This Weeks Headlines

• PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming
• Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
• Over One-Third of Irish Households Experienced Cybercrime in the Past Year
• Microsoft Patches 57 Security Flaws, Including Six Actively Exploited Zero-Days
• New Vulnerabilities in ruby-saml Library Enable Potential Account Takeovers
• DeepSeek R1 AI Model Capable of Generating Malware Code with Prompt Engineering
• Meta Warns of Actively Exploited FreeType Vulnerability

PCI SSC Release Information Supplement on Payment Page Security and Preventing E-Skimming

The PCI Security Standards Council (PCI SSC) has introduced a new information supplement on “Payment Page Security and Preventing E-Skimming – Guidance for PCI DSS Requirements 6.4.3 and 11.6.1”. It provides guidance for merchants and service providers to protect payment card data during e-commerce transactions and prevent e-skimming attacks, which have increased significantly in recent years. The guidance aims to reduce the risk during e-commerce transactions by ensuring proper authorization, integrity, and monitoring of payment page scripts, and is intended for entities that process payment card transactions through e-commerce or with a webpage that can impact the security of e-commerce payments.

Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

Mozilla is urging Firefox users to update their browsers to version 128 or higher before March 14, 2025, due to the impending expiration of a root certificate essential for verifying signed content and add-ons.

Failure to update may result in disabled add-ons, malfunctioning security features, and issues with DRM-protected media playback. The expiration could also lead to outdated blocklists for harmful add-ons and untrusted SSL certificates, increasing security risks.

Users can check their Firefox version by navigating to Menu > Settings > About Firefox. IOS and iPad users are unaffected by this issue.

Over One-Third of Irish Households Experienced Cybercrime in the Past Year

A recent survey by 3Gem Research and Insights reveals that 36% of Irish households have encountered cybercrime over the last year. Notably, 20% of respondents reported direct experiences with cyberattacks or online fraud during this period.

The primary concerns among participants include personal device hacking (73%), online scams (68%), and identity theft (58%).

Alarmingly, 48% of individuals admit to reusing passwords across multiple accounts, and 41% rely solely on memory for password management, potentially compromising account security. Additionally, 26% have used public Wi-Fi for sensitive activities like online banking or shopping, increasing their exposure to cyber threats.

Microsoft Patches 57 Security Flaws, Including Six Actively Exploited Zero-Days

On March 12, 2025, Microsoft released security updates addressing 57 vulnerabilities across its software suite, including six zero-day flaws currently exploited in the wild.

Among the actively exploited zero-days are:

• CVE-2025-24983: A use-after-free vulnerability in the Windows Win32 Kernel Subsystem, allowing local privilege escalation.
• CVE-2025-24984: An information disclosure issue in Windows NTFS, enabling attackers with physical access to read portions of heap memory via a malicious USB device.
• CVE-2025-24985: An integer overflow in the Windows Fast FAT File System Driver, permitting unauthorised local code execution.
• CVE-2025-24991: An out-of-bounds read in Windows NTFS, leading to local information disclosure.
• CVE-2025-24993: A heap-based buffer overflow in Windows NTFS, allowing unauthorised local code execution.
• CVE-2025-26633: An improper neutralisation vulnerability in Microsoft Management Console, enabling local security feature bypass.

Notably, CVE-2025-24983 was identified by ESET researchers, who linked its exploitation to the PipeMagic backdoor, a plugin-based trojan targeting entities in Asia and Saudi Arabia.

Administrators and users are strongly advised to apply these updates promptly to mitigate potential security risks.

New Vulnerabilities in ruby-saml Library Enable Potential Account Takeovers

GitHub’s Security Lab has identified two high-severity vulnerabilities in the open-source ruby-saml library, tracked as CVE-2025-25291 and CVE-2025-25292, each with a CVSS score of 8.8.

These flaws arise from discrepancies in XML parsing between the REXML and Nokogiri libraries, potentially allowing attackers to perform Signature Wrapping attacks and bypass SAML authentication. This could enable unauthorised access to user accounts.

The vulnerabilities affect ruby-saml versions below 1.12.4 and between 1.13.0 and 1.18.0. Users are strongly advised to update to versions 1.12.4 or 1.18.0 to mitigate these security risks.

DeepSeek R1 AI Model Capable of Generating Malware Code with Prompt Engineering

Researchers from Tenable have discovered that DeepSeek’s R1 model, an open-source large language model (LLM), can generate functional malware code, including keyloggers and basic ransomware, when provided with carefully crafted prompts.

While the AI has built-in safeguards to prevent malicious outputs, these can be bypassed by framing requests as educational or research-oriented. The generated code often contains errors and requires manual adjustments by individuals with technical expertise to become operational.

This finding raises concerns about the potential misuse of AI technologies by cybercriminals, highlighting the need for robust security measures and ethical guidelines in AI development.

Meta Warns of Actively Exploited FreeType Vulnerability

Meta has identified a critical out-of-bounds write vulnerability (CVE-2025-27363) in FreeType versions 2.13.0 and earlier, potentially allowing remote code execution through malicious font files.

Despite a fix being available for nearly two years, several Linux distributions, including AlmaLinux, Alpine Linux, Amazon Linux 2, Debian stable, RHEL/CentOS Stream, GNU Guix, Mageia, OpenMandriva, openSUSE Leap, Slackware, and Ubuntu 22.04, continue to use outdated versions, leaving them susceptible.

Users are strongly advised to update to FreeType version 2.13.3 to mitigate this risk.

If you’re ready to chat about how we can help protect your business from cyber threats, contact us using the form below 👇.