InfoSec Dot - Issue #79. Exploitation in the Digital Age 🚨 | Cybersecurity’s Human Cost 💔 | Protecting the Vulnerable 🛡️

Hello, Cybersecurity Enthusiasts!

In this edition, the focus is on the human cost of cybersecurity threats, particularly the exploitation happening on online platforms. Cybercriminals are using the internet for crimes like sextortion, trafficking, and child abuse, taking advantage of the anonymity and reach these platforms provide.

This edition highlights the urgent need for stronger protective measures and accountability from digital platforms. It stresses the importance of raising awareness and implementing more proactive strategies to shield vulnerable individuals from these growing online dangers.

Stay ahead with these vital updates to fortify your security posture.

🗓️ What’s New

Stealthy New BPFdoor Variant Discovered in Active Attacks

A newly discovered BPFdoor controller enables stealthy backdoor access to Linux systems by evading firewalls and network monitoring using raw sockets and packet filters, posing a serious threat to enterprise environments. Read More (3 min)

Hackers Attempt to Steal AWS Credentials Using SSRF Flaws
Hackers recently exploited SSRF vulnerabilities in AWS-hosted websites to target EC2 instance metadata, aiming to steal sensitive AWS credentials. By taking advantage of weaknesses in EC2 Instance Metadata Service (IMDSv1), they sought to access valuable data, highlighting the need for stronger security practices and migration to IMDSv2. Read more (3 mins)

ResolverRAT Targets Healthcare & Pharma Sectors

A new malware, ResolverRAT, is targeting healthcare and pharmaceutical organizations through phishing emails. The malware uses advanced techniques like in-memory execution to avoid detection, and it’s tailored to specific regions. Experts recommend stronger email filtering and endpoint protection to defend against this threat. Read more (2 mins)

DaVita Hit by Ransomware Attack

DaVita, a major kidney dialysis provider, experienced a ransomware attack that encrypted parts of its network. Despite the breach, patient care continued without disruption thanks to backup systems. The company is working with cybersecurity experts and law enforcement to resolve the issue. Read more (2 mins)

4chan Hacked: Internal Data Exposed
4chan, the controversial imageboard known for its minimal moderation, was hacked on April 15, 2025. Screenshots of the site's backend, including source code and moderator information, were leaked online. A 4chan janitor confirmed the authenticity of the data, expressing concern over the breach's implications for the site's operation and the exposure of personal information. Read more (3 mins)

Microsoft Blocks ActiveX by Default in Office 2024 & Microsoft 365

Microsoft is disabling ActiveX controls by default in Office 2024 applications—Word, Excel, PowerPoint, and Visio—starting October 202. This change, rolling out to Microsoft 365 apps in April 2025, aims to enhance security by preventing unauthorized code execution via legacy ActiveX object. Users can still enable ActiveX controls through the Trust Center settings if needed. Existing ActiveX objects will appear as static images, with no interaction possible. Read more (3 mins)

Unmasking the Dark Truth Behind the Human Cost of Cybersecurity

In this episode, James Azar delves into the often-overlooked human toll of cyber threats, highlighting how online platforms can become breeding grounds for exploitation. The discussion features cybersecurity expert Paul Raffaelli, who sheds light on the complexities of online dangers such as sextortion, trafficking, and child abuse. Azar underscores the urgent need for increased awareness, platform accountability, and proactive measures to protect vulnerable individuals in the digital age.​ Read more (4 mins)

🔗 Quick Links

• 2.6 Million Impacted by Landmark Admin, Young Consulting Data Breaches

• Crypto Developers Targeted by Python Malware Disguised as Coding Challenges

• Tirreno: Open-source fraud prevention platform

• North Korean Hackers For Hire

If you like this issue, I'd really appreciate it if you could forward it to your friends and colleagues! Your support helps us grow and continue providing great content.

If you have specific feedback or anything interesting you’d like to share, please let me know by replying to this email.

Regards,

Dot