07.04.25 Threat Report

This week's Threat Report includes critical vulnerabilities in Google’s Quick Share feature, a landmark privacy fine imposed on Apple in France, a severe flaw in Ivanti's Connect Secure product, and a data breach at Oracle Corporation.

1. Google Patches Critical Flaws in Quick Share Feature

Google has issued urgent patches addressing two high-severity vulnerabilities in its Quick Share feature on Android devices (formerly known as Nearby Share). These flaws, if left unaddressed, could allow attackers to send files to a victim’s device without their consent.

Attack Details:

• Identified vulnerabilities allowed attackers within Bluetooth proximity to silently push files to unsuspecting users, even if they declined a file transfer.

• The vulnerabilities, tracked as CVE-2024-29745 and CVE-2024-29748, could facilitate malware delivery or personal data theft.

• Exploits required only proximity to the target device—no physical access or interaction was necessary.

Potential Impact:

• Unauthorised malware installation on Android devices.

• Breach of personal and sensitive information.

• Risk to healthcare and telemedicine providers using mobile devices for patient communication or remote monitoring.

Recommendation:

• Ensure all Android devices are updated with the latest security patches from Google immediately.

• Disable Quick Share when not in use, particularly in public environments.

• Deploy Mobile Device Management (MDM) solutions to enforce security policies and restrict unauthorised file sharing.

• Educate staff on the risks of proximity-based attacks.

2. Apple Fined €150 Million Over Breach of Privacy Regulations in France

Apple has been fined €150 million by France’s competition authority (Autorité de la concurrence) for failing to obtain proper user consent before deploying targeted advertising identifiers on iPhones running iOS 14.6.

Breach Details:

• The authority found that Apple’s practices bypassed valid consent under GDPR, setting ad-tracking preferences by default.

• Users were not given a sufficiently clear opportunity to opt-in to targeted advertising at the initial setup stage.

• This decision highlights increasing regulatory scrutiny on Big Tech’s handling of user data, even when claimed to be privacy-centric.

Potential Impact:

• Precedent for stricter enforcement of privacy regulations across Europe.

• Heightened compliance risks for all businesses handling personal data—especially within digital health, where data sensitivity is paramount.

• Reputational damage and financial penalties for failing to meet GDPR consent standards.

Recommendation:

• Review and update all user consent mechanisms to ensure they are transparent, opt-in by default, and compliant with GDPR requirements.

• Implement Privacy-by-Design practices throughout product and service development.

• Conduct regular Data Protection Impact Assessments (DPIAs) to identify and address privacy risks proactively.

• Engage compliance specialists to audit your data collection and processing activities.

3. Critical Ivanti Flaw Actively Exploited to Deploy Malware

Ivanti has disclosed a critical security vulnerability (CVE-2025-22457) in its Connect Secure product that is being actively exploited in the wild. This stack-based buffer overflow flaw could allow remote unauthenticated attackers to execute arbitrary code on affected systems.

Attack Details:

• The vulnerability affects Ivanti Connect Secure versions prior to 22.7R2.6.

• Exploitation involves delivering malware such as TRAILBLAZE and BRUSHFIRE, enabling attackers to gain persistent access to compromised systems.

• The flaw has been observed being exploited since mid-March 2025.

Potential Impact:

• Unauthorised remote access to sensitive IT environments.

• Deployment of malware facilitating data exfiltration and further network compromise.

• Significant risk to organisations relying on Ivanti's remote access solutions.

Recommendation:

• Immediately update Ivanti Connect Secure to version 22.7R2.6 or later.

• Monitor external ICT for signs of compromise, such as unexpected web server crashes.

• Perform a factory reset on compromised appliances before restoring them to production.

• Regularly review and apply security patches to all remote access solutions.

4. Oracle Acknowledges Data Breach and Notifies Affected Clients

Oracle has confirmed a data breach involving its older Gen 1 servers, marking the second cybersecurity incident disclosed by the company in recent weeks. The breach has raised concerns about the security of Oracle’s cloud infrastructure and its ability to safeguard sensitive client data.

Breach Details:

• The breach was initially reported by a threat actor on Breachforums on March 20, 2025, claiming access to 6 million data records.

• Stolen data reportedly includes usernames, email addresses, hashed passwords, and sensitive authentication credentials such as Single Sign-On (SSO) and Lightweight Directory Access Protocol (LDAP) information.

• The breach was facilitated through a 2020 Java exploit, allowing the attacker to deploy a web shell and malware targeting Oracle’s Identity Manager (IDM) database.

Potential Impact:

• Exposure of sensitive customer information.

• Unauthorised access to client systems.

• Repetitional damage to Oracle and affected clients.

Recommendation:

• Reset and strengthen all passwords associated with Oracle services.

• Monitor systems for any unauthorised access or anomalies.

• Engage with Oracle to understand the scope of the breach and implement recommended security measures.

• Conduct thorough security assessments of systems connected to Oracle's infrastructure.

Sign up and stay ahead of emerging cyber threats with real-time insights from Periculo’s Weekly Threat Feed.

Our updates provide you with critical information on the latest vulnerabilities, attacks, and security trends—all designed to help you protect your business and make informed decisions.