Top news stories this week
- Patch now. Ivanti and SonicWall customers urged to patch critical zero-day vulnerabilities.
- Cooperation. Telegram hands over user data, including IP addresses, to US law enforcement.
- Labelling. US launches cyber security labelling for Internet of Things devices.
- Data breach. Volkswagen AWS misconfiguration reveals data of 800,000 customers.
- Identity exposure. Singaporean citizens’ identity numbers now considered public information.
- Third-party risks. Argentina’s Airport Security Police and tech giant Atos victims of third-party hacks.
- Phished. Casio forensic investigation reveals phishing as the cause of October 2024 cyber attack.
1. Critical Ivanti and SonicWall zero-day vulnerabilities under active exploitation
US IT firm Ivanti has disclosed two critical software vulnerabilities affecting its Connect Secure, Policy Secure and Neurons for ZTA gateway appliances that can allow attackers to gain remote access to networks. Threat actors are actively exploiting one vulnerability on Connect Secure appliances, tracked as CVE-2025-0282.
Separately, US cyber security company SonicWall has urged customers with SSL VPN and SSH management to upgrade to the latest firmware to patch against an authentication bypass vulnerability tracked as CVE-2024-53704.
So What?
Organisations using the affected Ivanti and SonicWall products should follow the latest guidance and update vulnerable software immediately.
[Researcher: Waithera Junghae ]
2. Telegram handed over data of thousands of users to US law enforcement in 2024
Social media networking platform Telegram handed over the data of more than 2,200 users, including IP addresses and phone numbers, to US law enforcement authorities in 2024 following 900 requests made by various agencies. This follows Telegram’s change of policy in September 2024, stating that it would share user data with law enforcement if the users were found to be violating the platform's rules.
So what?
Cyber criminals are known to use Telegram for various activities. As the platform continues to comply with law enforcement requests, these threat actors may turn to alternative platforms.
[Researcher: Waithera Junghae]
3. US launches new cyber security safety labels for smart devices
The US Federal Communications Commission has launched a cyber security labelling programme aimed at improving digital safeguards for Internet of Things (IoT) devices. Under the new regulations, vendors can display the Cyber Trust Mark logo on their products if they meet specific criteria, including implementing unique and strong default passwords and ensuring regular software updates.
So what?
As the number of IoT devices continues to grow, implementing security labels will enable consumers to prioritise security and make more informed choices when selecting products.
[Researcher: Lena Krummeich]
4. Volkswagen AWS misconfiguration exposes data of 800,000 customers
A misconfiguration in Volkswagen Group's Amazon Web Service cloud storage resulted in the exposure of sensitive data related to approximately 800,000 of its electric vehicle (‘EV’) owners including from its brands Audi and Skoda. The information exposed included location data, information of when EVs were switched on and off, as well as email addresses, phone numbers, and home addresses of car owners.
So what?
Organisations should conduct regular audits of cloud configurations and update them with security best practices.
[Researcher: Aditya Ganjam Mahesh]
5. Singapore “desensitises” key identity document
The Singaporean Government confirmed that National Registration Identity Card (NRIC) numbers, crucial identifiers for citizens and residents, should be considered public information. Previously partially masked, NRIC numbers are now available in full following the unexpected introduction of a government business records portal. Although the Accounting and Corporate Regulatory Authority has since removed full NRIC numbers from search results, they remain accessible through purchasable reports.
SO WHAT?
Singapore-based companies relying on NRIC information should avoid using NRIC numbers in user credentials.
[Researcher: Lester Lim]
6. Third-party cyber security infrastructure failures behind PSA and Atos breaches
The Argentine Airport Security Police (PSA) suffered a payroll system breach in December 2024 due to a third-party vulnerability, Banco Nación’s system, allowing hackers to siphon funds from employees' salaries under false labels.
Similarly, French Tech Giant Atos, faced a cyber security incident involving the ransomware group Space Bears. While Atos denies a direct breach, it acknowledged that third-party infrastructure containing references to the company was compromised.
SO WHAT?
Effective cyber risk management requires stronger vendor oversight and vetting. Without these measures, organisations remain exposed to data breaches and financial losses in their supply chains.
[Researcher: Blanche MacArthur ]
7. Phishing email led to Casio ransomware attack, company reveals
Casio has confirmed that a phishing email was the cause of a ransomware attack it suffered in October 2024. The company also confirmed that the data of 6,456 employees, 1,931 business partners and 91 customers were impacted during the attack, which caused significant operational disruption.
SO WHAT?
To mitigate the success of phishing campaigns, companies should ensure employees receive regular training on how to spot and report phishing emails.
[Researcher: Adelaide Parker]
-1-1.jpeg?width=121&height=121&name=MicrosoftTeams-image%20(11)-1-1.jpeg)
