Good morning, security gang, and welcome to the CyberHub Podcast recap for Monday, February 10, 2025.
Today’s discussion delves into several critical events shaping the global cybersecurity landscape, from the UK government’s controversial demand for a hidden backdoor into Apple’s iCloud to intensified efforts to ban DeepSeek AI in multiple countries.
Additionally, recent disclosures of various data breaches have spotlighted vulnerabilities in both corporate environments and essential infrastructure.
UK’s Demand for an iCloud Backdoor
The UK government has reportedly issued a Technical Capability Notice (TCN) under the Investigatory Powers Act, compelling Apple to provide a hidden method for accessing encrypted iCloud data. This directive raises significant legal and privacy concerns, as it may grant British authorities the ability to view any content uploaded to iCloud, potentially affecting users worldwide. Apple has not yet indicated whether it will comply or vigorously challenge the request.
Global DeepSeek AI Ban
Several international jurisdictions—including Australia, Italy, the Netherlands, Taiwan, South Korea, India, and various U.S. governmental entities—have either restricted or banned DeepSeek AI. Scrutiny of DeepSeek’s iOS app uncovered unencrypted data transmission, inadequate encryption methodologies, and potential alignment with Chinese state interests. This wave of prohibitions serves as a stern reminder that organizations must evaluate AI tools comprehensively, especially those with questionable data-handling and security practices.
Trimble CityWorks Zero-Day Vulnerability
Trimble, a leading provider of construction, geospatial, and transportation technology, disclosed a zero-day vulnerability (CVE-2025-XXXX) in its CityWorks platform. Widely used by local governments and public utilities, CityWorks does not control industrial processes directly but manages critical infrastructure data, making it a high-value target for attackers. In response, agencies like CISA have issued advisories, and Trimble has released patches (versions 15.8.9 and 23.10) to mitigate risks.
Avery Ransomware Attack and Credit Card Scraper
Labeling giant Avery experienced a ransomware incident in December 2024, which subsequently led to the discovery of a credit card skimmer on its website. Malicious code secretly collected payment card data from mid-2024 until early January 2025, compromising information belonging to roughly 67,000 customers. As a crucial supplier of labels and packaging, Avery now faces regulatory scrutiny regarding PCI compliance and broader data protection obligations.
Hewlett Packard Enterprise Office 365 Breach
Hewlett Packard Enterprise (HPE) revealed that a May 2023 cyber attack gave unauthorized actors access to a limited number of employee Office 365 mailboxes. This intrusion potentially exposed personal and financial information such as driver’s license numbers and credit card data. Although the breach appeared contained, the incident underscores the evolving tactics used by threat actors targeting email systems and underscores the importance of implementing multi-factor authentication and advanced threat protection.
Hospital Sisters Health System Attack
Hospital Sisters Health System, operating several hospitals and clinics in Wisconsin and Illinois, experienced a significant cyber attack in August 2023. The incident disrupted internet and communication systems, forcing facilities to resort to manual procedures. Investigations revealed unauthorized network access spanning nearly two weeks, impacting the personal information of close to 883,000 individuals. This breach showcases both the value and the vulnerability of healthcare data.
Large-Scale Brute-Force Password Campaign
Security researchers have identified a brute-force campaign leveraging nearly 2.8 million IP addresses. Primarily originating in Brazil, Turkey, Russia, Argentina, Morocco, and Mexico, these attacks target credentials for devices from popular vendors like Palo Alto, Ivanti, and SonicWall. Threat actors often compromise routers and IoT systems to build botnets, highlighting the importance of strong password policies, ongoing patch management, and continuous network monitoring.
Android Malware Targeting Indian Banking Users
Mobile security firm Zimperium discovered a sizable malicious campaign using over 1,000 phone numbers and over 1,000 malicious apps to steal financial information from Indian banking customers. Unlike typical schemes relying on command-and-control servers for one-time password theft, attackers in this operation employ live phone numbers to redirect SMS messages. Researchers estimate that the campaign has compromised more than 50,000 individuals, storing up to 2.5 GB of stolen user data.
MacOS Malware from North Korea: “Flexible Ferret”
SentinelOne researchers uncovered a new MacOS malware variant, dubbed “Flexible Ferret,” attributed to North Korean threat actors. The attackers lure targets into fake job interviews, prompting them to install what appears to be necessary software updates or meeting plugins. Once installed, the malware provides remote access to the victim’s system. Observations also indicate that GitHub “issues” can be manipulated to trick users into downloading infected files, emphasizing the sophistication of these social engineering campaigns.
Conclusion
From government overreach and AI bans to emerging malware and data breaches, today’s cyber threat landscape is both complex and ever-evolving. Organizations must remain vigilant, particularly in assessing legal implications of government-backed encryption demands and ensuring rigorous review of third-party tools. Continuous patching, comprehensive incident response strategies, and user education are essential cornerstones of an effective security posture. In the healthcare sector and other critical industries, downtime preparedness and robust encryption practices remain vital to safeguarding sensitive information.
✅ Story Links:
https://therecord.media/uk-government-reportedly-demands-backdoor-apple-icloud
https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html
https://www.securityweek.com/trimble-cityworks-customers-warned-of-zero-day-exploitation/
https://therecord.media/avery-products-ransomware-data-breach-notification
https://www.securityweek.com/1000-apps-used-in-malicious-campaign-targeting-android-users-in-india/
https://www.cybersecuritydive.com/news/north-korean-hackers--fake-interview/739165/
🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1
🚨 Important Links to Follow:
👉Website:
👉Listen here: https://linktr.ee/cyberhubpodcast
✅ Stay Connected With Us.
👉Facebook: https://www.facebook.com/CyberHubpodcast/
👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/
👉Twitter (X): https://twitter.com/cyberhubpodcast
👉Instagram: https://www.instagram.com/cyberhubpodcast
🤝 For Business Inquiries: info@cyberhubpodcast.com
=============================
🚀 About The CyberHub Podcast.
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.
Share this post