Zip Flaw Exploited, Meta Confirms Spyware, ENGlobal Ransomware Outage – Cybersecurity News [February 03, 2025]

Cyber threats are becoming more sophisticated with each day passing by, attacking individuals and businesses unpredictably. This week’s security news covers news pieces directly curated from authentic sources. We will discuss how a new exploit in 7-Zip allowed attackers to bypass Windows security and how Meta identified a spyware attack on 90 journalists and activists.

Additionally, we will also cover news suggesting ransomware activity that forced organization to remain offline for weeks. Also, we will understand how illegitimate hackers allegedly compromised customer’s payment information. Last but not least, we will cover news about how cybercriminals have been using fake job interviews to gain unauthorized access to the systems using payloads.

Threat Actors Exploiting 7-Zip Flaw to Bypass Windows MotW Protections

A new vulnerability in the 7-Zip archiving software is supposedly being leveraged by cybercriminals to circumvent Microsoft’s Mark of the Web (MotW) protections, putting dozens of Windows users at risk. In the opinion of security researchers, this flaw allows attackers to inject malicious payloads on internal ports without even warning. This vulnerability is reportedly exploited through increased phishing campaigns delivering compromised archive files. When executed intentionally or unintentionally, these payloads can install keyloggers, remote access trojans, and other complex malware onto targeted Windows environments.

Reportedly, attackers evade Microsoft Defender and other apps by embedding malware scripts in archive files. These payload triggers extraction of sensitive with minimal to no user interaction required, resulting in infections by malware, deployment of ransomware, and espionage campaigns. These can result in range of issues including data breaches, system compromises to financial fraud and corporate espionage. Security professionals suggest that the users should consider:

1. Refraining from extracting unverified archive files
2. Deploy security fixes at the earliest
3. Consider applying enhanced endpoint protection. 
4. Attaining cybersecurity awareness trainings

Meta Confirms the News of Spyware Attack on 90 Journalists and Activists

Meta has announced a zero-click spyware attack on the WhatsApp messaging app, impacting at least 90 journalists and human rights activists. The attack has reignited the debate, and concerns are again rising about the personal safety of digital privacy and surveillance. To start with, Zero-click attacks work differently from most phishing scams; these involve exploiting specific software vulnerabilities, allowing an attacker to infect a device without the user needing to do anything. 

Cybersecurity analysts say the most recent attack seems related to a state-sponsored surveillance operation that took advantage of a vulnerability in WhatsApp’s real-time communication function. When infiltrated, the spyware allows attackers to have total control over accounts, involving access to messages, call logs and even the device’s microphone and camera. This attack poses a serious risk to personal and professional privacy. Meanwhile, digital rights groups are calling for closer scrutiny of tech firms and tighter international controls to combat the misuse of spyware.

ENGlobal Suffered Six-week Outage From Alleged Ransomware Activity

ENGlobal Corporation, an extensive engineering and automation services provider, recently became the prey for hackers after suffering companywide financial loss after facing a ransomware attack. An alleged malicious actor is said to have breached the company’s IT systems, likely encrypting mission-critical data and blocking access to business-critical applications. The breach caused the organization to take down parts of its infrastructure, to contain the threat, leading to a six-week outage of its operations. It affected project timelines, delayed client deliveries, and potential data leakage was also a concern. 

This incident highlights the increased threat of cyber-attacks against industrial and engineering companies. ENGlobal has worked with cybersecurity professionals to investigate the incident and strengthen its security posture since the breach. This attack underscores the need for businesses to invest in proactive threat detection, effective incident response plans, and ongoing security monitoring to prevent such attacks in future.

Today organizations must place a top priority on cybersecurity investments to combat the potentially crippling problems caused by a ransomware attack. The breach reminds us that even mature companies can suffer from extended downtime without strong defenses. The need to strengthen cyber resilience is no longer a choice but rather have become a necessity for business continuity.

Casio Web Store Injected with Customer Credit Card Stealing Scripts

Shoppers beware! The Casio Website has allegedly been hacked with credit card stealing scripts maliciously injected into the client-facing site. The breach was discovered after unusual transactions were linked to code purchases on the site. Findings suggest that the attackers planted Magecarart-style skimmers, put in simple words are malicious scripts that can be used to collect credit card data in real time. Here, with real-time meaning, customers typing their billing information unaware of the underlying truth.

The security firm also found that in all 17 infections, the skimmer script was loaded from the hosting provider and that the skimmer code was similar across infections, which meant they most likely spawned from the same tool. Meanwhile, the audience is advised to monitor their bank statements for unauthorized transactions continuously and have their compromised cards canceled to avoid any potential losses. With this news piece, we clearly understood the fact that one organization should give a keen thought to:

1. Investing in regular security audits
2. Adopting strong encryption strategies
3. Deploy real-time threat detection systems
4. Lastly, Make the above a priority, not an afterthought. 

Threat Actors Deploy FERRET Malware via Fake Job Interviews on macOS

A new cyber-espionage campaign has been uncovered, in which hackers are duping professionals with fake job interviews and allegedly deploying FERRET malware behind the scenes on macOS devices. According to security analysts, the malicious threat actors pose as legitimate recruiters and reach out to victims with enticing job offers.

Once they gain the target’s trust, they deliver malicious payloads, bypass macOS security controls, and maintain access by silently installing FERRET malware. This FERRET malware is typically designed to steal system credentials, exfiltrate sensitive files, and provide remote access to attackers, allowing for complete control of compromised systems. The campaign is focused explicitly on those employed in high-profile industries, rendering it an impactful tool.

Meanwhile, the domain experts suggest job seekers remain extra cautious since they could be the next target. Below are the steps that can be taken care of by the individual:

1. You should always remain alert.
2. Diligently verify the identities of potential recruiters.
3. Do not download or entertain any files/folders from unknown sources. 

Moreover, companies must teach employees about social engineering tactics and establish strict endpoint security protocols to snuff out unauthorized access before it occurs. With cybercriminals taking advantage of trust and curiosity, it is more important than ever to remain on guard against such harmless interactions.