In this episode of the CyberHub Podcast, recorded while on the road, listeners are greeted with a dynamic briefing on new and ongoing security threats.
Topics include a major cyber-attack on X (formerly Twitter), the discovery of critical vulnerabilities in PHP and SCADA systems, a spike in federal regulatory actions, and updates on significant bug bounty rewards. Each story underscores the importance of timely patching, understanding broader threat contexts, and maintaining robust defenses in a rapidly evolving cyber landscape.
Cyber-Attack on X by “Dark Storm” Hackers
X experienced a worldwide outage lasting around twelve hours, allegedly due to a DDoS attack claimed by a pro-Palestinian group called Dark Storm. Their motivation appears linked to Elon Musk’s public comments and the group’s broader calls to “globalize the intifada.” Attackers used check-host sites to showcase their impact in real-time, while Cloudflare tried to mitigate the excessive requests. The incident offers a stark reminder that hacktivist groups can—and do—target major platforms over geopolitical issues.
Critical PHP Vulnerability on Windows Servers
A high-severity vulnerability in PHP (CVE-2020-XXXXXX placeholder in the transcript) affects only specific setups: Windows servers using Apache and PHP CGI with certain code pages. Attackers can inject arguments to trigger remote code execution because of the “best fit” behavior in Unicode-to-ANSI conversions. Initially disclosed in mid-2024, ransomware groups swiftly exploited the flaw. More recent campaigns have targeted Japanese organizations in education, telecom, and more.
New Additions to CISA’s KEV Catalog
CISA has added several critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, focusing on Avanti’s EPM (Endpoint Manager) software. These flaws allow remote file uploads, SQL injection, and path traversal. Threat actors are actively exploiting them, prompting an urgent call for immediate patching. Organizations using Avanti EPM should prioritize remediation to prevent lateral movement and sensitive data exfiltration.
ICS Vulnerabilities in SCADA Systems
Palo Alto Networks disclosed details of high-severity weaknesses affecting Iconics and Mitsubishi Electric SCADA systems (GENESIS, MC Works). Exploits require authentication but can lead to arbitrary code execution, privilege escalation, and file manipulation—potentially disrupting critical infrastructure operations. Operators should install the relevant patches to thwart attacks on vital industrial processes.
SideWinder Attacks on Maritime and Logistics
The India-based cyber-espionage group known as SideWinder (aka Rattlesnake or Tapt-O) has ramped up offensive campaigns against maritime and logistics targets in Africa and Asia. Using weaponized Office documents exploiting CVE-2017-11882, the group deploys the Stealer bot malware on vulnerable systems. The shift in targeting reflects broader concerns about supply chain vulnerabilities and the need for security teams to coordinate proactively with business units that oversee global operations.
Flurry of Federal Trade Commission (FTC) Actions
MGM Ransomware Inquiry Dropped
After issuing a civil investigative demand regarding MGM Resorts’ ransomware breach, the FTC withdrew its case. MGM had challenged the inquiry, citing procedural and jurisdictional concerns, including a potential conflict of interest for FTC Chair Lina Khan.
$12.5 Billion Lost to Fraud
Americans lost a record $12.5 billion to various forms of fraud in the past year—a 25% increase. Investment scams accounted for $5.7 billion, largely driven by online ads and social media. The rise in phone-based scams also remains a concern, with higher individual loss amounts reported from phone interactions.
Refunds for Fake Tech Support
The FTC is distributing $25.5 million in refunds to victims of two companies—Restoro and Reimage—found guilty of using pop-up ads mimicking system alerts to sell unnecessary PC repair services. Potentially hundreds of thousands of individuals will receive PayPal payments.
Google’s $12 Million Bug Bounty Payouts
Google awarded more than $12 million to over 660 security researchers through its Vulnerability Reward Program in 2024. This includes a revamped reward structure with maximum payouts of $151,515, while certain mobile vulnerabilities can net up to $300,000. The sizable investments underscore how bug bounty programs enhance Google’s security posture and serve as a model for other organizations.
Action List
Implement Mitigations for PHP CGI: If you run PHP on Windows with Apache, review and apply patches or switch to secure configurations.
Prioritize Patch Management: Urgently address vulnerabilities listed in CISA’s KEV catalog, especially for Avanti EPM.
Harden ICS Environments: Update SCADA systems (Iconics, Mitsubishi) and enable strict authentication measures.
Monitor Hacktivist Trends: Stay vigilant for politically motivated attacks (like Dark Storm’s activity) and factor geopolitical events into threat intelligence.
Bolster Supply Chain Security: Coordinate with business units to evaluate potential risks from maritime or logistics partners targeted by SideWinder.
Educate Users on Scams: Emphasize training on phone-based and online fraud, as losses continue to rise.
Consider a Bug Bounty Program: Leverage success stories (e.g., Google’s payouts) to advocate for ethical hacking initiatives that uncover critical flaws.
✅ Story Links:
https://www.securityweek.com/mass-exploitation-of-critical-php-vulnerability-begins/
https://thehackernews.com/2025/03/cisa-adds-five-actively-exploited.html
https://therecord.media/trump-admin-ends-ftc-ransomware-case
Level Zero Conference Discount Code: L020RESPOND
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post