Good morning, Security Gang!

Welcome to a detailed breakdown of the CyberHub Podcast’s episode #865, originally recorded on Tuesday, February 18, 2025. Hosted by James Azar, this episode spotlights high-profile security vulnerabilities, data breach repercussions, AI regulation challenges, fraud busts, and new mobile security developments.

👀 SHOW Supporters:

Today's episode is supported by our friends at Nudge Security. All CyberHub Podcast community members can get a free 14-day trial of their solution for securing SaaS and genAI at https://www.nudgesecurity.com/cyberhub

1. Postgres SQL Zero-Day Linked to BeyondTrust Remote Support Attacks
Rapid7 researchers discovered a critical zero-day vulnerability in Postgres SQL’s interactive terminal (PSQL) that attackers have used in a chain of exploits against BeyondTrust’s Remote Support product. The vulnerability, tracked under “CVE-SQL-SQL-SQL-SQL-SQL,” enables malicious actors to inject SQL commands by manipulating malformed UTF-8 characters. Rapid7 specifically connected the flaw to remote code execution attacks on BeyondTrust systems at the U.S. Treasury.

BeyondTrust has released patches for its own product vulnerabilities, but the Postgres SQL issue remains a serious concern for organizations running unpatched versions (pre-17.3). Affected teams should update as soon as possible to mitigate the risk of compromised data and unauthorized system access.

2. 23andMe Layoffs and Data Breach Fallout
Genetic testing company 23andMe has announced the layoff of over 200 employees, a decision closely tied to the financial strain following a large-scale data breach and subsequent lawsuits. The breach, which occurred in October 2023, affected 6.9 million users, giving attackers access to personal details and ancestry information.

Notably, they appeared to target specific ethnic groups by exploiting previously compromised credentials. Faced with multiple legal challenges and a $30 million settlement, the company lost all seven independent board members in September 2024. Revenue continues to decline, and the workforce is now almost halved.

While the organization is attempting to rebuild trust, its struggles highlight the significant impact a major breach can have on consumer confidence and corporate stability.

3. South Korea Suspends DeepSeek AI Downloads
South Korea’s Personal Information Protection Commission has suspended downloads of the DeepSeek AI app due to non-compliance with the country’s strict data privacy laws. Investigators identified shortcomings in how the app processes personal information and manages communication functions.

While the web service remains live, mobile downloads are paused until DeepSeek addresses these regulatory concerns. This move underscores the growing emphasis on data protection globally and signals that companies launching AI services must adhere to region-specific privacy requirements or risk losing market access.

4. $577 Million Crypto Ponzi Scheme: Estonian Defendants Plead Guilty
Estonians Sergei Potapenko and Ivan Turigan pleaded guilty to charges stemming from their operation of HashFlare, a fraudulent cryptocurrency mining service that collected $577 million from unwitting investors. Despite marketing high-profit crypto mining contracts, the service did not possess sufficient mining capacity, and the duo funneled proceeds into luxury assets, real estate, and multiple investment accounts.

As part of the plea, they agreed to forfeit over $400 million in assets, which will be used to compensate defrauded victims through a remission process. Both face up to 20 years in prison, with sentencing scheduled for May 8.

Leave a comment

5. Xerox Versalink Printer Vulnerabilities
Two critical flaws in Xerox Versalink all-in-one enterprise printers (CVE-2024-12510 and CVE-2024-12511) allow attackers to execute “pass-back” attacks and obtain LDAP, SMB, or FTP authentication credentials. An attacker with configuration access can redirect the printer to an attacker-controlled server, capturing the authentication data.

Xerox has issued patches, and administrators are strongly advised to update immediately to prevent credential theft and maintain secure enterprise printing environments.

6. MacOS Modular Malware Targeting Sensitive Data
Microsoft researchers have detected new variants of the XCSSet malware, a modular threat affecting macOS systems. Spread via compromised Xcode projects, this malware has shown steady evolution over the past five years. Recent improvements include advanced obfuscation methods (using base64 and xxd) and updated persistence techniques involving zshrc and doc files.

Apple previously patched a zero-day involved in earlier variants of XCSSet, indicating that developers must remain vigilant when downloading or sharing Xcode projects.

7. Telegram-Based Golang Backdoor Emerges
A newly identified Golang-based backdoor uses Telegram channels for command-and-control communication. Though still under development, the malware is fully operational and has been observed executing system commands at an attacker’s behest.

Security analysts note that Telegram is a common C2 medium for threat actors, particularly in regions like Russia, due to its secure and anonymous features. Organizations are advised to monitor for suspicious Golang binaries and remain wary of unauthorized Telegram traffic within corporate networks.

8. Soaring Romance Scams Exploiting Vulnerabilities
The rise in romance scams continues unabated, with Chainalysis reporting a 210% year-over-year increase. Typically, scammers pose as romantic partners on dating apps or social media, eventually persuading victims to invest in nonexistent ventures.

Several large scam operations operate from Southeast Asia, often holding workers captive to conduct fraudulent activities. These schemes can have dire emotional and financial repercussions, and in some tragic cases, lead to self-harm. Awareness campaigns and victim support resources are critical to reducing these devastating impacts.

9. Google’s Android 16 Security Upgrades
In response to scams that exploit user behavior during phone calls, Google’s Android 16 beta introduces new safeguards to prevent side-loading apps or enabling accessibility settings while a call is in progress. By addressing these risky moments—when victims might be tricked into changing critical phone configurations—Google aims to improve security for everyday users. Although the changes are still in beta, testers have reported that these measures significantly hinder social engineering tactics.

A broader rollout is expected once Google refines and finalizes the new features.

Bullet Point Action List

• Patch Immediately: Prioritize updates for Postgres SQL, BeyondTrust Remote Support, and Xerox Versalink printers.

• Strengthen Credentials: Enforce multi-factor authentication and unique passwords to mitigate credential stuffing attacks (e.g., 23andMe breach).

• Monitor Supply Chain: Alert development teams to watch out for infected Xcode projects.

• Vet AI Tools: Confirm privacy compliance before deploying AI apps like DeepSeek, especially in regions with strict regulations.

• Educate End-Users: Circulate guidelines on romance scams and social engineering attacks to reduce vulnerabilities in personal communications.

• Implement Mobile Restrictions: Encourage Android users to adopt new security settings and remain cautious during voice calls when adjusting phone configurations.

✅ Story Links:

https://www.securityweek.com/rapid7-flags-new-postgresql-zero-day-connected-to-beyondtrust-exploitation/

https://www.wsj.com/tech/biotech/23andme-to-cut-workforce-by-40-discontinues-therapeutics-pipeline-8c818729?mod=tech_feat3_biotech_pos4

https://thehackernews.com/2025/02/south-korea-suspends-deepseek-ai.html

https://thecyberexpress.com/cryptocurrency-fraud-two-estonians/

https://www.securityweek.com/xerox-versalink-printer-vulnerabilities-enable-lateral-movement/

https://www.bleepingcomputer.com/news/security/microsoft-spots-xcsset-macos-malware-variant-used-for-crypto-theft/

https://thehackernews.com/2025/02/new-golang-based-backdoor-uses-telegram.html

https://www.darkreading.com/cyber-risk/warning-tunnel-of-love-leads-to-scams

https://thecyberexpress.com/android-16-blocks-scammers/

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.