal agencies patch it by January 21, 2025. Fortinet emphasized timely updates, monitoring for suspicious activity, and following their mitigation guidance.

Organizations are urged to secure systems and limit access to trusted users to prevent breaches and further attacks.

Read: https://thehackernews.com/2025/01/zero-day-vulnerability-suspected-in.html

Hackers Use Fake YouTube Links to Steal Login Information

Cybercriminals are using fake YouTube links to steal login credentials, cybersecurity analysts at ANY.RUN have found. The attack uses Uniform Resource Identifier (URI) manipulation to make links appear legitimate, starting with familiar strings like “http://youtube.” Victims are redirected to phishing pages via layered redirections, often involving fake verification pages, such as a Cloudflare check, to lower suspicion.

“These attacks exploit the natural tendency of users to trust familiar domains,” analysts noted.
The campaign, linked to the Storm1747 group, relies on phishing kits like Tycoon 2FA to create convincing fake login pages. They use tools like redirectors and phishing templates to launch large-scale attacks efficiently.

ANY.RUN’s sandbox revealed how attackers distribute malicious links through emails with deceptive prompts like “View Completed Document.” Once clicked, users unknowingly share their login details. The sandbox also organizes Indicators of Compromise (IOCs) to help businesses analyze threats.
Organizations are urged to educate users, use advanced detection tools, and monitor for suspicious activities to combat such phishing campaigns effectively.

Read: https://hackread.com/hackers-fake-youtube-links-steal-login-credentials/

FBI Removes Chinese Malware from Thousands of US Computers

The FBI has removed PlugX malware from 4,258 US computers by sending self-delete commands to infected devices. The malware, developed by the Mustang Panda group under China’s sponsorship, had been used to steal data from governments, businesses, and dissidents since 2014.

Working with a French law enforcement agency, the FBI accessed a command-and-control server to remotely identify infected devices and delete the malware. “The PlugX malware’s native functionality includes a self-delete command,” the FBI said.

The FBI confirmed the method didn’t harm legitimate files or transmit data from infected systems. It obtained nine court warrants between August and December 2024 for this operation. Internet service providers hosting the targeted IPs were notified and asked to inform affected users.

This operation followed similar actions conducted a year earlier, reflecting the FBI’s growing ability to counter cyber threats. Officials stress vigilance and proactive measures to prevent future infections.

Read: https://arstechnica.com/tech-policy/2025/01/fbi-forces-chinese-malware-to-delete-itself-from-thousands-of-us-computers/

Hackers Breach Gravy Analytics Exposing Location Data of Millions

Gravy Analytics, a major location data broker, suffered a hack exposing the personal data of millions worldwide. The breach, revealed on January 13, 2025, included over 30 million data points from apps like Tinder and FlightRadar, revealing sensitive locations like military bases and user homes.

The hacker, using stolen keys to Gravy’s Amazon cloud, shared samples of this data on a cybercrime forum. Baptiste Robert, CEO of Predicta Lab, highlighted the risks, warning, “This dataset allows easy tracking and deanonymization, threatening privacy and security.”

Gravy Analytics’ parent company, Unacast, disclosed the breach to authorities in Norway and the UK. This follows an FTC ban on Gravy collecting location data without consent, citing past violations.

The breach underscores risks tied to real-time bidding in advertising, which shares user data during auctions. Experts urge consumers to block ads, restrict app location access, and adjust device privacy settings to reduce exposure to such data leaks.

Read: https://techcrunch.com/2025/01/13/gravy-analytics-data-broker-breach-trove-of-location-data-threatens-privacy-millions/

Elsewhere Online:

Rsync File Synchronization Tool Vulnerable to Exploitation
Read: https://thehackernews.com/2025/01/google-cloud-researchers-uncover-flaws.html

Critical Vulnerabilities Found in Nvidia, Zoom, Zyxel Products
Read: https://www.securityweek.com/nvidia-zoom-zyxel-patch-high-severity-vulnerabilities/

New Phishing Scam Mimics Black Basta, Targets Inboxes with Relentless Emails
Read: https://hackread.com/black-basta-cyberattack-hits-inboxes-with-1165-emails/

New Malvertising Campaign Targets Google Ads Accounts
Read: https://thehackernews.com/2025/01/google-ads-users-targeted-in.html

North Korea’s Lazarus Group Exploits Job Platforms to Steal Data
Read: https://www.darkreading.com/threat-intelligence/north-korea-lazarus-apt-developer-recruitment-attacks