1/30/2025 January 30, 2025January 30, 2025 ~ The Cyber Beat ~ Leave a comment Google: Over 57 Nation-State Threat Groups Using AI for Cyber OperationsTime Bandit ChatGPT Jailbreak Bypasses Safeguards on Sensitive TopicsGoogle Blocked 2.36 Million Risky Android Apps From Play Store in 2024Krebs: Infrastructure Laundering: Blending in with the CloudU.S. FDA Identifies Cybersecurity Risks in Certain Patient MonitorsAuthorities Seize Domains of Popular Hacking Forums in Major Cybercrime CrackdownGabbard Grilled Over Snowden Comments During Senate Confirmation HearingRansomware Attack Disrupts Blood Donation Services in U.S.AngelSense Exposed Location Data and Personal Information of Tracked UsersCybersecurity Event at Benefits Management Group (IL) Results in Data BreachSolana Pump.Fun Tool DogWifTool cCompromised to Drain WalletsSyncjacking Attack Enables Full Browser and Device TakeoverNew Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS AttacksStates With Laws Requiring Data Brokers to Register Are Ramping up Enforcement
1/29/2025 January 29, 2025January 29, 2025 ~ The Cyber Beat ~ Leave a comment Poland Accuses Russia of Recruiting Polish Citizens Online for Election MeddlingLazarus Group Uses React-Based Admin Panel to Control Global Cyber AttacksUAC-0063 Expands Cyber Attacks to European Embassies Using Stolen DocumentsGoogle Will Now Automatically Revoke Permissions From Harmful Android AppsExposed DeepSeek Database Revealed Chat Prompts and Internal Data…DeepSeek Leveraged U.S. Chips, ‘Stolen’ Technology, Trump’s Commerce Secretary Pick Says…Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster CyberattacksItalian Regulator Asks DeepSeek for Information About Data CollectionNation-State Hackers Abuse Gemini AI ToolThe Trial at the Tip of the Terrorgram IcebergFBI Seizes Cracked.io, Nulled.to Hacking Forums in Operation TalentThreat Actors Exploit Government Websites for PhishingHow Interlock Ransomware Infects Healthcare OrganizationsSouth Africa’s Government-Run Weather Service Knocked Offline by CyberattackFrederick Health (MD) Network Forced to Shut down It Systems After Ransomware AttackAlbany Gastroenterology Associates (NY) Files Notice of Data Breach Following Unauthorized Access to Computer NetworkLaravel Admin Package Voyager Vulnerable to One-Click Rce FlawZyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 VulnerabilityBroadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load BalancerCritical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code ExecutionNew SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution ExploitsSectigo Buys Entrust’s Public Certificate Business
1/28/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: A Tumultuous Week for Federal Cybersecurity EffortsDeepSeek’s Popular AI App Is Explicitly Sending U.S. Data to China…Apple Researchers Reveal the Secret Sauce Behind DeepSeek AIScammers Are Creating Fake News Videos to Blackmail VictimsAI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore robots.txtMicrosoft Tests Edge Scareware Blocker to Block Tech Support ScamsGoogle Play Will Now Verify VPNs That Prioritize Privacy and SafetyBritish Vishing-as-a-Service Trio SentencedProsecutors Say They Can’t Obtain Murder Conviction After Judge Throws Out Evidence From Facial Recognition Match58% of Ransomware Victims Forced to Shut Down OperationsHow Long Does It Take Hackers to Crack Modern Hashing Algorithms?UK Engineering Firm Smiths Group Hit by Cyber AttackTexas Utility Firm CenterPoint Energy Investigating Potential Leak of Customer Data Tied to 2023 MOVEit BreachAPI Supply Chain Attacks Put Millions of Airline Users at RiskPowerSchool Starts Sending Breach Notifications, but There Are Still Questions Left to AnswerENGlobal Cyber-Attack Exposes Sensitive DataPureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing CyberattacksLynx Ransomware Group Unveiled with Sophisticated Affiliate ProgramHellcat: Baguette Bandits Strike Again With Ransomware and a Side of MockeryHackers Exploiting Flaws in SimpleHelp RMM to Breach NetworksNew Apple CPU Side-Channel Attacks Steal Data From BrowsersSignal Will Let You Sync Old Messages When Linking New Devices
1/27/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Silicon Valley Is Raving About a Made-in-China DeepSeek AI Model…China’s DeepSeek AI App Sends U.S. Tech Stocks Reeling…DeepSeek’s Top-Ranked AI App Is Restricting Sign-Ups Due to ‘Malicious Attacks’Hackers Hijack Emergency Sirens in Kindergartens Across IsraelUkraine Denies Involvement in Cyberattack Against SlovakiaSweden Seizes Cargo Ship After Another Undersea Cable Hit in Suspected SabotageEU Sanctions Russian GRU Hackers for Cyberattacks Against EstoniaMGM Agrees to Pay $45 Million to Settle Data-Breach LawsuitBrazil Bans Iris Scan Company Co-Founded by Sam Altman From Paying Citizens for Biometric DataDemocrat Members of U.S. Surveillance Watchdog Fired After Refusing to ResignMatagorda County (TX) Issues Disaster Declaration Following CyberattackUniversal Lenders (IL) Sends Data Breach Letters to 19,575 IndividualsHidden Text Salting Disrupts Brand Name Detection SystemsNew Phishing Campaign Targets Mobile Devices with Malicious PDFsMintsLoader Delivers StealC Malware and BOINC in Targeted Cyber AttacksClone2Leak: GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLsApple Fixes This Year’s First Actively Exploited Zero-Day BugCISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-AttacksBitwarden Makes It Harder to Hack Password Vaults Without MFAMicrosoft Teams Phishing Attack Alerts Coming to Everyone Next Month
1/24-26/2025 January 26, 2025January 26, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Diplomacy Funding Halted as U.S. Issues Broad Freeze on Foreign AidKristi Noem Confirmed by U.S. Senate as Trump’s Homeland SecretaryUK to Examine Undersea Cable Vulnerability as Russian Spy Ship Spotted in British WatersUnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million PeopleRussian Scammers Target Crypto Influencers with InfostealersHacker Infects 18,000 “Script Kiddies” With Fake Malware BuilderCan’t Download TikTok? How About a Used iPhone for $3,000U.S. Privacy Snags a Win as Judge Limits Warrantless FBI SearchesHackers Get $886,250 For 49 Zero-Days at Pwn2Own Automotive 2025TalkTalk Investigates Breach After Data for Sale on Hacking ForumAt Least $69 Million Stolen From Crypto Platform Phemex in Suspected CyberattackGame Developer Big Cheese Studio Targeted in Cyber Attack, PAP ReportsRansomware Gang Uses SSH Tunnels for Stealthy VMware ESXi AccessHackers Use Windows RID Hijacking to Create Hidden Admin AccountMeta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution RisksCISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities ListMicrosoft: Outdated Exchange Servers Fail to Auto-Mitigate Security BugsZyxel Warns of Bad Signature Update Causing Firewall Boot Loops
1/23/2025 January 24, 2025January 24, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Imitate Kremlin-Linked Group to Target Russian EntitiesFBI: North Korean IT Workers Steal Source Code to Extort EmployersDOJ Indicts Two Americans for Running Laptop Farm Used in North Korea IT Worker ScamGoogle Is Giving IT More Control Over Your Chrome ExtensionsNew GhostGPT AI Chatbot Facilitates Malware Creation and PhishingHundreds of Fake Reddit Sites Push Lumma Stealer MalwareBookmakers Ramp Up Efforts to Combat Arbitrage Betting FraudPayPal Fined by New York for Cybersecurity FailuresTexas Probes Four More Car Companies Over How They Collect and Sell Consumer DataLinkedIn Sued for Allegedly Training AI Models With Private Messages Without ConsentTesla EV Charger Hacked Twice on Second Day of Pwn2Own TokyoCISA: Hackers Still Exploiting Older Ivanti Bugs to Breach NetworksCISOs Dramatically Increase Boardroom Influence but Still Lack Soft SkillsNew Android Identity Check Locks Settings Outside Trusted LocationsFortiGate Config Leaks: Victims’ Email Addresses Published OnlineRansomHub Lays Claim on American Standard, Grohe BreachesPFS Investments Inc. (GA) Files Notice of Recent Data Breach Leaking Confidential InformationExperts Find Shared Codebase Linking Morpheus and HellCat Ransomware PayloadsQakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering FeaturesSubaru Security Flaws Exposed Its System for Tracking Millions of CarsCritical Zero-Days Impact Premium WordPress Real Estate PluginsQNAP Fixes Six Rsync Vulnerabilities in NAS Backup, Recovery AppCustom Backdoor Exploiting Magic Packet Vulnerability in Juniper RoutersPalo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware ExploitsSonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely ExploitationCisco Fixes Critical 9.9-Rated, Make-Me-Admin Bug in Meeting ManagementThe Security Risk of Rampant Shadow AI
1/22/2025 January 22, 2025January 22, 2025 ~ The Cyber Beat ~ Leave a comment Iran and Russia Deepen Cyber Ties With New AgreementTrump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity ReviewTrump Admin Tells All Democrats on Intelligence Oversight Board to ResignKrebs: MasterCard DNS Error Went Unnoticed for YearsWhat PowerSchool Isn’t Saying About Its ‘Massive’ Student Data Breach…PowerSchool Hacker Claims They Stole Data of 62 Million StudentsCloudflare CDN Flaw Leaks User Location Data, Even Through Secure Chat AppsMajor Cybersecurity Vendors’ Credentials Found on Dark WebBreachForums Admin to Be Resentenced After Appeals Court Slams Supervised ReleaseIsraeli Private Eye Wanted in U.S. Over Alleged Hacking for Exxon Lobbyist, Lawyer SaysTrump Frees Silk Road Creator Ross Ulbricht After 11 Years in PrisonConduent Confirms Cybersecurity Incident Behind Recent OutageOctagon (CT) Sends Round of Data Breach Letters Following Recent Cybersecurity IncidentPlushDaemon APT Targeted South Korean VPN SoftwareTelegram CAPTCHA Tricks You Into Running Malicious Powershell ScriptsTycoon 2FA Phishing Kit Upgraded to Bypass Security MeasuresIPany VPN Breached in Supply-Chain Attack to Push Custom MalwareHackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetCisco Warns of Denial of Service Flaw With PoC Exploit CodeMicrosoft Issues Out-Of-Band Fix for Windows Server 2022 NUMA GlitchHackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025Why CISOs Must Think Clearly Amid Regulatory Chaos
1/21/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Russian Ransomware Groups Deploy Email Bombing and Teams VishingCERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security AuditsFake Homebrew Google Ads Target Mac Users With MalwareQuad Foreign Ministers Meet in Washington in Signal of Trump’s China FocusTSA Chief Behind Cyber Directives for Aviation, Pipelines and Rail Ousted by Trump TeamU.S. Department of Homeland Security Firing All Advisory Committee Members, Letter SaysUK’s New Digital IDs Raise Security and Privacy FearsDisciplinary and Special Ed Records of Toronto Students May Have Leaked in PowerSchool BreachCloudflare Mitigated a Record-Breaking 5.6 Tbps DDoS AttackRussian Telecom Giant Rostelecom Investigates Suspected Cyberattack on ContractorGovtech Giant Conduent Won’t Rule Out Cyberattack as Outage Drags OnIntraSystems Data Breach Hits Home Care Patients at Allegheny Health NetworkPNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers13,000 MikroTik Routers Hijacked by Botnet for Malspam and CyberattacksNew Mirai Malware Variant Targets AVTECH Cameras, Huawei RoutersOracle To Address 320 Vulnerabilities in January Patch Update7-Zip Fixes Bug That Bypasses Windows MoTW Security Warnings, Patch NowPatch Procrastination Leaves 50,000 Fortinet Firewalls Vulnerable to Zero-Day
1/17-20/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine’s State Registers Restored Following Cyber-AttackIndian APT Group DONOT Misuses App for Intelligence GatheringU.S. Treasury Department Imposes Sanctions on Chinese Company Over Salt Typhoon HackFCC Orders Telecoms to Secure Their Networks After Salt Tyhpoon HacksTrump Revokes Biden Executive Order on Addressing AI RisksHomeland Security Nominee Kristi Noem Bashes CISA, Says Agency Must Be ‘Smaller, More Nimble’Tough New EU Cyber Rules Require Banks to Ramp up Security — But Many Aren’t ReadyTikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025…How to Get around the U.S. TikTok Ban…TikTok Restores Service for U.S. Users Based on Trump’s Promised Executive OrderCanadian IT Company OpenText Corporation Added to Moscow’s List of ‘Undesirable’ OrganizationsFormer CIA Analyst Pleads Guilty to Sharing Top Secret FilesPhilippines Arrests Chinese National Suspected of Spying on Critical InfrastructureCosta Rica Refinery Cyberattack Was First Deployment for New U.S. Response Program, Ambassador SaysData on Half a Million Hotel Guests Exposed After Otelier BreachHPE Launches Investigation After Hacker Claims Data BreachMedusa Ransomware Group Claims Attack on UK’s Gateshead CouncilLifeBridge Health (MD) Posts Notice of 2024 Data Breach Affecting Patient SSNs and Medical InfoEdw. C. Levy Co. (MI) Announces Data Breach Following Ransomware AttackHackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTPPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform ProliferationMalicious PyPi Package Steals Discord Auth Tokens From DevsCritical Flaws in WGS-804HPT Switches Enable RCE and Network ExploitationStrategic Approaches to Threat Detection, Investigation & ResponseFTC Orders GM to Stop Collecting and Selling Driver’s DataFTC Cracks Down on Genshin Impact Gacha Loot Box Practices
1/16/2025 January 16, 2025January 16, 2025 ~ The Cyber Beat ~ Leave a comment Biden’s Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech FightKrebs: Chinese Innovations Spawn Wave of Toll Phishing Via SMSRussian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential HarvestingBiden Issues 11th-Hour Cyber Executive OrderTrump’s Truth Social Users Targeted by Rampant Scams OnlineGitHub’s Deepfake Porn Crackdown Still Isn’t WorkingMiddle Eastern Real Estate Fraud Grows with Online ListingsEnzo Biochem Settles Lawsuit Over 2023 Ransomware Attack for $7.5mGDPR Complaints Filed Against TikTok, Temu for Sending User Data to ChinaU.S. Cracks Down on North Korean IT Worker Army With More SanctionsMicrosoft Expands Testing of Windows 11 Admin Protection FeatureWolf Haldenstein Law Firm Says 3.5 Million Impacted by Data BreachCarruth Compliance Consulting (OR) Sends Out Data Breach Letters Following December 2024 CyberattackClop Ransomware Gang Names Dozens of Victims Hit by Cleo Mass-Hack, but Several Firms Dispute BreachesHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerPython-Based Malware Powers RansomHub Ransomware to Exploit Network FlawsResearcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint ManagerResearchers Find Exploit Allowing NTLMv1 Despite Active Directory RestrictionsW3 Total Cache Plugin Flaw Exposes 1 Million WordPress Sites to AttacksNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
1/15/2025 January 15, 2025January 15, 2025 ~ The Cyber Beat ~ Leave a comment Russian Espionage and Financial Theft Campaigns Have Ramped Up, Ukraine Cyber Agency SaysChina’s Salt Typhoon Spies Spotted on U.S. Gov’t Networks Before Telcos, CISA Boss SaysNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99UN Security Council Members Meet on Spyware for First TimeNo New Funding in EU Plan to Tackle Ransomware Attacks Against HospitalsSection 702 Surveillance Powers Remain ‘Indispensable,’ CIA Pick Ratcliffe SaysFederal Court Orders Massive Return of $9.3b in Bitcoin Stolen From Bitfinex in 2016 HackFTC Cracks Down on GoDaddy for Cybersecurity FailingsFrom Gmail to Word, Your Privacy Settings and AI Are Entering Into a New RelationshipDJI Loosens Flight Restrictions, Decides to Trust Operators to Follow FAA RulesCISA Shares Guidance for Microsoft Expanded Logging CapabilitiesSuspected Ukrainian Hackers Impersonating Russian Ministries to Spy on IndustryUnitedHealth Hid Its Change Healthcare Data Breach Notice for MonthsLabel Giant Avery Says Website Hacked to Steal Credit CardsUniversity of Oklahoma Isolates Systems After ‘Unusual Activity’ on IT NetworkE-Benefit Solution Notifies Consumers of Recent Data BreachEncompassCare (OH) Files Notice of Data Breach Affecting Consumers’ Social Security NumbersGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesMikroTik Botnet Uses Misconfigured SPF DNS Records to Spread MalwareCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolSAP Fixes Critical Vulnerabilities in NetWeaver Application ServersMicrosoft: Happy 2025. Here’s 161 Security Updates (Krebs)
1/14/2025 January 14, 2025January 14, 2025 ~ The Cyber Beat ~ Leave a comment North Korea Linked to Crypto Heists of Over $650 Million in 2024 AloneU.S. Issues Final Rule Barring Chinese, Russian Connected Car TechHegseth Says Debate Over Cyber Command, NSA Leadership Would Reach ‘Conclusion’FBI Hacked Thousands of Computers to Make PlugX Malware Used by China Uninstall ItselfBiden Opens Federal Land for AI Data Centers, Sets Rules for DevelopersThe UK Wants to Do Its ‘Own Thing’ on AI Regulation, Suggesting a Divergence From U.S. And EUUK Floats Ransomware Payout Ban for Public SectorWyze Cameras Will Use AI to Describe What They SeeThe ‘Largest Illicit Online Marketplace’ Ever Huione Guarantee Is Growing at an Alarming Rate, Report SaysAsset Manager Ashford Settles SEC Allegations It Failed to Disclose Extent of HackRussia’s Largest Platform for State Procurement Hit by Cyberattack From Pro-Ukraine GroupConnecticut City of West Haven Assessing Impact of CyberattackTennessee-Based Mortgage Lender Confirms December CyberattackWP3.XYZ Malware Attacks Add Rogue Admins to 5,000+ WordPress SitesGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsHackers Use FastHTTP in New High-Speed Microsoft 365 Password AttacksZero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed InterfacesMicrosoft January 2025 Patch Tuesday Fixes 8 Zero-Days, 159 FlawsSnyk Appears to Deploy ‘Malicious’ Packages Targeting Cursor for Unknown ReasonNew Startups Focus on Deepfakes, Data-in-Motion & Model Security
1/13/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment Russian Malware Campaign Hits Kazakhstan and Central Asian Diplomatic FilesTurks and Caicos Recovering From Pre-Christmas Ransomware AttackCISA Orders Agencies to Patch BeyondTrust Bug Exploited in AttacksPoland Uncovers Russia-Linked Disinformation Campaign Targeting Upcoming Presidential ElectionRep. Don Bacon on Cyber Deterrence: ‘Speak Softly and Carry a Big-@$$ Stick’Expired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsThe Criminal Question in the Coming Wave of Pro-Crypto LegislationInside the Black Box of Predictive Travel SurveillanceTexas Sues Allstate, Alleging It Violated Data Privacy Rights of 45 Million AmericansWEF Warns of Growing Cyber Inequity Amid Escalating Complexities in CyberspaceA Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of MillionsUK Domain Registry Nominet Confirms Breach via Ivanti Zero-DayCyberattack Forces Eindhoven University of Technology to Cancel LecturesHCF Management (OH) Sends Data Breach Letters to Victims Following September 2024 CyberattackOneBlood Confirms Personal Data Stolen in July Ransomware AttackStolen Path of Exile 2 Admin Account Used to Hack Player AccountsHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersRansomware Abuses Amazon AWS Feature to Encrypt S3 BucketsWordPress Skimmers Evade Detection by Injecting Themselves into Database TablesMicrosoft: macOS Bug Lets Hackers Install Malicious Kernel DriversMicrosoft 365 MFA Outage Fixed
1/10-12/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment As China Hacking Threat Builds, Biden to Order Tougher Cybersecurity StandardsSilk Typhoon Treasury Hackers Also Breached Us Foreign Investments Review OfficeChinese Cyber-Spies Peek Over Shoulder of Officials Probing Real-Estate Deals Near American Military BasesPhishing Texts Trick Apple iMessage Users Into Disabling ProtectionSecret Phone Surveillance Tech Was Likely Deployed at 2024 DNCMicrosoft Sues Hacking Group Exploiting Azure AI for Harmful Content CreationPastor Who Saw Crypto Project in His “Dream” Indicted for FraudNew York Sues to Recover $2 Million in Crypto Stolen in Remote Job ScamsDoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime LaunderingNSO Ruling Is a Victory for WhatsApp, but Could Have a Small Impact on Spyware IndustrySlovakia Hit by Historic Cyber-Attack on Land RegistrySTIIIZY Data Breach Exposes Cannabis Buyers’ IDs and PurchasesTelefónica Confirms Internal Ticketing System Breach After Data LeakThe North Los Angeles County Regional Center Files Notice of Data Breach Following Apparent Ransomware AttackLaramie County (WY) Library System Hit by CyberattackAI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion TacticsFake PoC Exploit Targets Security Researchers with InfostealerNew Web3 Attack Exploits Transaction Simulations to Steal CryptoGoogle Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung DevicesDocker Desktop Blocked on Macs Due to False Malware AlertScammers File First — Get Your IRS Identity Protection PIN Now
1/9/2025 January 10, 2025January 10, 2025 ~ The Cyber Beat ~ Leave a comment Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFaceIvanti Zero-Day Attacks Infected Devices With Custom Chinese MalwareU.S. Treasury Hack Linked to Silk Typhoon Chinese State HackersHow the U.S. TikTok Ban Would Actually WorkGoogle Messages Takes a Step Towards Secure Messaging Across Apps and Platforms (APK Teardown)Apple Says Siri Isn’t Sending Your Conversations to AdvertisersEU Commission Liable for Breaching EU’s Own Data Protection RulesNew AI Challenges Will Test CISOs & Their Teams in 2025Hackers Claim Massive Breach Gravy Analytics, the Parent Company of Location Data Giant Venntel, Threaten to Leak DataHackers Claim to Breach Russian State Agency Rosreestr Managing Property, Land RecordsLargest U.S. Addiction Treatment Provider BayMark Health Services Notifies Patients of Data BreachPowerSchool Says Hackers Stole Students’ Sensitive Data, Including Social Security Numbers, in Data BreachSome Winston-Salem (NC) City Services Knocked Offline by CyberattackFake CrowdStrike Job Offer Emails Target Devs With Crypto MinersNew Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
1/8/2025 January 8, 2025January 8, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Command Overhaul Gets Austin’s Approval, but Plan Faces Uncertain FuturePall Mall Process to Tackle Commercial Hacking Proliferation Raises More Concerns Than SolutionsRussian ISP Confirms Ukrainian Hackers “Destroyed” Its NetworkTikTok’s Fate Divides Trump and Fellow Republicans as Supreme Court Action LoomsNeglected Domains Used in Malspam to Evade SPF and DMARC Security ProtectionsFake Government Officials Use Remote Access Tools for Card FraudScammers Exploit Microsoft 365 to Target PayPal UsersKrebs: A Day in the Life of a Prolific Voice Phishing CrewPowerSchool Hack Exposes Student, Teacher Data From K-12 DistrictsMedical Billing Firm Medusind Discloses Breach Affecting 360,000 PeoplePediatric Home Service (MN) Files Official Notice of Data BreachResearchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion TechniquesHackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF TokensUnpatched Critical Flaws Impact Fancy Product Designer WordPress PluginIvanti Warns of New Connect Secure Flaw Used in Zero-Day AttacksSonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately
1/7/2025 January 7, 2025January 7, 2025 ~ The Cyber Beat ~ Leave a comment ‘We Have to Prioritize Cybersecurity’ Within Federal Budgets, Outgoing Cyber Czar SaysCybercriminals Don’t Care About National Cyber PolicyPhishing Click Rates Triple in 2024Finland Finds Russian ‘Spy’ Ship Anchor as Subsea Cable Company Demands Ship’s Seizure for CompensationFormer NSA Cyber Chief Joins Venture Firm DataTribeU.S. Adds Web and Gaming Giant Tencent to List of Chinese Military CompaniesU.S. Cyber Trust Mark Launches as the Energy Star of Smart Home SecurityLicense Plate Readers Are Leaking Real-Time Video Feeds and Vehicle DataTelegram Hands Over Data on Thousands of Users to U.S. Law EnforcementUK Government to Ban Creation of Explicit DeepfakesWashington State Sues T-Mobile Over 2021 Data Breach Security FailuresMeta Ends Fact-Checking on Facebook, Instagram in Free-Speech PitchTurbulence at UN Aviation Agency as Probe Into Potential Data Theft BeginsPittsburgh Regional Transit Employees’, Applicants’ Personal Information Stolen During Ransomware AttackGreen Bay Packers’ Online Store Hacked to Steal Credit CardsCasio Says Data of 8,500 People Exposed in October Ransomware AttackWalker County Schools (GA) Alerting Parents, Educators of Student Information System Data BreachDragonfly Health (AZ) Files Notice of Data Breach with Federal RegulatorsHyperice (CA) Sends Data Breach Letters Following June 2024 CyberattackTeton Orthopaedics (WY) Sends Out Data Breach Letters Following Ransomware AttackNew Mirai Botnet Targets Industrial Routers With Zero-Day ExploitsCISA Warns of Critical Oracle, Mitel Flaws Exploited in AttacksResearchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
1/6/2025 January 6, 2025January 6, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Cyber Watchdog Says No Indication Breach at Treasury Hit Other Federal AgenciesChinese Hackers Double Cyber-Attacks on TaiwanEagerbee Backdoor Deployed Against Middle Eastern Gov’t Orgs, ISPsRussia Blames Telecom Network Accident for Widespread Internet OutageIndia Proposes Digital Data Rules with Tough Penalties and Cybersecurity RequirementsIoT’s Regulatory Reckoning Is OverduePig Butchering (Romance Baiting) Victim Sues Banks for Allowing Scammers to Open AccountsHackers Reportedly Compromise Argentina’s Airport Security Payroll SystemSchool Districts in Maine, Tennessee Respond to Holiday CyberattacksPacific Pulmonary Medical Group (CA) October 2024 Announces Data BreachNew Infostealer Campaign Uses Discord Videogame LureCybercriminals Target Ethereum Developers with Fake Hardhat npm PackagesNew PhishWP Plugin Enables Sophisticated Payment Page ScamsVulnerable Moxa Devices Expose Industrial Networks to AttacksMediaTek Rings in the New Year With a Parade of Chipset Vulns
1/3-5/2025 January 5, 2025January 5, 2025 ~ The Cyber Beat ~ Leave a comment How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military WeaponsU.S. Sanctions Chinese Cybersecurity Firm for Global Botnet AttacksCyber Investors Expect More Mergers in 2025Cybersecurity Firm Tenable’s CEO Amit Yoran Dies After Battle With CancerCrypto Boss Extradited to Face $40bn Fraud ChargesCryptocurrency Wallet Drainers Stole $494 Million in 2024Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy ViolationsWindows 10 Users Urged to Upgrade to Avoid “Security Fiasco”Russia Orders Yandex to Scrub Maps and Images of Strategic Oil RefineryAtos Group Denies Space Bears’ Ransomware Attack ClaimsLexington Diagnostic Center (KY) Announces Recent Data Breach Involving Sensitive Patient InformationTycon Medical Systems (VA) Sends Data Breach Letters Following Cybersecurity IncidentNew FireScam Android Data-Theft Malware Poses as Telegram Premium AppPLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN AppsBad Tenable Plugin Updates Take down Nessus Agents WorldwideLDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain ControllersResearchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
1/2/2025 January 2, 2025January 2, 2025 ~ The Cyber Beat ~ Leave a comment Treasury’s Sanctions Office Hacked by Chinese Government, Officials Say…‘Office of Foreign Assets Control’‘No Definitive Link’ Found Between New Orleans Attack and Las Vegas Cybertruck Explosion, FBI SaysGlobal Campaign Targets PlugX Malware with Innovative PortalTighter Regulations Proposed for Foreign IT in Drones Used in U.S.Apple Offers to Settle ‘Snooping Siri’ Lawsuit for an Utterly Incredible $95MCrypto Hacks, Scam Losses Reach $29M in December, Lowest in 2024Japan’s Largest Mobile Carrier Says Cyberattack Disrupted Some ServicesHackers Leak Rhode Island Citizens’ Data on Dark WebCrown Mortgage Company (IL) Sends Data Breach Letters Following Recent Cybersecurity IncidentOver 3 Million Mail Servers Without Encryption Exposed to Sniffing AttacksMalicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RATSevere Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
12/31/2024-1/1/2025 January 1, 2025January 1, 2025 ~ The Cyber Beat ~ Leave a comment What to Know about String of U.S. Hacks Blamed on ChinaU.S. Sanctions Russian & Iranian Groups Over AI-Generated Election DisinformationFinland Identifies Seven Suspects Among Crew of Alleged Russian ‘Spy’ TankerKrebs: U.S. Army Soldier Arrested in AT&T, Verizon ExtortionsHey, Maybe It’s Time to Delete Some Old Chat HistoriesOver 3.1 Million Fake “Stars” on GitHub Projects Used to Boost RankingsIndiana University Health Announces Data Breach Following Compromised Email AccountNew “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major WebsitesMisconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to ExploitationNew Details Reveal How Hackers Hijacked 35 Google Chrome ExtensionsThe Biggest Cybersecurity and Cyberattack Stories of 2024These Were the Badly Handled Data Breaches of 2024