Daily Security Digest – 2025-11-14

🛡️ Security Feed Digest – 2025-11-14

Total Articles: 31    SMB Tagged: 31

Key Takeaways

• **High-Risk Ransomware Threats**: CISA, FBI, and partners have issued critical guidance to protect against Akira ransomware threats (Category: High-Risk). SMB/MSP takeaway: Implement robust security measures, including regular backups and employee education on phishing attacks, to mitigate the risk of a ransomware attack.
• **Emerging AI-Powered Threats**: Relying solely on AI may not account for all potential risks and consequences, potentially leading to significant financial losses (Category: Emerging). SMB/MSP takeaway: Consider integrating human oversight into AI-powered security systems to ensure comprehensive protection against emerging threats.
• **Large Language Model (LLM) Risks**: Embedded LLMs in applications without proper security review can lead to new cybersecurity threats (Category: Emerging). SMB/MSP takeaway: Conduct thorough security assessments and reviews of any application using LLMs to identify potential vulnerabilities and implement necessary mitigations.
• **Authentication Vulnerabilities**: Critical authentication bypass vulnerabilities in products like Fortinet's FortiWeb WAF can allow attackers to take over admin accounts (Category: Other). SMB/MSP takeaway: Regularly update and patch software, including third-party products, to prevent exploitation of known vulnerabilities.
• **Phishing and Social Engineering Threats**: Sophisticated phishing attacks can lead to significant financial losses, potentially harming employees and customers (Category: Awareness). SMB/MSP takeaway: Educate employees on identifying and reporting suspicious emails and implement robust security measures to prevent phishing attacks.

High-Risk

• [SMB] CISA, FBI and Partners Unveil Critical Guidance to Protect Against Akira Ransomware Threat
  https://cisa.gov/news-events/news/cisa-fbi-and-partners-unveil-critical-guidance-protect-against-akira-ransomware-threat
  Thu, 13 Nov 25 12:00:00 +0000
  WASHINGTON - The Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), Department of Defense Cyber Crime Center (DC3), Department of Health and Human Services (HHS), and international partners released updated guidance today to help organizations protect the...
  
  
• [SMB] Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns
  https://thehackernews.com/2025/11/ransomwares-fragmentation-reaches.html
  Fri, 14 Nov 2025 16:07:00 +0530
  Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained a...
  
  
• [SMB] CISA flags imminent threat as Akira ransomware starts hitting Nutanix AHV
  https://theregister.com/2025/11/14/cisa_akira_ransomware
  2025-11-14T15:02:34.00Z
  The US Cybersecurity and Infrastructure Security Agency (CISA) has issued new guidance to organizations on the Akira ransomware operation, which poses an imminent threat to critical sectors. In an updated advisory produced with the FBI and European law enforcement partners, it said Akira has expand...
  
  
• [SMB] The State of Ransomware – Q3 2025
  https://research.checkpoint.com/2025/the-state-of-ransomware-q3-2025
  Thu, 13 Nov 2025 14:33:49 +0000
  Key Findings Record fragmentation and decentralization: The number of active extortion groups in Q3 2025 rose to a record of 85 groups, the highest number observed to date. The top 10 groups accounted only for 56% of all published victims, down from 71% in Q1. Stable high activity: Ransomware vict...
  
  
• [SMB] Infostealers: The silent doorway to identity attacks — and why proactive defense matters
  https://news.sophos.com/en-us/2025/11/14/infostealers-and-follow-on-attacks
  Fri, 14 Nov 2025 13:00:52 +0000
  Credential theft isn’t just an inconvenience. It’s often the first move in a chain reaction that ends in full-scale compromise. Beyond the dreaded password reset process, information stealers, as shown in several recent cyberattacks, can have far more consequential follow-on effects. For many smal...
  
  
• [SMB] Unleashing the Kraken ransomware group
  https://blog.talosintelligence.com/kraken-ransomware-group
  Thu, 13 Nov 2025 11:00:38 GMT
  In August 2025, Cisco Talos observed big-game hunting and double extortion attacks carried out by Kraken, a Russian-speaking group that has emerged from the remnants of the HelloKitty ransomware cartel. Talos observed in one intrusion that the Kraken actor exploited Server Message Block (SMB) vulne...
  
  
• [SMB] Threat Landscape of the Building and Construction Sector Part Two: Ransomware
  https://rapid7.com/blog/post/tr-building-construction-sector-threat-landscape-ransomware
  Fri, 14 Nov 2025 14:31:42 GMT
  In this second installment of our two-part series on the construction industry, Rapid7 is looking at the specific threat ransomware poses, why the industry is particularly vulnerable, and ways in which threat actors exploit its weaknesses to great effect. You can catch up on the first part here: Ini...
  
  
• [SMB] Critical Vulnerability in Fortinet FortiWeb Exploited in the Wild
  https://rapid7.com/blog/post/etr-critical-vulnerability-in-fortinet-fortiweb-exploited-in-the-wild
  Thu, 13 Nov 2025 21:36:27 GMT
  Overview On October 6, 2025, the cyber deception company Defused published a proof-of-concept exploit on social media that was captured by one of their Fortinet FortiWeb Manager honeypots. FortiWeb is a Web Application Firewall (WAF) product that is designed to detect and block malicious traffic to...
  
  
• [SMB] Rapid7 Named a Leader in the 2025 Gartner Exposure Assessment Platform Magic Quadrant
  https://rapid7.com/blog/post/em-rapid7-leader-2025-gartner-exposure-assessment-platform-magic-quadrant-mq-eap
  Thu, 13 Nov 2025 16:55:55 GMT
  We’re proud to share that Rapid7 has been recognized as a Leader in the 2025 Gartner® Magic Quadrant™ for Exposure Assessment Platforms (EAP). We believe this recognition underscores our commitment to redefining security operations by embedding continuous, business-aligned exposure management into t...
  
  
• [SMB] Software Supply Chain Attacks Surge to Record Highs in October, Driven by Zero-Day Flaws and Ransomware Groups
  https://cysecurity.news/2025/11/software-supply-chain-attacks-surge-to.html
  2025-11-14T11:28:00.000-05:00
  Cyble revealed in a blog post that threat actors on dark-web leak forums claimed 41 supply chain attacks in October. Software supply chain intrusions reached an unprecedented peak in October, surpassing previous monthly records by more than 30%, according to new research. Cyble revealed in a b...
  
  

Awareness

• [SMB] Google Sues to Disrupt Chinese SMS Phishing Triad
  https://krebsonsecurity.com/2025/11/google-sues-to-disrupt-chinese-sms-phishing-triad
  Thu, 13 Nov 2025 14:47:22 +0000
  Google is suing more than two dozen unnamed individuals allegedly involved in peddling a popular China-based mobile phishing service that helps scammers impersonate hundreds of trusted brands, blast out text message lures, and convert phished payment card data into mobile wallets from Apple and Goog...
  
  
• [SMB] How password managers can be hacked – and how to stay safe
  https://welivesecurity.com/en/cybersecurity/password-managers-under-attack-what-you-should-know
  Thu, 13 Nov 2025 10:00:00 +0000
  Look no further to learn how cybercriminals could try to crack your vault and how you can keep your logins safe The average internet user has an estimated 168 passwords for their personal accounts, according to a study from 2024. That’s a massive 68% increase on the tally four years previously. Giv...
  
  

Emerging

• [SMB] The Role of Humans in an AI-Powered World
  https://schneier.com/blog/archives/2025/11/the-role-of-humans-in-an-ai-powered-world.html
  2025-11-14T12:00:33Z
  The Role of Humans in an AI-Powered World As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test...
  
  
• [SMB] Introducing StackHawk’s LLM Security Testing: Find LLM Risks Pre-Production
  https://stackhawk.com/blog/llm-security-testing
  Thu, 13 Nov 2025 17:08:02 +0000
  TL;DR: StackHawk now detects five critical LLM security risks from the OWASP LLM Top 10—Prompt Injection, Sensitive Data Disclosure, Improper Output Handling, System Prompt Leakage, and Unbound Consumption—natively as part of our shift-left runtime testing. AI isn’t just changing the pace and volum...
  
  
• [SMB] The Subtle Signs That Reveal an AI-Generated Video
  https://cysecurity.news/2025/11/the-subtle-signs-that-reveal-ai.html
  2025-11-13T11:25:00.000-05:00
  It is important to know what clues can still help identify computer-generated clips before that distinction disappears completely. Artificial intelligence is transforming how videos are created and shared, and the change is happening at a startling pace. In only a few months, AI-powered video g...
  
  

Controls

• [SMB] ASUS warns of critical auth bypass flaw in DSL series routers
  https://bleepingcomputer.com/news/security/asus-warns-of-critical-auth-bypass-flaw-in-dsl-series-routers
  Fri, 14 Nov 2025 04:52:37 -0500
  ASUS has released new firmware to patch a critical authentication bypass security flaw impacting several DSL series router models. Tracked as CVE-2025-59367, this vulnerability allows remote, unauthenticated attackers to log into unpatched devices exposed online in low-complexity attacks that don't...
  
  

Other

• [SMB] Now-Patched Fortinet FortiWeb Flaw Exploited in Attacks to Create Admin Accounts
  https://thehackernews.com/2025/11/fortinet-fortiweb-flaw-actively.html
  Fri, 14 Nov 2025 14:30:00 +0530
  Cybersecurity researchers are sounding the alert about an authentication bypass vulnerability in Fortinet Fortiweb WAF that could allow an attacker to take over admin accounts and completely compromise a device. "The watchTowr team is seeing active, indiscriminate in-the-wild exploitation of what a...
  
  
• [SMB] How CISOs Can Best Work with CEOs and the Board: Lessons from the Field
  https://darkreading.com/cyber-risk/how-cisos-can-best-work-with-ceos-and-the-board-lessons-from-the-field
  Thu, 13 Nov 2025 23:40:55 GMT
  To build an effective relationship with the CEO and the Board, CISOs must translate technical risks into business terms and position cybersecurity as a strategic business enabler rather than just a business function....
  
  
• [SMB] FBI flags scam targeting Chinese speakers with bogus surgery bills
  https://theregister.com/2025/11/14/fbi_chinese_speaker_health_insurance
  2025-11-14T16:16:45.00Z
  Chinese speakers in the US are being targeted as part of an aggressive health insurance scam campaign, the FBI warns. In telephone calls carried out in Chinese, the scammers reel in targets under the pretense that they have unpaid bills related to recent surgical procedures. They use spoofed telep...
  
  
• [SMB] Book Review: The Business of Secrets
  https://schneier.com/blog/archives/2025/11/book-review-the-business-of-secrets.html
  2025-11-13T12:09:39Z
  Book Review: The Business of Secrets The Business of Secrets: Adventures in Selling Encryption Around the World by Fred Kinch (May 24, 2024) From the vantage point of today, it’s surreal reading about the commercial cryptography business in the 1970s. Nobody knew anything. The manufacturers didn’t...
  
  
• [SMB] Sophos named a Leader in the KuppingerCole 2025 Leadership Compass for Email Security
  https://news.sophos.com/en-us/2025/11/13/sophos-named-a-leader-in-the-kuppingercole-2025-leadership-compass-for-email-security
  Thu, 13 Nov 2025 14:00:16 +0000
  We’re excited to announce that Sophos has been named a Leader across all four evaluation categories — Overall, Product, Innovation, and Market — in the 2025 KuppingerCole Leadership Compass for Email Security. This marks a significant advancement from the previous report in 2023, where Sophos achie...
  
  
• [SMB] Case Study: University of West England uses Sophos solutions to protect thousands of students across multiple campuses
  https://news.sophos.com/en-us/2025/11/13/uwe-case-study-fighting-ransomware-in-higher-education
  Thu, 13 Nov 2025 13:44:18 +0000
  At the University of the West of England (UWE Bristol), cybersecurity plays a critical role in ensuring uninterrupted education for 38,000 students spread across multiple campuses. Facing limited visibility and mounting cyber threats, UWE knew it needed to evolve from reactive defense to resilient ...
  
  
• [SMB] Microsoft Teams’ New Location-Based Status Sparks Major Privacy and Legal Concerns
  https://cysecurity.news/2025/11/microsoft-teams-new-location-based.html
  2025-11-14T09:33:00.000-05:00
  Microsoft Teams is preparing to roll out a new feature that could significantly change how employee presence is tracked in the workplace. By the end of the year, the platform will be able to automatically detect when an employee connects to the company’s office Wi-Fi and update their status to show ...