Good morning, Security Gang! Welcome to another packed episode of the CyberHub Podcast, pre-recorded from the S4 Conference in Tampa, Florida. Below is a detailed rundown of each major story covered, this time consolidated into paragraphs for easier reading.
Today’s episode dives into several urgent cybersecurity developments: an Apple zero-day patch that requires physical device access, a potential ransomware strike on a major newspaper conglomerate, the takedown of the 8Base ransomware group, and suspicious OpenAI credentials on the dark web. We also spotlight the British military’s shift to condensed basic training for cyber recruits, Microsoft’s boosted bug bounty rewards for Copilot vulnerabilities, and an Indiana man sentenced to a lengthy prison term after a colossal cryptocurrency theft.
Apple Issues Urgent iOS/iPadOS Patch
Apple released iOS and iPadOS 18.3.1 to address a critical security flaw already exploited in the wild, though the exploit requires physical device access. Attackers can plug into the device’s Lightning or USB-C port after it has been locked for over an hour, bypassing Apple’s USB Restricted Mode that normally limits data access. While details remain sparse, Apple categorizes the exploit as a low-complexity attack. Users are urged to install the patch as soon as possible to ensure their devices stay secure.
Lee Enterprises Cyber Disruption
Lee Enterprises, one of the largest owners of local newspapers in the U.S., experienced a severe cybersecurity event that disrupted daily operations. Company spokespeople have not confirmed the nature of the attack but indicated it aligns with symptoms of ransomware. Network segmentation questions arise, given that printing presses, ideally isolated, seem affected by this attack. Lee Enterprises publishes hundreds of papers and digital platforms nationwide, reporting $145 million in revenue last quarter.
OpenAI Credential Sale on Dark Web
A threat actor named “Emerking” claimed to possess and sell 20 million OpenAI credentials on a cybercrime forum, but analysis by threat intelligence firm Cala shows these likely stem from info-stealing malware, not a direct OpenAI breach. The actual volume of compromised accounts remains unclear as dark web sellers often inflate numbers. This incident underscores the pervasive risk of info-stealing campaigns and highlights the importance of strong, unique credentials.
8Base Ransomware Takedown
International law enforcement agencies, including the FBI and Europol, seized the 8Base ransomware operation and arrested four individuals in Phuket, Thailand. This relatively new ransomware collective quickly gained notoriety for attacks on notable organizations like the UN Development Program. Despite 8Base’s brief operational period, researchers suggest it was formed by experienced cybercriminals reorganizing under a fresh brand. The four arrested suspects reportedly targeted Swiss companies and laundered proceeds using crypto-mixing services.
Google Tag Manager Exploited for Credit Card Skimming
Threat actors leveraged Google Tag Manager (GTM) scripts to inject malicious code onto Magento-based e-commerce sites, masquerading as legitimate analytics. The result was a hidden backdoor that granted persistent access for credit card skimming. Website security company Sikori identified multiple sites infected with an obfuscated GTM identifier. Operators of e-commerce platforms are advised to regularly test payment channels and monitor for unauthorized scripts to maintain secure transactions.
GFI Grail Control Firewall Vulnerability
Over 12,000 instances of GFI Grail Control firewall appliances remain unpatched against CVE-2023-52875, a one-click remote code execution vulnerability. Discovered by a security researcher in mid-December, the flaw was resolved via a patch (version 9.4.5 Patch 1), yet many small and medium-sized businesses have been slow to update. Countries with the highest exposure include Russia, Kazakhstan, the U.S., and Iran. This creates a high-risk scenario, as the vulnerability’s low complexity could enable wide-scale attacks.
British Military Fast-Tracks Cyber Recruits
In an effort to rapidly bolster its cyber defense capabilities, the British military will shorten its standard 10-week basic training to just 4 weeks for up to 50 cyber-focused recruits. These recruits will then complete a specialized 3-month cybersecurity program at the Defense Academy. This approach aims to meet urgent personnel needs but raises questions about balancing traditional military conditioning with the unique demands of cyber warfare, which often requires resilience against high-pressure, fast-evolving digital threats.
Microsoft Bug Bounty Expansion for Copilot
Microsoft announced an expanded bug bounty program for its Copilot AI tools and services, increasing potential payouts for researchers. Critical severity vulnerabilities in Copilot can now yield up to $30,000, while medium-severity bugs may net up to $5,000. These updated incentives highlight Microsoft’s commitment to collaboration with the security community to identify and patch flaws before malicious actors can exploit them.
Indiana Man Sentenced for $37M Crypto Theft
Evan Frederick Light, 22, received a 20-year federal prison sentence for a scheme that stole over $37 million in cryptocurrency from an investment holdings company in South Dakota. After using a false kidnapping report to evacuate employees, Light accessed servers and exfiltrated personal data, targeting clients’ crypto holdings. He pleaded guilty and now faces not only a lengthy prison term but also a substantial restitution order at a future hearing.
Bullet Point Action List
Patch Promptly: Update Apple iOS/iPadOS devices to version 16.3.1 to protect against the zero-day exploit.
Network Segmentation: Strengthen isolation between IT and OT systems to reduce the spread of ransomware.
Malware Vigilance: Remain alert to info-stealing malware campaigns—use strong, unique passwords and multi-factor authentication.
Secure E-commerce: Routinely test payment workflows and look for unauthorized code or scripts.
Apply Known Fixes: Immediately update GFI Grail Control appliances to guard against remote code execution exploits.
Monitor Ransomware Threats: Keep an eye on regrouping cybercriminals post-8Base takedown—ransomware actors often rebrand quickly.
Evaluate Cyber Recruitment: Observe how the British military’s shortened boot camp impacts long-term success in cyber defense roles.
Explore Bug Bounties: Share Microsoft’s expanded bug bounty program with internal security teams or external researchers.
Strengthen Authentication: Maintain rigorous identity protection measures, as large-scale crypto thefts highlight the damage from compromised credentials.
Stay tuned for more insights and, as always, stay cyber-safe!
✅ Story Links:
https://therecord.media/lee-enterprises-cyberattack-newspapers-priinting
https://therecord.media/8base-ransomware-site-taken-down-4-arrested
https://thehackernews.com/2025/02/hackers-exploit-google-tag-manager-to.html
https://therecord.media/british-military-drops-basic-training-to-fast-track-cyber-recruits
https://www.securityweek.com/microsoft-expands-copilot-bug-bounty-program-increases-payouts/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post