top of page

This week in infosec news..

Writer's picture: danielweisdanielweis

Lots happening yet again in the infosec world this week. Still Lots of ongoing discussion around DeepSeek, I stumbled across this post from Nick Espinosa yesterday around his testing showing that even after his browser session was closed, deepseek continued to connect and send data to chinese IP addresses: https://www.linkedin.com/posts/nickespinosa_deepseek-appears-to-be-routing-data-to-china-activity-7291213519742451716-J3oY?utm_source=share&utm_medium=member_desktop&rcm=ACoAAADHnH0BgyGhzJFizuiwNndK3yATiuvZyFk, not great!


To that note, the list of countries and governments banning deepseek continues to increase, the latest being taiwan, with banning already in place in Italy, in Australia on government devices, the US navy has banned it completely, and the US Congress is cautioning members against its usage.


Microsoft has released its patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The most important one here is CVE-2025-21415 which has a CVSS of 9.9, and there are PoC exploits available in the wild now available. Microsoft's guidance can be found here: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21415


Google released its patches this week (47) for Android Including updates to address the Actively Exploited CVE-2024-53104:


AMD has released its update to address the most recent CVE-2024-56161. https://www.securityweek.com/amd-patches-cpu-vulnerability-found-by-google/


The AICD also released a post on the most recent cyber security and privacy regulations. To save you reading a bunch of posts from yours truly, they have condensed it into a nice short blog post here: https://www.aicd.com.au/risk-management/framework/cyber-security/new-cyber-security-and-privacy-regulation.html


If you are after more in depth information as well as information on other key strategic security priorities, you can check out my original post here: https://www.danweis.me/post/key-strategic-security-priorities-for-boards-management-and-it-teams-in-2025


The wave of data breaches in the US continues, with breaches in Healthcare affecting hundreds of thousands of individuals in Colorado & North Carolina and a data breach at Connecticut healthcare provider has impacted 1 million people. Additionally the GrubHub food delivery service has also disclosed a data breach.


And lastly a reminder to keep your client-side applications patched (such as 7-zip), with THN reporting that Russian Cybercrime Groups are Exploiting 7-Zip Flaws to Bypass Windows MotW Protections:


4 views0 comments

Recent Posts

See All

コメント


© 2024 Dan Weis

​

danweis.me

bottom of page