Welcome to the June 19th edition of ONSEC Cyber Daily, where the digital battlefield is ever-evolving, and today's headlines weave a narrative of heightened vigilance and strategic defense. As hiring processes transform into unforeseen cybersecurity vulnerabilities, organizations must brace for the unexpected. The U.S. Department of the Treasury's past warnings about North Korea's cyber ambitions echo louder than ever, as fake CAPTCHA windows stealthily deploy malware, and critical ICS vulnerabilities threaten infrastructure giants like Siemens and Fuji. Meanwhile, the Lazarus Group's Operation SyncHole targets South Korean firms, underscoring the global reach of cyber threats. Android users face urgent updates to thwart security risks, while Moody's highlights the financial peril posed by cyberattacks. Linux systems grapple with root-level threats, and Veeam races to patch critical flaws in its backup solutions. As the digital landscape shifts, staying informed and proactive is not just advisable—it's imperative. Dive into today's stories and arm yourself with the knowledge to navigate this complex cyber terrain.

Exploits Alert

1. Why Your Hiring Process is Now a Cybersecurity Vulnerability: Pindrop Security highlights how hiring processes can be exploited as cybersecurity vulnerabilities. The report emphasizes the need for organizations to secure their recruitment channels to prevent potential breaches. This vulnerability can lead to unauthorized access and data theft if not properly managed. Source: Pindrop Security.
2. Beware: Fake CAPTCHA Windows Stealthily Install LightPerlGirl Malware: GBHackers reports on a new malware campaign using fake CAPTCHA windows to install the LightPerlGirl malware. This tactic deceives users into thinking they are completing a security check, while actually compromising their systems. The malware can lead to data theft and system control by attackers. Source: GBHackers.
3. CISA Warns of Critical ICS Vulnerabilities in Siemens, LS Electric, Fuji, Dover Infrastructure Equipment: The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued advisories about critical vulnerabilities in industrial control systems from major manufacturers. These vulnerabilities could allow attackers to disrupt critical infrastructure operations. Organizations using these systems are urged to apply patches immediately. Source: Industrial Cyber.
4. Operation SyncHole: Lazarus Cyber-Attack on South Korean Companies: INCIBE-CERT reports on Operation SyncHole, a cyber-attack campaign by the Lazarus Group targeting South Korean companies. The attack involves privilege escalation and exploitation of zero-day vulnerabilities. This operation highlights the ongoing threat posed by state-sponsored cyber groups. Source: INCIBE-CERT.
5. Android Users Urged to Update Their Phones 'Immediately' Over Serious Security Risk: The Mirror warns Android users to update their devices to patch serious security vulnerabilities. These vulnerabilities, if left unpatched, could be exploited by cybercriminals to gain unauthorized access to personal data. Users are advised to install updates promptly to protect their devices. Source: The Mirror.

Vulnerabilities & Patches

1. Veeam Releases Patch for Critical RCE Vulnerability: Veeam has addressed a critical remote code execution vulnerability, tracked as CVE-2025-23121, affecting domain-joined backup servers. This flaw allows authenticated users to execute arbitrary code, posing significant risks to data integrity and security. Administrators are urged to apply the patch immediately to safeguard their systems. Source: Cybersecurity Dive
2. Major Linux Distros Exposed to Root-Level Security Threat: A misconfiguration in the PAM framework, identified as CVE-2025-6018, affects major Linux distributions like openSUSE Leap 15. This vulnerability allows attackers to gain root access, emphasizing the need for immediate updates to prevent unauthorized control over systems. Source: HotHardware
3. Linux udisks Flaw Enables Root Access on Major Distros: The udisks vulnerability, CVE-2025-6019, impacts Ubuntu, Debian, Fedora, and openSUSE Leap 15, allowing attackers to escalate privileges to root. Security experts recommend prompt patching to mitigate potential exploitation. Source: Bleeping Computer
4. ASUS Armoury Crate Vulnerability Grants SYSTEM Privileges: A critical flaw in ASUS Armoury Crate, tracked as CVE-2025-3464, permits attackers to bypass authentication and obtain SYSTEM privileges on Windows systems. Users are advised to update their software to protect against potential attacks. Source: Lifehacker
5. Citrix NetScaler Critical Vulnerability Patched: Citrix has released updates to address CVE-2025-5349, a high-severity access control issue in the NetScaler Management Interface. This vulnerability could allow unauthorized access, making it crucial for administrators to apply the patch promptly. Source: SecurityWeek

Podcasts

1. Typhoon on the line - CyberWire: This podcast episode from CyberWire delves into the latest developments in cybersecurity, focusing on the evolving landscape of cyber threats and defenses. It provides insights from industry experts on how organizations can bolster their cyber resilience in the face of increasing digital threats. Source.
2. The Digital India Podcast with Veeam's Sandeep Bhambure: In this episode, Sandeep Bhambure discusses Veeam's strategic initiatives to enhance India's cyber resilience. The conversation highlights the importance of robust backup solutions and the role of digital transformation in safeguarding critical infrastructure. Source.
3. CISO Cyber Insurance Empowerment – Peter Hedberg, Stephan Jou, Morey Haber – BSW #400: This podcast explores the intricacies of cyber insurance and its growing importance in the cybersecurity landscape. The discussion covers how organizations can leverage insurance to mitigate risks and enhance their security posture. Source.
4. Enterprise-Grade IT Management Software: ManageEngine | SourceForge Podcast, ep. #59: This episode features a conversation with Bharani Kumar on the capabilities of ManageEngine's IT management software. It highlights how the platform aids in cybersecurity and delivers seamless service experiences. Source.
5. Inside A Cyber Attack: Are You Being Watched? (Podcast) - Security - Mondaq: This episode examines the alarming rise in sophisticated cyberattacks, particularly ransomware, and discusses strategies for organizations to protect themselves. It emphasizes the importance of vigilance and proactive defense measures. Source.

Final Words

As we wrap up today's edition of ONSEC Cyber Daily, it's clear that the digital landscape is more perilous than ever. From hiring processes becoming unexpected cybersecurity vulnerabilities to the persistent threats posed by state-sponsored cyber actors, vigilance is our strongest ally. The U.S. Department of the Treasury's warning about North Korea's cyber activities and the stealthy LightPerlGirl malware lurking behind fake CAPTCHA windows remind us that threats can come from the most unexpected places. Meanwhile, CISA's advisories on critical ICS vulnerabilities and the relentless exploits targeting Linux systems underscore the need for constant vigilance and timely updates. In this interconnected world, sharing knowledge is a powerful defense. If you found today's insights valuable, please share this newsletter with your friends and colleagues. Together, we can build a more informed and resilient community, ready to face the cyber challenges of tomorrow. Stay safe, stay informed, and see you in the next edition of ONSEC Cyber Daily!

ONSEC.io | LinkedIn

ONSEC.io | 1,839 followers on LinkedIn. Information security audits and penetration testing by a team of experts with an average experience of more than 7 years | ONSEC.io - is a penetration testing & in-depth security audit company with more than 13 years of experience on the market. Our team has already helped more than 300 companies be aware about possible system's vulnerabilities, including Republic, DMarket, LegionFarm, Parallels, Xsolla, Acronis, Manyсhat, Global Fashion Group and others. Our main goal is to increase the customer security level by finding and fixing security issues as well as improve security awareness inside the company, including developers, DevOps, and other teams to build a sustainable engineering culture with security knowledge.

LinkedIn

x.com

X (formerly Twitter)