A credit card skimmer impacts over 61, 000 Avery customers. The city of Hamilton estimates a 52 million dollar bill to rebuild systems after a ransomware attack. And Microsoft issues a critical Outlook patch for an actively exploited vulnerability. This is Cybersecurity Today. I'm your host, Jim Love. A new study highlights serious vulnerabilities in Internet tunneling protocols, leaving more than 4. 2 million systems exposed to potential exploitation.
The affected protocols, IPIP, GRE, 4 in 6, and 6 in 4, are widely used for transferring data across networks, but researchers discovered a critical flaw. Many systems accept tunneling packets without verifying the sender's identity. This oversight allows attackers to hijack these systems for anonymous attacks, denial of service campaigns, and unauthorized access to private networks.
The study was conducted by cybersecurity experts at KU Levin and Top10VPN, An Internet wide scan identified vulnerable systems in countries including China, France, Japan, the U. S. and Brazil. devices include VPN servers, routers provided by internet service providers, and mobile network gateways. To address these risks, network administrators are urged to implement authentication and encryption for tunneling protocols, update network devices, and conduct routine security audits.
With millions of hosts at risk, these measures are critical to preventing attackers from exploiting these weaknesses. A data breach at label maker Avery has compromised the payment details of 61, 000 customers, exposing them to potential fraud.
A credit card skimmer was embedded on the company's website for nearly five months From July 18th to December 9th, 2024, the skimmer harvested sensitive information, including names, addresses, emails, phone numbers, and full payment card details, including CVV codes. Avery discovered the malware on December 9th and launched an investigation. Since the breach customers have reported fraudulent charges and phishing attempts in a statement.
Avery expressed regret and committed to improving its cyber security measures to prevent future incidents. Credit card skimmers are hard to detect because they exploit vulnerabilities and website content management systems. malicious JavaScript is seamlessly integrated with legitimate scripts, making attacks difficult to spot. Experts recommend keeping antivirus tools updated and enabling browser protection to block skimmers.
Customers are also advised to monitor their bank accounts for unusual activity and report fraudulent transactions immediately. The City of Hamilton in Ontario, Canada, is committing 52 million over the next three years to rebuild its secure IT infrastructure after a ransomware attack in February of 2024. The attack disrupted municipal services, including transit, Payroll, tax systems and building permit applications.
And although most systems have been restored, city officials acknowledge the need for long term improvements to prevent future incidents of the 52 million, 30 million will be spent in 2025. The funds will support 21 priority projects, including upgrading asset management systems. Fire dispatch software and financial platforms. The plan also includes hiring 48 full time staff, such as project managers, AI specialists, and cybersecurity analysts to oversee IT improvements.
However, some details remain confidential, raising concerns about transparency. Counselor Brad Clark criticized the secrecy saying if we're spending this kind of money, residents deserve to know where it's going. Officials argue that withholding specifics is necessary to avoid exposing vulnerabilities. A plan cyber security audit will assess the city's response and recommend further defenses to ensure resilience against future attacks.
And Microsoft has issued a critical update for Outlook to patch CVE 2025 21 298, a vulnerability rated 9. 8 out of 10 on the Common Vulnerabilities and Exposures, or CVE, scale. The flaw lies in a Windows Object Linking and Embedding, or OLE, mechanism that allows attackers to execute remote code using malicious, re encoded code. Rich text format or RTF documents.
The vulnerability can be exploited through email phishing campaigns, and even the outlook preview pane can serve as an attack vector, the vulnerability has been actively exploited, posing a serious threat to organizations. Mike Walters, president of Action One, warned that the low complexity of the attack makes it accessible to a broad range of threat actors. Exploitation could result in full system compromise, data theft, or malware installation.
Microsoft recommends users apply the patch immediately. For those unable to update right away, a temporary but inefficient workaround is to open RTF files in plain text format. Security teams should also review email filtering rules and train employees to recognize suspicious attachments. Failing to patch this flaw could leave systems vulnerable to widespread attacks. And that's our show for today. You can reach me with comments, questions, or tips at editorial at technewsday.
ca. Or if you're watching this on YouTube, please leave us a comment. To those who have already left comments and to some of you who've put some likes and thank yous and even subscribed, thank you. It's helping us build this YouTube audience. I'm your host, Jim Love. Thanks for listening.