slider

Netizen Cybersecurity Bulletin (January 30th, 2025)

Overview:

  • Phish Tale of the Week
  • Is DeepSeek Safe to Use? A Dive into Privacy and Security Concerns
  • Apple Fixes First Actively Exploited iOS Zero-Day of 2025
  • How can Netizen help?

Phish Tale of the Week

Often times phishing campaigns, created by malicious actors, target users by utilizing social engineering. For example, in this email, the actors are appearing as an unnamed company. They’re sending us a text message, asking us if we’re looking for a remote job, and that it’s imperative that we click the link below. It seems both urgent and genuine, so why shouldn’t we? Luckily, there’s plenty of reasons that point to this being a scam.

Here’s how we can tell not to fall for this phish:

  1. The first warning sign for this SMS is the context in which it was sent. When I recieved this SMS, I immediately knew not to click on the link due to the fact that I did not recently inquire anywhere about any remote work; Real companies looking to recruit qualified employees would not reach out to numbers in this way. On top of that, it’s very apparent that this message was blasted out to random numbers: the message doesn’t even include my name or attempt to provide any level of familiarity that would convince me to click on their fake WhatsApp link.
  2. The second warning signs in this email is the messaging. This message tries to create a sense of opportunity and urgency in order to get you to take action by using language such as “You only need to invest 20 minutes a day.” Phishing and smishing scams commonly attempt to create a sense of urgency/confusion in their messages in order to get you to click their link without thinking about it first. Always be sure to thoroughly inspect the style and tone of all texts before following a link or other attachment sent through SMS.
  3. The final warning sign for this email is the wording. The grammar is strange and unprofessional, a real job offer or recruiter would not send out an SMS blast to several people like this. All of these factors point to the above being a smishing text, and a very unsophisticated one at that.


General Recommendations:

phishing attack will typically direct the user to click on a link where they will then be prompted to update personal information, such as a password, credit card, social security, or bank account information. A legitimate company already has this sensitive information and would not ask for it again, especially via your text messages. 

  1. Scrutinize your messages before clicking anything. Have you ordered anything recently? Does this order number match the one I already have? Did the message come from a store you don’t usually order supplies from or a service you don’t use? If so, it’s probably a phishing attempt.
  2. Verify that the sender is actually from the company sending the message.
  3. Did you receive a message from someone you don’t recognize? Are they asking you to sign into a website to give Personally Identifiable Information (PII) such as credit card numbers, social security number, etc. A legitimate company will never ask for PII via instant message or email.
  4. Do not give out personal or company information over the internet.
  5. Do not click on unrecognized links or attachments. If you do proceed, verify that the URL is the correct one for the company/service and it has the proper security in place, such as HTTPS.

Many phishing messages pose a sense of urgency or even aggressiveness to prompt a form of intimidation. Any email requesting immediate action should be vetted thoroughly to determine whether or not it is a scam. Also, beware of messages that seek to tempt users into opening an attachment or visiting a link. For example, an attachment titled “Fix your account now” may draw the question “What is wrong with my account?” and prompt you to click a suspicious link.


Cybersecurity Brief

In this month’s Cybersecurity Brief:

Is DeepSeek Safe to Use? A Dive into Privacy and Security Concerns

DeepSeek AI has taken the tech world by storm, rising to the top of app store rankings and positioning itself as a strong competitor to OpenAi’s ChatGPT. However, despite its rapid success, the Chinese AI platform has raised serious privacy and security concerns—issues that even traditional privacy tools like VPNs may not fully protect against.

DeepSeek was barely a week into its public release when it suffered a large-scale cyberattack, forcing the platform to limit new user registrations. While existing users could still log in, the attack disrupted services, and DeepSeek acknowledged ongoing performance issues on its status page.

Although the company has not disclosed specific details about the attack, cybersecurity experts suspect it was a distributed denial-of-service (DDoS) attack, which overwhelms a system with excessive traffic, causing it to crash. This incident raises critical questions about DeepSeek’s security infrastructure and its ability to protect user data.

Beyond cybersecurity threats, DeepSeek’s privacy policy has sparked significant concerns regarding how the platform collects, stores, and shares user data. Here are some key takeaways:

DeepSeek requires users to sign in via Google, granting the platform access to personal information, including:

  • Full name
  • Email address
  • Profile picture (if available)

While this may seem standard, the policy states that DeepSeek may also collect additional information from third-party services, potentially exposing more user data than anticipated.

DeepSeek not only collects data on its own platform but also tracks user activity across other websites and services. The platform’s advertising and analytics partners share information about user actions outside of DeepSeek, including:

  • Websites visited
  • Products purchased
  • Online interactions

Even if DeepSeek claims to “anonymize” data, this level of tracking significantly compromises user privacy.

One of the most alarming discoveries in DeepSeek’s privacy policy is its collection of keystroke patterns and rhythms. This means the AI tool is capable of:

  • Logging every key you press
  • Monitoring how long you press each key
  • Recording the speed and pattern of your typing

This level of tracking is highly invasive, as keystroke logging can reveal sensitive information such as passwords and private conversations. Worse still, DeepSeek does not clearly state how long this data is stored or whether it can ever be fully deleted.

DeepSeek states it retains user data for as long as necessary, but it does not define a specific timeframe. This vague policy means that your personal information could be stored indefinitely, leaving it vulnerable to potential misuse or unauthorized access.

DeepSeek’s data is stored on servers located in China, raising additional concerns about how user information is managed and whether it is subject to government surveillance. The terms of service confirm that the platform is governed by Chinese laws, meaning any collected data could potentially be accessed by state authorities.

DeepSeek’s vulnerabilities extend beyond privacy concerns. Cybersecurity researchers at KELA have successfully jailbroken DeepSeek’s AI model, proving that it can be manipulated to:

  • Generate ransomware
  • Provide instructions for creating toxins
  • Fabricate sensitive content

The “Evil Jailbreak” exploit, which bypasses AI safety mechanisms, was previously patched in ChatGPT 3.5—but DeepSeek remains vulnerable.

KELA’s findings highlight how easily the AI model can be exploited, making it a potential tool for cybercriminals. This is particularly concerning given that AI-driven malware development, phishing scams, and fraud are already on the rise.

DeepSeek’s ties to China’s legal and cybersecurity frameworks have sparked comparisons to TikTok, which has faced scrutiny over its data-sharing policies. The Chinese government has extensive control over internet regulations, meaning that DeepSeek’s collected data could be subject to state oversight.

Users have also reported that DeepSeek censors politically sensitive topics, such as Tiananmen Square and Taiwan, further fueling concerns about government influence.

While DeepSeek’s AI capabilities may be impressive, its security flaws, invasive tracking, and questionable data policies make it a high-risk platform for privacy-conscious users. Here’s why you might want to reconsider:

  • Cyberattacks have already disrupted the platform—indicating weak security measures.
  • User data is extensively tracked and shared, including across third-party sites.
  • Keystroke logging poses a major privacy threat, with no clear data retention policy.
  • Chinese government regulations may compromise data security and transparency.

Unless DeepSeek addresses its security vulnerabilities and clarifies its data policies, users should approach this AI tool with extreme caution.

If protecting your personal information, browsing habits, and online security is a priority, DeepSeek is best avoided—at least until significant improvements are made.

To read more about this article, click here.


Apple Fixes First Actively Exploited iOS Zero-Day of 2025

Apple has released security updates addressing multiple vulnerabilities across its mobile and desktop platforms, including a zero-day flaw actively exploited in iOS attacks.

One of the most critical fixes in this update targets CVE-2025-24085, a use-after-free vulnerability in the CoreMedia component. According to Apple’s advisory, this flaw could allow malicious applications to escalate privileges, potentially giving attackers unauthorized access to sensitive data and system resources.

Apple confirmed that the vulnerability has been exploited in the wild against versions of iOS prior to iOS 17.2 but did not disclose specific details regarding the nature of these attacks. The issue was addressed through improved memory management.

Alongside iOS and iPadOS updates, Apple rolled out patches for macOS Sequoia, tvOS, visionOS, and watchOS, all of which were impacted by CVE-2025-24085. However, there is no evidence that this vulnerability has been exploited on platforms other than iOS.

The latest security updates include:

  • iOS 18.3 and iPadOS 18.3, which fix 29 vulnerabilities, including issues related to authentication bypass, arbitrary code execution, privilege escalation, spoofing, and command injection.
  • macOS Sequoia 15.3, which patches over 60 vulnerabilities addressing similar security concerns.
  • macOS Sonoma 14.7.3 and macOS Ventura 13.7.3, which fix over 40 and 30 security flaws, respectively.
  • tvOS 18.3, watchOS 11.3, and visionOS 2.3, which contain security updates addressing between 17 and 21 vulnerabilities.
  • Safari 18.3, which includes fixes for seven browser vulnerabilities, including authentication bypass, user interface spoofing, denial-of-service (DoS), and command injection risks.

According to Sylvain Cortes, VP at Hackuity, attackers could exploit the CoreMedia flaw using a malicious app disguised as a media player, granting them access to sensitive data and potentially leading to unauthorized data access, financial loss, and privacy breaches.

Apple users are strongly advised to update their devices immediately to protect against these security threats. For more details, visit Apple’s security updates page.

To read more about this article, click here.


How Can Netizen Help?

Netizen ensures that security gets built-in and not bolted-on. Providing advanced solutions to protect critical IT infrastructure such as the popular “CISO-as-a-Service” wherein companies can leverage the expertise of executive-level cybersecurity professionals without having to bear the cost of employing them full time. 

We also offer compliance support, vulnerability assessments, penetration testing, and more security-related services for businesses of any size and type. 

Additionally, Netizen offers an automated and affordable assessment tool that continuously scans systems, websites, applications, and networks to uncover issues. Vulnerability data is then securely analyzed and presented through an easy-to-interpret dashboard to yield actionable risk and compliance information for audiences ranging from IT professionals to executive managers.

Netizen is a CMMI V2.0 Level 3, ISO 9001:2015, and ISO 27001:2013 (Information Security Management) certified company. We are a proud Service-Disabled Veteran-Owned Small Business that is recognized by the U.S. Department of Labor for hiring and retention of military veterans. 


Copyright © Netizen Corporation. All Rights Reserved.