18 April, 2025
Welcome to the weekly Threat Intelligence Digest!
In this edition, we cover a range of critical topics to keep you informed and prepared. Additionally, we will delve into the critical threats and vulnerabilities that could impact the organizations in the United Arab Emirates (UAE), with in-depth summary of the threat, expert recommendations, and references to help you safeguard your digital assets.
Risk Rating: High
Researchers at CTM360 reveals a sophisticated banking trojan ‘PlayPraetor’, spreading globally and deceives users by impersonating legitimate Google Play Store pages, growing substantially from over 6,000 URLs of a specific banking attack to more than 16,000 with multiple variants. This campaign, which targets banking and financial information, demonstrates advanced techniques of deception and distribution, adapting to various geographies with multiple malware variants including phishing, remote access Trojans (RATs), and accessibility abuse.
Detailed examinations of newly identified variants show a concerted effort to exploit Android users across different global regions, continually evolving to stay effective. As a global operation, its sophisticated impersonation of Google Play Store pages taps into a broad spectrum of attack vectors including phishing, remote access Trojans (RATs), and accessibility service abuse, which can pose a significant threat to the individuals and entities in the United Arab Emirates (UAE).
Recommendation: CPX Threat Intelligence Centre recommends the following measures:
• Implement stronger verification processes for app submissions on the Google Play Store to ensure they are from legitimate developers and not impersonators.
• Encourage users to enable multi-factor authentication (MFA) and install reputable security apps that can detect phishing and malware attempts.
• Employ advanced threat detection and intelligence sharing systems to quickly identify and mitigate new variants of threats like PlayPraetor as they evolve.
Reference: https://cdn.prod.website-files.com/66fbdb04ee8bb0436308fc15/67f7b1760da90cfe1abd7bfb_Play%20Masquerading%20Party%20(PMP)%20Report%202025%20-%20CTM360.pdf
Risk Rating: High
In April 2025, Microsoft released its monthly Patch Tuesday updates, addressing a total of 134 vulnerabilities across its software products. This update is particularly significant as it includes 1 being actively exploited in the wild, and 11 more likely to be exploited in the future.
Vulnerability Breakdown:
• 49 Elevation of Privilege Vulnerabilities: These flaws could allow attackers to gain elevated access to system resources.
• 9 Security Feature Bypass Vulnerabilities: These vulnerabilities could enable attackers to bypass security features.
• 31 Remote Code Execution Vulnerabilities: A significant number of vulnerabilities that could allow attackers to execute arbitrary code remotely.
• 17 Information Disclosure Vulnerabilities: These flaws could lead to unauthorized access to sensitive information.
• 14 Denial of Service Vulnerabilities: Vulnerabilities that could disrupt service availability.
• 3 Spoofing Vulnerabilities: These could allow attackers to impersonate legitimate users or services.
• 11 Edge - Chromium Vulnerabilities.
Recommendation: At the time of writing, there are reports of active exploitation of CVE-2025-29824 - Windows Common Log File System Driver Elevation of Privilege Vulnerability.
Reference: https://msrc.microsoft.com/update-guide/releaseNote/2025-Apr
Risk Rating: High
The CA/Browser (Certificate Authority/Browser) Forum has voted to significantly reduce the lifespan of SSL/TLS certificates from the current 398 days to 47 days by March 2029 to enhance security against outdated data, deprecated algorithms, and compromised credentials. The gradual reduction imposes new management challenges but encourages the adoption of automation for certificate renewals, ultimately aiming to strengthen the overall cyber threat landscape.
From a threat intelligence perspective, frequent certificate renewals could mitigate risks related to outdated encryption and compromised credentials. However, this change necessitates substantial investment in automated certificate management systems to avoid increased administrative burdens and network downtime due to expired certificates.
Recommendation:
• Implement automated certificate renewal systems to comply with the gradually reducing SSL/TLS certificate lifespans.
• Utilize services from cloud providers, Let's Encrypt, or ACME-supporting certificate providers to streamline certificate management.
• Conduct frequent revalidation processes to ensure the authenticity and integrity of your digital certificates.
Reference: https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/9768xgUUfhQ?pli=1
Risk Rating: High
The Apache Software Foundation team addressed a critical vulnerability affecting the Apache Roller product. Tagged as CVE-2025-24859 (CVSS: 10.0 Apache Software Foundation Rating), the flaw causes user sessions to not be properly invalided after password changes, causing existing sessions to remain active and usable after a password change either by the user or by an administrator.
Successful exploitation of the vulnerability allows continued access to the application through old sessions even after password changes, potentially enabling unauthorized access if credentials were compromised.
Recommendation: CPX-TIC recommend customers to act quickly and apply the patches to mitigate any potential threats.
Reference: https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f
We hope the insights and recommendations help you to stay ahead of potential threats and enhance your organization's cybersecurity posture. Remember, staying informed and proactive is key to defending against ever-evolving cyber threats. If you have any questions or need further assistance, don't hesitate to reach out to our Threat Intelligence Centre.
Stay safe and secure, and we'll see you in next week's edition!
©CPX 2025. All rights reserved. Privacy policy | Terms of use
