
Multi-factor frustration.
An MFA outage affects Microsoft 365 Office apps. The Biden administration introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain’s largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI.
Today is Monday January 13th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
An MFA outage affects Microsoft 365 Office apps.
Microsoft resolved a Multi-Factor Authentication (MFA) outage affecting Microsoft 365 Office apps. The issue prevented users relying on MFA from accessing the apps, and some experienced problems with MFA registration and resets. Microsoft re-routed traffic to alternative infrastructure during its investigation, which revealed the outage was limited to users in Western Europe served by a specific section of unresponsive infrastructure.
Additionally, some Windows Server 2016 devices experienced crashes in Microsoft 365 apps, prompting further investigation. The company continues monitoring service telemetry to address these issues.
This outage follows several recent disruptions. In December, users faced “Product Deactivated” errors, while earlier incidents impacted Office web apps and the admin center. In November, a global outage affected multiple services, including Teams, Exchange, SharePoint, and Outlook.
Microsoft has since confirmed that services are stable.
The Biden administration introduces new export controls to block adversaries from accessing advanced AI chips.
The Biden administration is introducing new export controls to block adversaries like Russia and China from accessing U.S. advanced AI chips and machine learning blueprints. The rules, taking effect in 12 months, implement a three-tiered system, with the harshest restrictions on adversaries while exempting key allies such as Australia, Japan, and the EU.
Commerce Secretary Gina Raimondo emphasized protecting U.S. leadership in AI while allowing secure technology diffusion. Exceptions permit up to 1,700 advanced GPUs per order without a license and up to 320,000 over two years for buyers meeting security standards. Restrictions also apply to advanced AI models trained on massive computational operations.
Critics, including Nvidia and the Semiconductor Industry Association, argue the rushed rollout risks stifling innovation. The rules extend 2022–2023 chip controls and include measures to secure AI models and data centers while enabling allies to maintain frontier AI infrastructure.
FunkSec ransomware claims 85 victims.
A new ransomware group that surfaced in late 2024 called FunkSec claimed 85 victims in December alone, according to Check Point Research (CPR). The group, presenting itself as a ransomware-as-a-service (RaaS) operation, uses AI-assisted tools, enabling low-skilled actors to develop advanced malware. FunkSec employs double extortion tactics, combining data theft with encryption, and targets organizations globally, particularly in countries aligned with Israel. CPR notes many of the group’s victim claims may be recycled from previous hacktivist campaigns, questioning their authenticity.
A Dutch university cancels lectures after a cyberattack.
Eindhoven University of Technology canceled lectures and activities after a cyberattack detected Saturday night. The Dutch university shut down its network as a precaution but noted IT staff retain access to systems and are investigating. No data theft has been confirmed. Network-dependent services like email, WiFi, and canteen registers are offline, though the campus remains open.
Three Russian nationals have been indicted for operating cryptocurrency mixers.
Three Russian nationals have been indicted for operating cryptocurrency mixers Blender.io and Sinbad.io, which laundered money from cybercrimes, including funds stolen by the North Korean Lazarus Group. Roman Ostapenko and Alexander Oleynik were arrested in December 2024, while Anton Tarasov remains at large. Blender.io, active from 2018 to 2022, promised anonymity through a “No Logs Policy.” After its shutdown, Sinbad.io emerged, offering similar services. Both mixers were previously sanctioned by the U.S. Treasury for laundering millions in cryptocurrency, including funds stolen from the Axie Infinity hack in 2022. The suspects face charges of money laundering conspiracy and operating an unlicensed money-transmitting business, with potential sentences of up to 20 years. Authorities emphasized international cooperation in combating cybercrime and disrupting illicit financial networks.
Juniper Networks releases security updates for Junos OS.
Juniper Networks started 2025 by releasing security updates for Junos OS, addressing dozens of vulnerabilities, including several high-severity flaws. These include CVE-2025-21598, an out-of-bounds read bug in the routing protocol daemon (RPD) that can cause denial-of-service (DoS) via malformed BGP packets, and CVE-2025-21599, a kernel memory exhaustion flaw triggered by malformed IPv6 packets. Fixes were also issued for high-severity OpenSSH vulnerabilities and critical flaws in third-party components like Expat. No exploits have been reported, but users are urged to apply patches promptly.
Spain’s largest telecommunications company confirms a data breach.
Telefonica, Spain’s largest telecommunications company, confirmed a data breach involving its internal ticketing system after 2.3 GB of data appeared on Breach Forums. Hackers using compromised employee credentials accessed the system, scraping documents and tickets, some linked to @telefonica.com emails. Attackers, linked to the Hellcat Ransomware group, did not attempt extortion before leaking the data. Telefonica has blocked access and reset impacted accounts. While the full extent of the breach remains unclear, the company is investigating and enhancing security measures.
A critical vulnerability affects Aviatrix Controller.
A critical RCE vulnerability, CVE-2024-50603, affects Aviatrix Controller, a popular cloud networking platform. Actively exploited, with a CVSS score of 10.0, it enables unauthenticated attackers to execute arbitrary code via unsanitized API inputs. Exploitation has led to cryptojacking malware and backdoors in unpatched systems, with attackers targeting publicly exposed controllers. Affected versions include Aviatrix Controller prior to 7.1.4191 and 7.2.x before 7.2.4996. Organizations are urged to patch immediately, restrict access, and monitor for lateral movement within cloud environments.
The “Banshee” infostealer leverages a stolen Apple encryption algorithm.
The macOS infostealer “Banshee” has been leveraging a stolen Apple encryption algorithm to evade antivirus detection since September 2024. Initially sold on Russian cybercrime marketplaces as a $1,500 “stealer-as-a-service,” Banshee targets macOS systems to steal browser credentials, cryptocurrency wallet data, system information, and unlock passwords. Earlier versions were easily detected due to plaintext packaging, but a potent variant emerged using the same encryption algorithm as Apple’s XProtect antivirus, bypassing nearly all antivirus solutions for months.
Banshee spread via GitHub repositories offering cracked software and phishing sites mimicking legitimate programs like Google Chrome and Telegram. Despite its source code leaking in November and YARA rule updates addressing it, encrypted versions of Banshee largely remained undetected. Researchers warn that this incident underscores the need for vigilance, as macOS users are increasingly targeted by sophisticated malware campaigns.
Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets.
Researchers with the Halcyon RISE Team have uncovered a novel ransomware campaign targeting Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C). The attack, orchestrated by a group dubbed “Codefinger,” leverages compromised AWS keys to encrypt S3 data, rendering it unrecoverable without the attacker’s AES-256 key. Victims face permanent data loss as AWS logs only an HMAC, insufficient for decryption. Files are set for deletion within seven days to pressure ransom payments. Organizations must restrict SSE-C usage, audit AWS keys, and enable advanced logging to mitigate this threat.
A major data broker suffers a major data breach.
Gravy Analytics, a major location data broker, has suffered a major data breach, exposing millions of people’s sensitive location data collected from popular smartphone apps. Hackers accessed Gravy’s Amazon cloud storage using a misappropriated key, stealing terabytes of data, including over 30 million location data points. The leaked dataset tracks individuals’ movements to sensitive sites such as the White House, military bases, and personal residences, raising concerns about privacy and national security. Vulnerable groups, like LGBTQ+ individuals in restrictive countries, face heightened risks from deanonymization.
Gravy sources much of its data via ad auctions, where apps unknowingly share users’ information. The breach follows an FTC ban on Gravy for unlawful tracking practices. Experts recommend using ad blockers, disabling app tracking, and restricting location sharing to protect against such risks. Gravy has confirmed the breach and is investigating while its website remains offline.
Coming up after the break, I’m joined byCrowdSec’s CEO and Founder Philippe Humeau to discuss issues facing cybersecurity and how open-source cybersecurity platforms combat them. And, AI makes mistakes, too! We’ll be right back.
Welcome back.
The weirdness of AI.
Humans are experts at messing up. From losing our keys to occasionally misplacing a decimal (or a scalpel), mistakes are just part of the human experience. To keep these slip-ups in check, we’ve invented all sorts of clever safeguards—checklists, double-entry bookkeeping, and even writing “not this leg” on patients before surgery. But now, we’re integrating a whole new kind of mistake-maker: AI. Unlike us, AI doesn’t get tired or distracted, but its errors? They’re a breed apart. While a human might flub a math problem, AI might suggest that cabbages eat goats or forget what money is mid-task.
A piece by Bruce Schneier and Nathan Sanders for IEEE Spectrum suggests the weirdness of AI errors lies in their unpredictability. They don’t follow human patterns, making them both fascinating and unnerving. However, AI isn’t entirely alien. It shares some “human” quirks, like repeating familiar terms or falling for social engineering tricks. It’s also distractible—get it to process long documents, and it might zone out halfway through.
Dealing with AI mistakes requires creativity. Asking the same question multiple ways or cross-checking its output can help, since machines are endlessly patient with our nitpicking. And while we can train AI to make more human-like errors, it’s clear we need systems tailored to its peculiarities.
The key is balance. Use AI where it excels, like processing vast amounts of data, but don’t expect it to replace human judgment. After all, whether it’s a person or an algorithm, everyone benefits from a second opinion—especially if goats and cabbages are involved.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.