Cyber Weekly Digest #14

👋 Welcome to the 14th edition Cyber Weekly Digest of 2025

In a week where that weird AI Doll trend saturated LinkedIn, we finally found out what really happened at The White Lotus and my heart actually exploded watching 'Love on the Spectrum S3', here at Cyber Vigilance we continued to fight the good fight against Cyber crime with our award winning technology partners...

Here's a snippet, with no AI dolls in sight...

Techie Tuesday Blogs are BACK baby 💥

🚗 Manual vs Automated Pen Testing... Which is Better? 🚗

This week Chris Faulkner shared his thoughts on why pen testing is like a car MOT

Your yearly pen test might give you the tick in the box for compliance but if you really want to build resiliency, automated pen testing is the way forward.

Big thank you to Tom & Lewis from Immersive for travelling to Gilfs to give us an overview of their products and focus releases for 2025. Organisations have invested in technology and now is very much the time to invest in their people!

Immersive = Exercise  → Benchmark → Upskill → Prove

We also had the pleasure of hosting Bobby Onions and the Crowdstrike posse, discussing all things CS, including the must-read cybersecurity report of the year Global Threat Report 2025 plus we can also now offer an SSPM (SaaS Security Posture Management) Assessment for our customers. Yahoo!

New and noteworthy from our Tech Community this week

🔥 Adopting Cyber Vigilance's SPOT platform allows organisations to replace outdated, inefficient manual processes with a powerful, centralised solution!

In case you missed it last week, Cyber Vigilance have developed a cutting-edge platform designed to help organisations streamline their alignment to critical cybersecurity frameworks such as NIST, CAF, ISO 27001 and Cyber Essentials Plus. ​

By providing a centralised portal for documenting and managing cybersecurity measures, you can now achieve a Single Point of Truth (SPOT) for your cybersecurity posture. This reduces complexity, enhances visibility, and improves compliance, making it an indispensable tool for cybersecurity teams.

🧐 Want to know more? Contact josh.duce@cybervigilance.uk

🔥 How Can Empowering your Employees Reduce Risk?

I'm glad you asked! Here are 5 tips for turning your workforce into a proactive line of defence:

1️⃣ Cultivate a Security-First Culture

2️⃣ Invest in Continuous Training

3️⃣ Simulate Real-World Scenarios

4️⃣ Promote Open Communication

5️⃣ Provide the Right Tools

➡️ Ready to transform your team into a powerful #cybersecurity asset? Read the full blog from Immersive to learn more

Sticking with the guys at Immersive - WEBINAR ALERT: According to a recent Forrester study, 42% of companies suffering from external attacks attributed those incidents to vulnerabilities in software security.

As these vulnerabilities grow more complex, traditional approaches are falling short. GenAI is making it possible to detect and prevent threats faster than ever but only if teams know how to use it effectively.

Join Chris Wood from Immersive and Bryan Lehr for a live discussion on:

✔️ How GenAI is transforming secure coding

✔️ What developers and security leaders need to know to deploy AI effectively

✔️ How teams can integrate AI-driven security with human expertise

➡️ Register here

🔥 Vicarius Villain of the Week

A high-severity vulnerability, CVE-2025-2704, has been identified in OpenVPN versions 2.6.1 to 2.6.13 when using the --tls-crypt-v2 feature.

This flaw allows unauthenticated remote attackers to send specially crafted packets that can crash the OpenVPN server during the handshake process.

🚨 Why it matters:

Exploiting this vulnerability could result in:

- Service disruption and VPN downtime

- Loss of secure access for remote employees or services

📋 Recommended actions:

- Update: Upgrade to OpenVPN version 2.6.14 or later, where this issue is resolved.

- Temporarily disable the tls-crypt-v2 directive in your server config if patching isn't possible.

Use these scripts from the Vicarius research team:

- Detection: https://lnkd.in/e3TpkqYR

- Mitigation: https://lnkd.in/eZdWazah

Let us know if you need help securing your OpenVPN infrastructure or applying these steps!

🧐 Want to know more about Vicarius? Click here

🔥 The Smartest Security Decisions Start With The Right Intelligence

Forrester’s Q1 2025 report highlights how External Threat Intelligence Service Providers (ETISPs) are helping organisations move from reactive defence to proactive, risk-aligned decision-making.

In the latest blog from Censys, they break down:

✅ How to prioritise real threats (not just more alerts)

✅ Why external intel is becoming essential for risk and compliance

✅ Why Forrester recognised Censys as a notable provider in this evolving space

➡️ Get the key insights from the Forrester’s External Threat Intelligence Service Providers Landscape here

🧐 Want to know more about Censys? Book a call here

🔥 Permissions. Configurations. Admin access.

Governance in Microsoft 365 isn’t optional - it’s how you prevent accidental data leaks and protect what matters most...

The Microsoft 365 Governance Checklist from CoreView dives into critical controls admins often overlook, like enforcing audit trails for admin actions and tightly managing configuration changes across workloads.

➡️ Get the checklist for free and without having to share any of your precious details (yahoo!!) here

🧐 Want to learn more about CoreView? Click here

🔥 Is The Zero-Day Really Worth the Panic?

Before you escalate, pressure-test the situation:

❓ Is there evidence of active exploitation?

❓ What’s the potential blast radius?

❓ Do we have mitigating controls?

Axonius' Director of Security Operations, Rafael Borges, breaks down a practical, risk-based approach to vulnerability escalation.

🔗 Read his take here

🧐 Want to know more about Axonius? Click here for a demo

Now, let's take a look at our top Cyber Security News picks of the week

1. Paper Werewolf Deploys PowerModul Implant in Targeted Cyberattacks on Russian Sectors

The threat actor known as Paper Werewolf has been observed exclusively targeting Russian entities with a new implant called PowerModul.

The activity, which took place between July and December 2024, singled out organizations in the mass media, telecommunications, construction, government entities, and energy sectors, Kaspersky said in a new report published Thursday.

Paper Werewolf, also known as GOFFEE, is assessed to have conducted at least seven campaigns since 2022, according to BI.ZONE, with the attacks mainly aimed at government, energy, financial, media, and other organizations.

2. OttoKit WordPress Plugin Admin Creation Vulnerability Under Active Exploitation

A newly disclosed high-severity security flaw impacting OttoKit (formerly SureTriggers) has come under active exploitation within a few hours of public disclosure.

The vulnerability, tracked as CVE-2025-3102 (CVSS score: 8.1), is an authorization bypass bug that could permit an attacker to create administrator accounts under certain conditions and take control of susceptible websites.

"The SureTriggers: All-in-One Automation Platform plugin for WordPress is vulnerable to an authentication bypass leading to administrative account creation due to a missing empty value check on the 'secret_key' value in the 'autheticate_user' function in all versions up to, and including, 1.0.78," Wordfence's István Márton said.

3. Amazon EC2 SSM Agent Flaw Patched After Privilege Escalation via Path Traversal

Cybersecurity researchers have disclosed details of a now-patched security flaw in the Amazon EC2 Simple Systems Manager (SSM) Agent that, if successfully exploited, could permit an attacker to achieve privilege escalation and code execution.

The vulnerability could permit an attacker to create directories in unintended locations on the filesystem, execute arbitrary scripts with root privileges, and likely escalate privileges or perform malicious activities by writing files to sensitive areas of the system, Cymulate said in a report shared with The Hacker News.

4. US lab testing provider exposed health data of 1.6 million people

Laboratory Services Cooperative (LSC) has released a statement informing it suffered a data breach where hackers stole sensitive information of roughly 1.6 million people from its systems.

LSC is a Seattle-based nonprofit organization that provides centralized laboratory services to its member affiliates, including select Planned Parenthood centers.

It plays a crucial role within its niche, supporting organizations in the reproductive health services across more than 35 U.S. states, handling sensitive lab testing, billing, and personal data.

5. Ransomware Attack Cost IKEA Operator in Eastern Europe $23 Million

Fourlis Group, the operator of IKEA stores in Greece, Cyprus, Romania, and Bulgaria, has informed that the ransomware attack it suffered just before Black Friday on November 27, 2024, caused losses estimated to €20 million ($22.8 million).

The security incident became public on December 3, 2024, when the group admitted that the technical problems IKEA online shops were facing were due to “malicious external action.”

Although the company also operates Intersport, Foot Locker, and Holland & Barrett shops in the said countries, the impact of the attack affected mainly IKEA business operations.

That's it for this weeks tasty morsels...

Enjoy the sunshine ☀️

Much 🧡 Stay Safe

The CV Team

Security for an intelligent future...