## Weekly Cybersecurity News Roundup
**Keeping you informed on the latest developments in cybersecurity**
In an ever-evolving digital landscape, it’s crucial to stay updated on the latest in cybersecurity. While some stories may not receive extensive media coverage, they can still significantly impact our understanding of the security environment. Each week, we compile key events and findings that contribute to a more comprehensive view of cybersecurity.
### DMCA Complaint from Restaurant Brands International
Recent reports indicate that researchers uncovered alarming vulnerabilities within the systems of Restaurant Brands International (RBI), the parent company of Burger King, Tim Hortons, and Popeyes. These vulnerabilities potentially exposed sensitive employee information and customer drive-through orders. After promptly addressing these issues, RBI issued a DMCA complaint against the researchers to remove their blog post revealing the findings. In a surprising turn, the blog post has been removed from the Internet Archive as well.
### Google Incentivizes Cloud Security Research
In a push to strengthen cloud security, Google recently hosted its first bugSWAT event focused on cloud vulnerabilities. A group of 20 elite security experts identified an impressive 91 vulnerabilities during the event, leading to a total payout of $1.6 million in bounties. This initiative has brought Google’s total rewards for cloud vulnerabilities this year to $2.5 million, highlighting the company’s commitment to enhancing security in cloud services.
### Microsoft’s Ongoing Battle with XSS Vulnerabilities
Cross-site scripting (XSS) vulnerabilities remain a persistent issue in many online services, and Microsoft is not immune. Since January 2024, the company has reported nearly 1,000 XSS vulnerabilities across its platforms. Over the past year, Microsoft has allocated more than $900,000 in bug bounties for these flaws, with single rewards reaching as high as $20,000. This ongoing battle underscores the complexity and difficulty of maintaining secure online environments.
### Huntress Raises Access Concerns Through Research Findings
Attention has turned to security firm Huntress following the publication of research that provided insight into a threat actor’s operations. The study revealed that a hacker had installed a trial version of Huntress’s product, prompting questions about the access the firm has to customer data. To clarify, Huntress explained that the insights gained were only due to the hacker running their trial product, which allowed the company to analyze alerts similar to those of its paying customers. John Hammond, Principal Security Researcher at Huntress, emphasized that the agent does not facilitate remote access to customer systems.
### Evolving Threat: Analysis of MostereRAT
FortiGuard Labs recently shared findings regarding MostereRAT, a remote access trojan (RAT) that has emerged from previous banking malware. Originating from a 2020 report on a banking trojan, MostereRAT employs advanced techniques to conceal its operations, including the use of legitimate remote access tools such as AnyDesk and RDP Wrapper. This evolution showcases the changing tactics employed by cybercriminals in their phishing campaigns.
### BlackDB Cybercrime Marketplace and Legal Consequences
In a noteworthy legal development, Liridon Masurica, a 33-year-old from Kosovo, has pleaded guilty to operating the BlackDB.cc cybercrime marketplace in a U.S. court. The platform allowed users to trade sensitive information such as account credentials and payment card data. Arrested in December 2024 in Kosovo and later extradited to the U.S., Masurica could face up to a decade in prison for his role in this operation.
### California’s Consumer Data Protection Legislation
In a move to bolster consumer privacy, California lawmakers have passed Assembly Bill 566, mandating that web browsers offer users the ability to opt out of data sharing. This bill awaits Governor Gavin Newsom’s signature to become law, marking a significant step toward increased user control over personal information online.
### HybridPetya Targets Secure Boot
A recent analysis by ESET has uncovered a new strain of malware named HybridPetya, linked to the notorious NotPetya. This ransomware leverages a vulnerability (CVE-2024-7344) to bypass UEFI Secure Boot, raising alarms about the potential for file encryption. Notably, there is currently no evidence of real-world deployment, suggesting it may primarily serve as a proof-of-concept by security researchers.
### Vulnerability Discovered in Cursor AI Code Editor
Oasis Security has identified a serious vulnerability within the Cursor AI code editor, which could allow malicious repositories to execute arbitrary code without user consent. This risk arises from a hidden ‘autorun’ instruction that triggers when a project folder is opened. Cursor has indicated that its Workspace Trust feature—meant to safeguard against such threats—is disabled by default, and they plan to update their security guidance to better inform users of potential risks.
### In Other News
A few more significant updates include reports of scams leveraging Grok AI, cybersecurity incidents in U.S. manufacturing sectors, and investigations into the security measures of Gmail. Additional attention has been drawn to hacking attempts involving Iranian ships and the use of AI in cyberattacks.
