Cyber Weekly Newsletter

Cyber Weekly Newsletter for Friday May 9, 2025

The weekly Security, Tech and Cybercrime newsletter from Riskigy's vCISO Cybersecurity team. Cybersecurity awareness tips and alerts from Riskigy to empower your team to #BeCyberSmart #CyberAware

This Weeks Need-to-Know News and Alerts

⚠️ SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code. CVE-2025-32819 may have already been exploited in the wild as a zero-day. https://thehackernews.com/2025/05/sonicwall-patches-3-flaws-in-sma-100.html 

⚠️ Cisco has released software fixes to address a maximum-severity security flaw tracked as CVE-2025-20188 in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. https://thehackernews.com/2025/05/cisco-patches-cve-2025-20188-100-cvss.html 

⚠️ Lack of security updates make End-of-life routers exploitable for cybercrime proxy networks. The FBI warns that threat actors are deploying malware on end-of-life (EoL) routers to convert them into proxies sold on the 5Socks and Anyproxy networks. https://www.bleepingcomputer.com/news/security/fbi-end-of-life-routers-hacked-for-cybercrime-proxy-networks 

⚠️ NY's New Security Rules Mean for Finance Firms. According to the New York Department of Financial Services, finance companies operating in New York even if not based there must implement a variety of protections against unauthorized access to IT systems. https://www.darkreading.com/cybersecurity-operations/nydfs-rules-businesses-ny 

⚠️ A new "Bring Your Own Installer" EDR bypass technique is exploited in attacks to bypass SentinelOne's tamper protection feature, allowing threat actors to disable endpoint detection and response (EDR) agents to install the Babuk ransomware. https://www.bleepingcomputer.com/news/security/new-bring-your-own-installer-edr-bypass-used-in-ransomware-attack/ 

⚠️ Ransomware operations are using legitimate Kickidler employee monitoring software for recon tracking their victims' activity, and harvesting credentials after breaching their networks. The tool is used by over 5,000 organizations from 60 countries. https://www.bleepingcomputer.com/news/security/kickidler-employee-monitoring-software-abused-in-ransomware-attacks/ 

⚠️ Google has released the May 2025 security updates for Android with fixes for 45 security flaws. Fixes include actively exploited zero-click FreeType 2 code execution vulnerability tracked as CVE-2025-27363, is a high-severity arbitrary code execution bug https://www.bleepingcomputer.com/news/security/google-fixes-actively-exploited-freetype-flaw-on-android/ 

⚠️ Microsoft's April 2025 security updates are causing authentication issues on some Windows Server 2025 domain controllers. Windows Server 2016, Windows Server 2019, Windows Server 2022, and the latest version, Windows Server 2025 are all impacted. https://www.bleepingcomputer.com/news/microsoft/microsoft-april-updates-cause-windows-server-auth-issues/ 

⚠️ Play Ransomware Exploited Windows CVE-2025-29824 as Zero-Day to Breach U.S. Organization. Play, also called Balloonfly and PlayCrypt, is known for its double extortion tactics, sensitive data is exfiltrated prior to exfiltration in exchange for a ransom. https://thehackernews.com/2025/05/play-ransomware-exploited-windows-cve.html 

⚠️ Microsoft ends Authenticator password autofill, moves users to Edge. Microsoft has announced that it will discontinue the password storage and autofill feature in the Authenticator app starting in July and will complete the deprecation in August 2025. https://www.bleepingcomputer.com/news/security/microsoft-ends-authenticator-password-autofill-moves-users-to-edge 

⚠️ Wormable AirPlay Flaws Enable Zero-Click RCE on Apple Devices via Public Wi-Fi. The vulnerabilitie enable zero- or one-click remote code execution (RCE), access control list (ACL), user interaction bypass, and denial-of-service (DoS). https://thehackernews.com/2025/05/wormable-airplay-flaws-enable-zero.html 

⚠️ Microsoft is killing Skype and pushing users to Teams. The Skype video call and messaging service is shutting down April 5th, 14 years after replacing Microsoft's Windows Live Messenger. https://www.bleepingcomputer.com/news/microsoft/microsoft-is-killing-skype-today-pushes-users-to-teams 

⚠️ ​Darcula phishing-as-a-service (PhaaS) platform stole 884,000 credit cards from 13 million clicks on malicious links sent via text messages to targets. Darcula is a PhaaS platform that targets Android and iPhones using domains that spoof well-known brands. https://www.bleepingcomputer.com/news/security/darcula-phaas-steals-884-000-credit-cards-via-phishing-texts/ 

⚠️ Microsoft Warns Default Helm Charts Could Leave Kubernetes Apps Exposed to Data Leaks.  Helm is a package manager for Kubernetes that allows developers to package, configure, and deploy applications and services onto Kubernetes clusters. https://thehackernews.com/2025/05/microsoft-warns-default-helm-charts-for.html 

⚠️ Business email compromise (BEC) and funds transfer fraud (FTF) made up 60% of cyber insurance claims in 2024. The report offers an overview of claims made by policyholders to cyber insurance provider Coalition in 2024. https://www.scworld.com/news/most-cyber-insurance-claims-stem-from-bec-fraud-report-says 

⚠️ Threat actors are targeting organizations by disguising their malware payloads as resume submissions to human resources (HR) departments. The attack begins as a seemingly benign job application submission or link to a professional website. https://www.scworld.com/news/malware-scammers-target-hr-professionals-with-venom-spider-malware 

From Our Blog

✅ FTC Reports a Stark Increase in Fraud: $12.5 Billion in 2024 

According to newly released data from the Federal Trade Commission (FTC), consumers reported a staggering $12.5 billion in losses due to fraud in 2024. This reflects a 25% increase from the previous year…Read more now at https://riskigy.com/blog/f/ftc-reports-a-stark-increase-in-fraud-125-billion-in-2024 

✅ Takeaways from the FINRA 2025 Annual Regulatory Oversight Report

As technology evolves, so do the threats, making cybersecurity and data protection more critical than ever. Let's dive into some key takeaways from the FINRA 2025 Annual Regulatory Oversight Report, with a special focus on cybersecurity and data protection.…Read more now at https://riskigy.com/f/takeaways-from-the-finra-2025-annual-regulatory-oversight-report 

✅ Managing Bring Your Own AI (BYOAI) Risk

While the Bring Your Own AI (BYOAI) trend can enhance productivity and foster innovation, it also introduces a set of compelling risks that businesses must manage carefully. As AI continues to transform the business landscape, a new trend has emerged, Bring Your Own AI (BYOAI)....Read more at https://riskigy.com/blog/f/managing-bring-your-own-ai-byoai-risk 

✅ Infostealer Malware: A Growing Threat and How to Protect Yourself

Recent headlines indicate our most sensitive information is more valuable and vulnerable than ever before. One of the most insidious threats targeting this data is infostealer malware. These malicious programs are designed to secretly harvest sensitive information…Read more at https://riskigy.com/f/infostealer-malware-a-growing-threat-and-how-to-protect-yourself 

✅ Navigating the New Era of Regulatory Compliance 

In today's digital landscape, where cyber threats and data breaches are increasingly prevalent, regulatory compliance has become a critical focus for businesses worldwide. The Securities and Exchange Commission (SEC) has recently updated its incident reporting guidelines, adding to the global push for enhanced data privacy…Read more https://riskigy.com/blog/f/navigating-the-new-era-of-regulatory-compliance 

Recent Data Breach News

⚠️ Insight Partners has confirmed that sensitive data for employees and limited partners was stolen in a January 2025 cyberattack. The company has significant investments in more than 800 companies worldwide, including Twitter, HelloFresh, and Veeam Software. https://www.bleepingcomputer.com/news/security/vc-giant-insight-partners-confirms-investor-data-stolen-in-breach/ 

⚠️ Education giant Pearson suffered a cyberattack, allowing threat actors to steal corporate data and customer information. The company works with schools, universities, and individuals in over 70 countries through its print and online services. https://www.bleepingcomputer.com/news/security/education-giant-pearson-hit-by-cyberattack-exposing-customer-data/ 

⚠️ Online education software provider PowerSchool said threat actors they paid a ransom to following a December 2024 cyberattack have reached out to multiple school district customers in apparent attempts to extort them in exchange for restoring stolen data.  https://www.scworld.com/news/double-extortion-tactics-used-in-powerschool-ransomware-attack 

⚠️ Hacker pleads guilty to orchestrating Disney data heist. The 25-year-old also awaits sentencing for one count of threatening to damage a protected computer. Each felony count carries a maximum of five years in federal prison. https://www.scworld.com/news/hacker-pleads-guilty-to-orchestrating-disney-data-heist 

⚠️ ​Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access. https://thehackernews.com/2025/05/commvault-confirms-hackers-exploited.html 

⚠️ Ascension, one of the largest private healthcare systems in the United States, is notifying patients that their personal and health information was stolen in a December 2024 data theft attack, which affected a former business partner. https://www.bleepingcomputer.com/news/security/ascension-discloses-new-data-breach-after-third-party-hacking-incident/ 

⚠️ Employee benefits administration firm VeriSource Services is warning that a data breach exposed the personal information of four million people. According to VeriSource's investigation, the incident exposed sensitive information to external threat actors. https://www.bleepingcomputer.com/news/security/verisource-now-says-february-data-breach-impacts-4-million-people 

⚠️ Magento supply chain attack compromises hundreds of e-stores. A supply chain attack involving 21 backdoored Magento extensions has compromised between 500 and 1,000 e-commerce stores, including one belonging to a $40 billion multinational. https://www.bleepingcomputer.com/news/security/magento-supply-chain-attack-compromises-hundreds-of-e-stores 

⚠️ Harrods the next UK retailer targeted in a cyberattack. London's iconic department store, Harrods confirmed it was targeted in a cyberattack, becoming the third major UK retailer to report cyberattacks in a week following incidents at M&S and the Co-op. https://www.bleepingcomputer.com/news/security/harrods-the-next-uk-retailer-targeted-in-a-cyberattack/ 

Blog Post Spotlight

Preparing for Offshore IT and Tech Resource Disruptions

The ongoing geopolitical tensions between India and Pakistan can create uncertainty for businesses that rely on offshore IT and tech resources in India. While India is a global leader in software development, tech innovation, and IT services, any escalation in conflict could potentially disrupt operations, supply chains, and cybersecurity. For companies depending on Indian IT suppliers, proactively addressing potential risks is essential.

In this blog post, we explore actionable steps businesses can take to prepare for the implications of geopolitical instability, focusing on cybersecurity threats and supplier risks.

Understanding the Risks

India's IT and tech sectors are deeply integrated into global supply chains, serving industries ranging from healthcare to finance and e-commerce. A conflict between India and Pakistan could have several direct or indirect impacts on these businesses:

1. Operational Disruptions: Escalating tensions could affect internet connectivity, power supplies, and physical infrastructure. Critical IT hubs like Bengaluru, Hyderabad, and Pune may face disruptions due to widespread outages or infrastructure bottlenecks.

2. Supplier Risks: Indian IT vendors may be impacted by workforce shortages, disrupted office operations, and tighter government policies during conflict periods.

3. Cybersecurity Threats: During geopolitical conflicts, cyberattacks often increase as state and non-state actors look to exploit vulnerabilities. Businesses relying on offshore resources may find themselves exposed to heightened cybersecurity risks.

4. Talent Risks: Any prolonged instability could disrupt access to India’s skilled workforce as professionals migrate in search of safety or stability.

Being prepared for these eventualities is crucial for businesses that rely on India’s IT and tech talents to ensure continuity and resilience.

Steps to Mitigate Supplier and Cybersecurity Risks

1. Conduct Supply Chain Risk Assessments

Analyze the dependency your business has on Indian IT providers. Evaluate suppliers against several criteria:

• Location Risks: Are your vendors situated in areas vulnerable to disruptions, such as border regions or heavily populated hubs?

• Operational Resilience: Assess whether vendors have robust business continuity plans in place.

• Backup Vendors: Secure relationships with alternative suppliers or diversify resources across multiple regions to reduce dependency on a single geographic location.

Stepping up your oversight of supplier risks will help you navigate any impacts with minimal disruption.

2. Strengthen Cybersecurity Protocols

Cyberattacks during geopolitical conflicts often target critical infrastructure, businesses, and information systems. Protect your systems by implementing the following measures:

• Data Encryption: Ensure all sensitive data sent offshore is fully encrypted while in transit and at rest.

• Zero-Trust Framework: Adopt a zero-trust approach to ensure that only verified users and devices access your systems, regardless of their location.

• Regular Audits: Perform regular risk assessments and audits of both your internal IT systems and vendor cybersecurity practices.

• Cyber Insurance: Consider investing in cyber insurance to mitigate financial losses in case of a breach or attack.

• Incident Response Plans: Develop and test a robust cybersecurity incident response plan that includes contingencies for threats originating from geopolitical conflicts.

3. Diversify Offshore Operations

Avoid placing all your resources in one basket by diversifying your offshore operations:

• Regional Diversification: Consider outsourcing IT and tech operations to secondary locations such as Southeast Asia, Eastern Europe, or Latin America.

• Hybrid Workforce Models: Shift some processes or projects to onshore staff or adopt a hybrid model where both onshore and offshore teams work collaboratively.

• Cloud-Based Solutions: Leverage cloud infrastructure and SaaS platforms to reduce dependency on physical on-site operations.

By spreading your resources across multiple regions, you can ensure smoother operations regardless of localized disruptions.

4. Build Resilient Vendor Relationships

Fostering strong relationships with your Indian IT partners is critical for navigating periods of tension. Here’s how to do it:

• Collaborate on Risk Planning: Work with vendors to co-create contingency plans and develop alternative workflows in case of disruptions.

• Supply Chain Visibility: Request transparency in operations so you’re always informed about workforce availability, location risks, and vendor policies.

• Financial Contingencies: Establish clear agreements for payments, penalties, and other financial considerations to avoid disputes during disruptions.

Strong communication and proactive planning can help both your business and your vendors weather any situation.

5. Monitor Geopolitical Developments

Finally, stay informed about geopolitical changes and anticipate potential impacts. Some tips include:

• Real-Time Alerts: Set up notifications for breaking news related to India-Pakistan relations from reliable sources.

• Engage Security Experts: Consult geopolitical analysts or business continuity planners who specialize in global conflicts.

• Scenario Planning: Regularly simulate "what-if" scenarios and refresh your crisis response strategies accordingly.

The better informed your leadership team is, the quicker you can pivot during volatile periods.

Conclusion

Businesses leveraging India’s vast offshore IT and tech resources must be vigilant and prepared to tackle the challenges posed by the India-Pakistan conflict. With risks ranging from operational disruptions to cybersecurity threats, robust planning and proactive measures are essential for maintaining global business continuity.

By conducting risk assessments, strengthening cybersecurity defenses, and diversifying operations, companies can build a resilient foundation that will endure under challenging geopolitical circumstances. Collaboration, transparency, and strategic diversification will help ensure that your business thrives, even amid uncertainty.

Remember: It’s not just about reacting to the conflict but proactively planning for long-term operational resilience in an interconnected global market.

Cybersecurity Is Complex! We Are Here To Help

Cyberthreats are everywhere, you don’t have to face them alone. Get Cybersecurity & Tech help from Riskigy!

✔ Looking for an expert to assist your firm or clients? 

✔ Need a pro to explain Tech or Cyber to your management? 

✔ Vetting a new investment or acquisition? 

✔ Want to build a cyber aware staff? 

✔ Need immediate assistance with an incident? 

✔ Considering adding a vCISO or vCTO to your team?

✔ Seeking help with SOC-2, SEC/FINRA, or FTC readiness?

Contact us to discuss how we can assist!