Cyber Briefing: 2025.01.03

👉 What are the latest cybersecurity alerts, incidents, and news?

Email Servers, Sniffing Attacks, Encryption, Sysbumps, Speculative Execution, Macos, Kernel Security, Windows 11, Bitlocker, Encryption Keys, Bad Likert Judge, AI, Safety Measures, Iterm2 Emulator, User Data, SSH Keys, Roomster, Data Leak, Banque De L’habitat Du Sénégal, Cyberattack, ATM Services, Disruption, Bcm One, Data Breach, Customer Information, Senior Citizens Inc., Breach, Personal Information, Mumbai, Financial Scam, Fraudsters, Pentagon, Ai Chatbot, Military Medicine, Florida, Social Media, Ban, Minors, Foreign Drones, Restrictions, National Security, Apple, Siri, Privacy Violation, Settlement.

Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.

First time seeing this? Please subscribe.

🚨 Cyber Alerts

1. Over 3 Million Email Servers Lack Encryption

Over 3 million Email servers running IMAP and POP3 services without TLS encryption are currently exposed to network sniffing attacks, leaving usernames, passwords, and email contents vulnerable to interception. According to scans from the ShadowServer Foundation, these unencrypted servers transmit credentials in plain text, creating opportunities for attackers to exploit weak security configurations. Administrators are being urged to enable TLS encryption, adopt modern protocol versions like TLS 1.3, and assess whether public exposure of these services is necessary.

2. SysBumps Attack Bypasses Kernel Security

A new attack, named SysBumps, has been discovered that targets macOS systems running on Apple Silicon processors. The attack exploits speculative execution vulnerabilities in system calls, bypassing Kernel Address Space Layout Randomization (KASLR), a key security feature that randomizes the kernel’s memory layout to thwart attackers. By leveraging the Translation Lookaside Buffer (TLB) as a side channel, SysBumps…