YouTubers Targeted With Malware Links: Cyber Security Today for Wednesday, January 15, 2025

Share post:

YouTubers targeted with malware links, fitness apps leaking military secrets, a UK ransomware payment ban proposal, AWS encryption tools exploited by a new ransomware gang, and Fortinet firewalls hit by a possible zero-day attack.

This is Cyber Security Today. I’m your host, Jim Love.

YouTubers targeted with malware links

Cybercriminals are planting malware links on trusted platforms like YouTube and Google search results. Trend Micro researchers say these attackers target users searching for cracked software. Instead of downloading the promised tool, victims unknowingly install malware such as Lumma or Vidar that steals passwords and crypto-wallet data.

The scheme is clever. Videos claiming to provide free software include links in descriptions or pinned comments. These links direct users to file-sharing sites like Mediafire or Mega.nz, where malware hides in password-protected archives to evade detection. The same tactics are appearing in Google search results. For instance, one fake Autodesk link led to an infostealer download.

Security experts warn that the real risk is complacency. People chasing free software often overlook security warnings. Enterprises are especially vulnerable if employees fall for these scams. The best defense? Educating users that free software may come at a very high price – their privacy, their data and even their money. And in world where home and office boundaries are, at best in flux, their free software could cost the company – big time.

Fitness Apps Leak French Nuclear Submarine Patrol Details

A fitness app exposed patrol details of a French nuclear submarine.

Le Monde reports that Strava, a popular app, tracked runs by crew members at France’s Île Longue base. When their activity suddenly stopped, it revealed the submarine was on patrol. Weeks later, when the crew returned, Strava lit up again. One sailor even joked about returning from sea.

This type of leak is called “Fit Leaking.” Experts warn that fitness apps can reveal sensitive information, from base layouts to troop movements. This isn’t the first incident. The U.S. and Israel have seen similar issues, where fitness data exposed military sites on Strava’s public heatmap.

The French Navy acknowledged security lapses, and experts caution that foreign intelligence agencies may have accessed this data. The lesson? Smartphones and wearables can leak sensitive information, even for high-security operations.

And it’s not just fitness apps. On Monday’s show we had a story that showed that thousands of apps have been used to collect location data and have disclosed it. While today’s example is definitely a breech of security, there’s a much bigger problem.

Tackling these risks requires more than banning devices—it means rethinking how we handle location data.

UK Proposes Ban on Ransomware Payments in Public Sector

The UK is considering a ban on ransomware payments for public services.

In our last weekend show, our panelist, and frequent guest David Shipley made an impassioned argument against paying ransoms. It turns out, the UK government might agree with him.

The UK government has launched a 12-week consultation on whether to stop public sector organizations from paying ransoms. This would include hospitals, schools, and transport networks. One proposal goes further, requiring private companies to get government approval before making ransomware payments.

Supporters say cutting off ransom payments could reduce attacks. Security Minister Dan Jarvis says these proposals aim to choke off criminals’ financial pipelines. But critics worry about unintended consequences, like driving payments underground or making it harder for victims to recover.

If the UK moves forward, it would be the first major economy to introduce such sweeping measures. Organizations have 12 weeks to shape this policy. Whether it’s a full ban, licensing system, or mandatory reporting, one thing is clear: the global response to ransomware is changing.

AWS Encryption Tools Used in New Ransomware Attack

A new ransomware gang called Codefinger is targeting Amazon Web Services users.

But there’s a twist. The hackers are using AWS’s encryption tools to carry out the attack.  They exploit AWS’s server-side encryption with customer-provided keys, known as SSE-C. They gain access by using compromised credentials to lock S3 storage buckets with an AES-256 key.

One of the strengths of AWS’ approach to encryption is that the company does not retain the keys – only their clients have that info. The idea was rooted in privacy and data sovereignty. A government or other party could not demand that AWS given them access to client data – it was encrypted.

But if attackers, get control, victims can’t decrypt their data without the attackers’ key.

Halcyon researchers warn this tactic could pose a systemic risk to cloud users. At least two AWS-native developers have been hit. In one case, the criminals gave victims a seven-day deadline to pay before deleting their data.

AWS advises customers to minimize key exposure by rotating credentials, using IAM roles, and avoiding SSE-C where possible. The attack shows that even legitimate cloud features can be weaponized by criminals.

Fortinet Firewalls Exploited in Possible Zero-Day Attack

Fortinet firewalls may have been hit by a zero-day attack.

Arctic Wolf Labs reports a wave of attacks in December. Criminals accessed exposed firewall management interfaces, created super-admin accounts, and used SSL VPN tunnels to move through networks. Suspicious login activity and altered configurations point to a likely zero-day vulnerability.

On January 14, Fortinet issued a critical patch for CVE-2024-55591, which they described as an authentication bypass flaw. Admins are urged to patch immediately and review logs for unusual activity.

The attack highlights key lessons: secure management interfaces, monitor login attempts, and apply patches promptly. Fortinet users should stay alert for further developments.

That’s our show for today. You can reach me with tips, comments, and even some constructive criticism. I’m your host, Jim Love. Thanks for listening.

 

SUBSCRIBE NOW

Related articles

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Can Canada Get Its Mojo Back? Interview with Senator Colin Deacon

In this weekend edition of Hashtag Trending, host Jim Love delves into the challenges Canada faces as it...

Deep Seek AI Revolution: Project Synapse on Hashtag Trending for January 25, 2025

Discover how DeepSeek's groundbreaking open-source AI model, R1, is revolutionizing the Artificial Intelligence landscape and redefining global tech...

Project Stargate – 500 Billion Dollars In AI Investment. How Real Is It? Hashtag Trending for Friday, January 24, 2025

ChatGPT Outage Follows On Project Stargate Announcement, Broadcom’s VMWare Lock-In Is Still Angering Customers, And Devin, Reported As...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways