Daily Security Digest – 2025-11-24
🛡️ Security Feed Digest – 2025-11-24
Total Articles: 17 SMB Tagged: 17
Key Takeaways
* **Small businesses at risk of malware infection**: Small and medium-sized businesses that use Microsoft Windows Server Update Services (WSUS) may be vulnerable to ShadowPad Malware due to a recently patched security flaw, which can grant full system access. SMB/MSP Action: Regularly update WSUS and patch vulnerabilities in a timely manner.
* **Cyber attacks target online shoppers and payment services**: As e-commerce continues to grow rapidly, small and medium-sized businesses are at increased risk of cyber attacks that target online shoppers and payment services, which can lead to significant financial losses. SMB/MSP Action: Implement robust security measures for online payment processing and shopping platforms.
* **Ransomware groups turn breaches into bidding wars**: Ransomware attacks are increasingly becoming a sophisticated business model, not just seeking ransoms, but also selling stolen data to the highest bidder on dark web auction sites, significantly increasing the financial risk for small businesses. SMB/MSP Action: Implement robust backup and disaster recovery processes to minimize data loss.
* **Data encryption mishaps can have significant consequences**: The loss of a decryption key by a trustee in an online election highlights the risk of data encryption mishaps, which can have significant consequences for organizations that rely on secure digital communication. SMB/MSP Action: Regularly review and update encryption protocols to prevent similar incidents.
* **Small businesses at risk of compromised network security due to malicious DNS queries**: Small and medium-sized businesses are at risk of compromised network security due to the increased threat of malicious DNS queries and data breaches, which can lead to significant financial losses and reputational damage. SMB/MSP Action: Implement robust DNS protection measures, such as using a reputable DNS provider.
* **Aging cybersecurity infrastructure can lead to increased costs and reduced ability to respond**: Small and medium-sized businesses may be vulnerable to cyber threats due to aging cybersecurity infrastructure, which can lead to increased costs and reduced ability to respond. SMB/MSP Action: Regularly review and update cybersecurity infrastructure to stay current with the latest threat landscape.
* **Apple's Digital ID feature poses potential security risk**: The introduction of Apple's Digital ID feature poses a potential security risk for small and medium-sized businesses, as it can facilitate the creation and sharing of digital credentials that could potentially lead to identity theft. SMB/MSP Action: Educate employees on the risks associated with using digital IDs and implement robust identity management protocols to prevent unauthorized access.
High-Risk
- [SMB] ShadowPad Malware Actively Exploits WSUS Vulnerability for Full System Access
https://thehackernews.com/2025/11/shadowpad-malware-actively-exploits.html
Mon, 24 Nov 2025 12:48:00 +0530
A recently patched security flaw in Microsoft Windows Server Update Services (WSUS) has been exploited by threat actors to distribute malware known as ShadowPad. "The attacker targeted Windows Servers with WSUS enabled, exploiting CVE-2025-59287 for initial access," AhnLab Security Intelligence Cen... - [SMB] To buy or not to buy: How cybercriminals capitalize on Black Friday
https://securelist.com/black-friday-threat-report-2025/118083
Mon, 24 Nov 2025 12:30:49 +0000
The global e‑commerce market is accelerating faster than ever before, driven by expanding online retail, and rising consumer adoption worldwide. According to McKinsey Global Institute, global e‑commerce is projected to grow by 7–9% annually through 2040. At Kaspersky, we track how this surge in onl... - [SMB] From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars
https://rapid7.com/blog/post/tr-extortion-ecommerce-ransomware-groups-turn-breaches-into-bidding-wars-research
Mon, 24 Nov 2025 14:21:37 GMT
Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in 2020... - [SMB] Chinese-Linked Hackers Exploit Claude AI to Run Automated Attacks
https://cysecurity.news/2025/11/chinese-linked-hackers-exploit-claude.html
2025-11-24T11:55:00.000-05:00
Anthropic investigators say the attackers reached an attack speed that would be impossible for a human team to sustain. Anthropic has revealed a major security incident that marks what the company describes as the first large-scale cyber espionage operation driven primarily by an AI sys... - [SMB] Cybercriminals Speed Up Tactics as AI-Driven Attacks, Ransomware Alliances, and Rapid Exploitation Reshape Threat Landscape
https://cysecurity.news/2025/11/cybercriminals-speed-up-tactics-as-ai.html
2025-11-24T11:12:00.000-05:00
The report also notes a shrinking window between public disclosure of vulnerabilities and active exploitation. Cybercriminals are rapidly advancing their attack methods, strengthening partnerships, and harnessing artificial intelligence to gain an edge over defenders, according to new threat intell... - [SMB] Checkout Refuses ShinyHunters Ransom, Donates Funds to Cybersecurity Research
https://cysecurity.news/2025/11/checkout-refuses-shinyhunters-ransom.html
2025-11-24T08:27:00.001-05:00
Checkout, a UK-based financial tech firm, recently suffered a data breach orchestrated by the cybercriminal group ShinyHunters, who have demanded a ransom for stolen merchant data. In response, the company announced it would not pay the ransom but instead donate the equivalent amount to Carnegie Mel... - [SMB] Governments sanction Russian “bulletproof” host for aiding ransomware networks
https://cysecurity.news/2025/11/governments-sanction-russian.html
2025-11-23T11:30:00.000-05:00
All assets connected to the named individuals and companies within the United States, the United Kingdom, and Australia will now be frozen. Authorities in the United States, the United Kingdom, and Australia have jointly imposed sanctions on a Russian bulletproof hosting provider accused of giv... - [SMB] Samsung Zero-Day Exploit “Landfall” Targeted Galaxy Devices Before April Patch
https://cysecurity.news/2025/11/samsung-zero-day-exploit-landfall.html
2025-11-23T10:22:00.000-05:00
A recently disclosed zero-day vulnerability affecting several of Samsung’s flagship smartphones has raised renewed concerns around mobile device security. Researchers from Palo Alto Networks’ Unit 42 revealed that attackers had been exploiting a flaw in Samsung’s image processing library, tracked as... - [SMB] Knownsec Breach Exposes Chinese State Cyber Weapons and Global Target List
https://cysecurity.news/2025/11/knownsec-breach-exposes-chinese-state.html
2025-11-23T09:04:00.000-05:00
A major data breach at the Chinese security firm Knownsec has exposed more than 12,000 classified documents, providing unprecedented insight into the deep connections between private companies and state-sponsored cyber operations in China. The leaked files reportedly detail a wide array of cyber cap... - [SMB] Mass Router Hijack Targets End-of-Life ASUS Devices
https://cysecurity.news/2025/11/mass-router-hijack-targets-end-of-life.html
2025-11-23T07:54:00.001-05:00
The research team has found an extensive cyber-espionage campaign known as Operation WrtHug, which has quietly infiltrated tens of thousands of ASUS routers across the globe, which is a sign that everyday network infrastructure is becoming increasingly vulnerable. A seemingly routine home or sm...
Policy
- [SMB] SCCM and WSUS in a Hybrid World: Why It’s Time for Cloud-native Patching
https://bleepingcomputer.com/news/security/sccm-and-wsus-in-a-hybrid-world-why-its-time-for-cloud-native-patching
Mon, 24 Nov 2025 10:01:11 -0500
Author: Gene Moody, Field CTO at Action1 For many IT leaders, the warning signs appeared gradually: devices slipping out of compliance for weeks, patch cycles extending well beyond acceptable risk thresholds, and admins struggling to adapt on-prem tools to a hybrid workforce. SCCM was once the gol...
Awareness
- [SMB] Apple’s Digital ID Tool Sparks Privacy Debate Despite Promised Security
https://cysecurity.news/2025/11/apples-digital-id-tool-sparks-privacy.html
2025-11-24T11:11:00.002-05:00
Apple’s newly introduced Digital ID feature has quickly ignited a divide among users and cybersecurity professionals, with reactions ranging from excitement to deep skepticism. Announced earlier this week, the feature gives U.S. iPhone owners a way to present their passport directly from Apple Walle...
Other
- [SMB] IACR Nullifies Election Because of Lost Decryption Key
https://schneier.com/blog/archives/2025/11/iacr-nullifies-election-because-of-lost-decryption-key.html
2025-11-24T12:03:46Z
The International Association of Cryptologic Research—the academic cryptography association that’s been putting conferences like Crypto (back when “crypto” meant “cryptography”) and Eurocrypt since the 1980s—had to nullify an online election when trustee Moti Yung lost his decryption key. For this ... - [SMB] Introducing Sophos DNS Protection for Endpoints
https://news.sophos.com/en-us/2025/11/24/introducing-sophos-dns-protection-for-endpoints
Mon, 24 Nov 2025 16:02:16 +0000
We released Sophos DNS Protection for networks last year, and it is now close to serving its 600 billionth query. Since then, many of you have asked for a version that can be used on roaming endpoints and for additional insights into DNS requests along with DNS over HTTPS. Today, we are excited to ... - [SMB] Modernizing trust: How UADY transformed campus security with Sophos
https://news.sophos.com/en-us/2025/11/24/uady-college-case-study-sophos-endpoint
Mon, 24 Nov 2025 13:30:51 +0000
At the Autonomous University of Yucatán (UADY), technology has long been central to supporting academic excellence. As the university expanded to serve more than 20,000 students across five campuses, its IT team faced increasing pressure on an aging cybersecurity infrastructure. Manual patching, li... - [SMB] The Sophos Central UAE region is now live!
https://news.sophos.com/en-us/2025/11/24/the-sophos-central-uae-region-is-now-live
Mon, 24 Nov 2025 13:30:24 +0000
We’re excited to share that the Sophos Central UAE Region is now live! Hosted on Amazon Web Services (AWS) within the United Arab Emirates, this new data center brings the power of Sophos Central and our cybersecurity services closer to customers and partners across the Middle East. The UAE Centra...