2/17/2025 February 17, 2025February 17, 2025 ~ The Cyber Beat ~ Leave a comment Italian Websites Targeted by Alleged Pro-Russian HackersSweden’s PM on Recent Suspected Undersea Cable Sabotage: ‘We Don’t Believe Random Things Suddenly Happen Quite Often’South Korea Suspends Downloads of AI Chatbot DeepSeekX Now Blocks Signal Contact Links, Flags Them as MaliciousChase Will Soon Block Zelle Payments to Sellers on Social MediaEstonian Duo Plead Guilty to $577m Crypto Ponzi SchemeAustrian Ex-Chancellor Kurz’s Cybersecurity Firm Dream Says Reaches $1 Billion ValuationGoogle Chrome’s AI-Powered Security Feature Rolls Out to EveryoneFinastra Announces Data Breach Following Discovery of November 2024 CyberattackXactus (PA) Data Breach Letter Confirms 2024 Incident Compromised Individuals’ Social Security NumbersInnovative Renal Care (TN) Sends Data Breach Letters Following Early 2024 IncidentIncluded Health (CA) Provides Notice of Data Breach to an Unknown Number of IndividualsMicrosoft Detects New XCSSET MacOS Malware VariantTelegram Used as C2 Channel for New Golang MalwareMicrosoft to Remove the Location History Feature in WindowsHow Public & Private Sectors Can Better Align Cyber Defense
2/14-16/2025 February 16, 2025February 16, 2025 ~ The Cyber Beat ~ Leave a comment Russian Hackers Target Microsoft 365 Accounts With Device Code PhishingUkraine Warns of Growing AI Use in Russian Cyber-Espionage OperationsTop U.S. Election Security Watchdog Forced to Stop Election Security WorkOpen-Source Code Repository Codeberg Says ‘Far-Right Forces’ Are Behind Massive Spam AttacksRansomHub Becomes 2024’s Top Ransomware Group, Hitting 600+ Organizations GloballyAPIs: The Foundation of Modern Software Development Is Under Rising Cyber AttackThis Open Text-To-Speech Model Needs Just Seconds of Audio to Clone Your VoiceTexas Investigating DeepSeek for Violating Data Privacy LawPolice Risk Losing Society’s Trust in Fight Against Cybercrime, Warns Europol ChiefHow Banks Can Adapt to the Rising Threat of Financial CrimeLazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer AttacksVirginia Attorney General’s Office Hit by Cyber AttackREMSA Health Experiences Cyberattack, Raising Questions of a Possible Data BreachPPL Electric Utilities (PA) Breach at Vendor Exposed Some Customer DataFillmore County Hospital (NE) Announces Data BreachPirateFi Game on Steam Caught Installing Password-Stealing MalwareNew “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code ExecutionSonicWall Firewall Bug Leveraged in Attacks After PoC Exploit ReleasePostgreSQL Vulnerability Exploited Alongside BeyondTrust Zero-Day in Targeted AttacksAndroid’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
2/13/2025 February 13, 2025February 13, 2025 ~ The Cyber Beat ~ Leave a comment China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco RoutersRussian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand OpsNorth Korean APT43 Uses PowerShell and Dropbox in Targeted South Korea CyberattacksCISA and FBI Warn Against Buffer Overflow VulnerabilitiesHackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security ScannersThe Loneliness Epidemic Is a Security CrisisKrebs: Nearly a Year Later, Mozilla is Still Promoting OneRepDOGE Hasn’t Accessed Legally Protected Tax Data, Administration Says in Privacy Suit ResponseU.S. Lawmakers Press Trump Admin to Oppose UK’s Order for Apple iCloud BackdoorChinese Espionage Tools from Emperor Dragonfly Deployed in RA World Ransomware AttackzkLend Loses $9.5M in Crypto Heist, Asks Hacker to Return 90%Hacker Leaks Account Data of 12 Million Zacks Investment UsersAstaroth Phishing Kit Bypasses 2FA Using Reverse Proxy TechniquesFINALDRAFT Malware Exploits Microsoft Graph API for Espionage on Windows and LinuxSurge in Attacks Exploiting Old ThinkPHP and ownCloud FlawsPalo Alto Networks Patches Authentication Bypass Exploit in PAN-OS SoftwareBuyout Firms Vie for Cybersecurity Firm Trend Micro, Sources SayDutch Police Seizes 127 XHost Servers, Dismantles Bulletproof Hoster
2/12/2025 February 12, 2025February 12, 2025 ~ The Cyber Beat ~ Leave a comment A Hacker Group Within Russia’s Notorious Sandworm Unit Is Breaching Western Networks…BadPilot Network Hacking Campaign Fuels Russian Sandworm AttacksRussian-Linked Bots Sow Fear, Distrust Ahead of German VoteU.S. Reportedly Releases Russian Cybercrime Figure Alexander Vinnik in Prisoner SwapNorth Korean Hackers Exploit PowerShell Trick to Hijack Devices in New CyberattackThis Ad-Tech Company Is Powering Surveillance of U.S. Military PersonnelLeaking the Email of Any YouTube User for $10,000Romance Scams Cost Americans $697.3M Last YearSerial “Swatter” Behind 375 Violent Hoaxes Targeted His Own Home to Look like a VictimTrump Plans to Nominate GOP Insider Sean Cairncross as National Cyber DirectorMars Hydro and LG-LED Solutions: Massive IoT Data Breach Exposes 2.7 Billion RecordsSarcoma Ransomware Claims Breach at Giant PCB Maker UnimicronRansomware Attack Disrupting Michigan’s Sault Tribe OperationsHeartland Bank (NE) Sends Data Breach Letters Following Recent Email Data Security IncidentWatergate Hotel Hit with Data BreachResearchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit VulnerabilityProgress Software Patches High-Severity LoadMaster Flaws Affecting Multiple VersionsIvanti Patches Critical Flaws in Connect Secure and Policy Secure – Update NowKrebs: Microsoft Patch Tuesday, February 2025 EditionIs AI a Friend or Foe of Healthcare Security?
2/11/2025 February 12, 2025February 12, 2025 ~ The Cyber Beat ~ Leave a comment Order Blocking Musk’s DOGE From Treasury Systems Doesn’t Apply to Secretary Bessent, Judge SaysProbe Finds U.S. Coast Guard Has Left Maritime Cybersecurity AdriftNick Robinson’s X Account Hacked to Promote CryptoIn Fighting AI Chip Trade War With China, There’s One Big Mistake U.S. Can’t Afford to MakeU.S. Sanctions LockBit Ransomware’s Bulletproof Hosting ProviderThe Company Man: Binance Exec Detained in Nigeria Breaks His SilenceArizona Woman Pleads Guilty to Running Laptop Farm for N. Korean IT Workers, Faces 9-Year SentenceCybersecurity Firm SailPoint Sets Sights on $12.6 Billion Valuation in U.S. IPORussian Military Hackers Deploy Malicious Windows Activators in UkrainePowerSchool Breach Exposed Special Education Status, Mental Health Data and Parent Restraining OrdersThird-Party Data Breach at ArdyssLife Affects an Unknown Number of ConsumersSonicWall Firewall Exploit Lets Hackers Hijack VPN Sessions, Patch NowFortinet Warns of New Zero-Day Exploited to Hijack FirewallsMicrosoft February 2025 Patch Tuesday Fixes 4 Zero-Days, 55 FlawsLinux Running in a PDF? This Hack Is as Bizarre as It Is BrilliantData Leaks Happen Most Often in These States — Here’s Why
2/10/2025 February 11, 2025February 11, 2025 ~ The Cyber Beat ~ Leave a comment Europol Warns Financial Sector of “Imminent” Quantum ThreatThe Rise of the Drone BoatsUK Military Fast-Tracks Cybersecurity RecruitmentExperts Dismayed at UK’s Apple Decryption DemandsCongressional Leaders Given Access to Surveillance Court in Bid for More TransparencyNew York State Bans DeepSeek From Government DevicesIndiana Man Gets 20 Years for $37m Crypto HeistAlabama Man Pleads Guilty to SIM Swap Attack on U.S. SEC X AccountAll Your 8Base Are Belong to Us: Ransomware Crew Busted in Global StingWhy Rebooting Your Phone Daily Is Your Best Defense Against Zero-Click HackersBrave Now Lets You Inject Custom JavaScript to Tweak WebsitesMicrosoft Raises Rewards for Copilot AI Bug Bounty ProgramMemorial Hospital and Manor (GA) Alerts 120,000 Individuals of Data BreachU.S. Newspaper Publisher Lee Enterprises Still Struggling to Print Papers a Week After ‘Cybersecurity Event’Sky ECC Encrypted Service Distributors Arrested in Spain, NetherlandsVectraRx Mail Pharmacy (AZ) Sends Out Data Breach Letters Following December 2024 CyberattackBadIIS Malware Exploits IIS Servers for SEO FraudHackers Exploit Google Tag Manager to Deploy Credit Card Skimmers on Magento StoresXE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web ShellsOver 12,000 KerioControl Firewalls Exposed to Exploited RCE FlawZimbra Releases Security Updates for SQL Injection, Stored XSS, and SSRF VulnerabilitiesApple Releases Security Updates to Block iPhone Passcode Hacking Tools, Again
2/7-9/2025 February 9, 2025February 9, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: Teen on Musk’s DOGE Team Graduated from ‘The Com’States Prepare Privacy Lawsuit Against DOGE Over Access to Federal DatareCAPTCHA: 819 Million Hours of Wasted Human Time and Billions of Dollars in Google ProfitsCloudflare Outage Caused by Botched Blocking of Phishing URLMicrosoft Shares Workaround for Windows Security Update IssuesApple Ordered to Open Encrypted User Accounts Globally to UK SpyingOne of Tax Return Filing Season’s Biggest Financial Risks Isn’t an IRS AuditIndia’s RBI Introduces Exclusive “bank.in” Domain to Combat Digital Banking FraudHPE Notifies Employees of Data Breach After Russian Office 365 HackHospital Sisters Health System Notifies 882,000 Patients of August 2023 BreachPhones, Email, Classes Disrupted in University of the Bahamas Ransomware AttackMassive Brute Force Attack Uses 2.8 Million IPs to Target VPN DevicesMalicious AI Models on Hugging Face Exploit Novel Attack TechniqueCybercriminals Weaponize Graphics Files in Phishing AttacksHackers Exploit Cityworks RCE Bug to Breach Microsoft IIS ServersCISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
2/6/2025 February 7, 2025February 7, 2025 ~ The Cyber Beat ~ Leave a comment Russia Uses Messaging Apps to Recruit Terrorists, Ukraine’s Police SaysNorth Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored CredentialsFederal Judge Tightens DOGE Leash Over Critical Treasury Payment System AccessKrebs: Experts Flag Security, Privacy Risks in DeepSeek AI App…DeepSeek iOS App Sends Data Unencrypted to ByteDance-Controlled ServersSpyware Firm Paragon Solutions Cuts Italy Access After Alleged Targeting of ActivistsSemgrep Raises $100 Million to Develop Bug-Hunting SoftwareNew UK Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-AttacksEuropol Cracks Down on Global Child Abuse Network “The Com”Lawsuit Against Automatic License Plate Reader Cameras Can Move Forward, Judge SaysBritish Engineering Firm IMI Discloses Breach, Shares No DetailsData Breach at Bankers Cooperative Group (NJ) Impacts Employees of 21 CompaniesDDoS Attacks Reportedly Behind DayZ and Arma Network OutagesFake Google Chrome Sites Distribute ValleyRAT Malware via DLL HijackingHackers Exploit SimpleHelp RMM Flaws to Deploy Sliver MalwareSparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from ImagesMicrosoft Says Attackers Use Exposed ASP.NET Keys to Deploy MalwareWordPress ASE Plugin Vulnerability Threatens Site SecurityCisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEscCritical RCE Bug in Microsoft Outlook Now Exploited in AttacksNew Microsoft Script Updates Windows Media With Bootkit Malware Fixes
2/5/2025 February 5, 2025February 5, 2025 ~ The Cyber Beat ~ Leave a comment Cross-Platform JavaScript Stealer Targets Crypto Wallets in New Lazarus Group CampaigniOS App Store Apps With Screenshot-Reading Malware Found for the First TimeDespite Catastrophic Hacks, Ransomware Payments Dropped Dramatically Last Year…Following Law Enforcement Disruptions…As Victims Refused to Pay HackersCybercriminals Eye DeepSeek, Alibaba LLMs for Malware DevelopmentRobocallers Posing as FCC Fraud Prevention Team Call FCC StaffHackers Spoof Microsoft ADFS Login Pages to Steal CredentialsSpain Arrests Suspected Hacker of U.S. and Spanish Military AgenciesGoogle Says Commercial Quantum Computing Applications Arriving Within Five YearsNSA Employees Offered Deferred Resignation, Early RetirementDOGE Latest: Citrix Supremo Has ‘Read-Only’ Access to U.S. Treasury Payment SystemSophisticated Phishing Campaign Targets Ukraine’s Largest BankMobile Malware Targeting Indian Banks Exposes 50,000 UsersThousands of McKinney, TX Residents Impacted by October Data BreachKraftCPAs (TN) Experiences Apparent Cyberattack Leading to Data BreachCybercriminals Use Go Resty and Node Fetch in 13 Million Password Spraying AttemptsAsyncRAT Campaign Uses Python Payloads and TryCloudflare Tunnels for Stealth AttacksSilent Lynx Using PowerShell, Golang, and C++ Loaders in Multi-Stage CyberattacksNew Veeam Flaw Allows Arbitrary Code Execution via Man-in-the-Middle AttackCISA Adds Four Actively Exploited Vulnerabilities to KEV Catalog, Urges Fixes by Feb 25Researchers Warn of Risks Tied to Abandoned Cloud Storage BucketsThailand Cuts Power Supply to Myanmar Scam Hubs
2/4/2025 February 4, 2025February 4, 2025 ~ The Cyber Beat ~ Leave a comment North Korean Hackers Deploy FERRET Malware via Fake Job Interviews on macOSChinese Cyberspies Use New SSH Backdoor in Network Device HacksRussian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW ProtectionsCyberattack on NHS Causes Hospitals to Miss Cancer Care TargetsMeet the Hired Guns Who Make Sure School Cyberattacks Stay HiddenKrebs: Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?California Man Steals $50 Million Using Fake Investment Sites, Gets 7 YearsDeepSeek’s Breakthrough Emboldens Open-Source AI Models Like Meta’s LlamaTaiwan Bans DeepSeek AI Over National Security Concerns, Citing Data Leakage RisksCyber Agencies Share Security Guidance for Network Edge DevicesGrubhub Security Breach Compromises Customer and Driver DataRussian Cyber Research Companies Post Alerts About Infostealer, Industrial ThreatsDaggerFly-Linked Linux Malware Targets Network AppliancesMalicious Go Package Exploits Module Mirror Caching for Persistent Remote AccessAMD SEV-SNP Vulnerability Allows Malicious Microcode Injection with Admin AccessMicrosoft SharePoint Connector Flaw Could’ve Enabled Credential Theft Across Power PlatformMicrosoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 ScoreGoogle Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104Netgear Warns Users to Patch Critical WiFi Router VulnerabilitiesZyxel Won’t Patch Newly Exploited Flaws in End-Of-Life Routers
2/3/2025 February 4, 2025February 4, 2025 ~ The Cyber Beat ~ Leave a comment Russian Hackers Suspected of Compromising British PM’s Personal Email AccountHigh-profile X Accounts Targeted in Phishing CampaignDeepSeek AI Tools Impersonated by Infostealer Malware on PyPi768 CVEs Exploited in the Wild in 2024Ransomware Groups Weathered Raids, Profited in 2024Canadian Charged With Stealing $65 Million Using DeFi Crypto ExploitsTSA’s Airport Facial-Recog Tech Faces Audit ProbeSweden Releases Suspected Ship, Says Cable Break ‘Clearly’ Not SabotageCasio UK Online Store Hacked to Steal Customer Credit CardsYazoo Valley Electric Power Association (MS) Warns 20,000 Residents of Data BreachCoyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial InstitutionsCrazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer MalwareGoogle Fixes Android Kernel Zero-Day Exploited in AttacksAmazon Redshift Gets New Default Settings to Prevent Data BreachesProactive Vulnerability Management for Engineering Success
1/31-2/2/2025 February 2, 2025February 2, 2025 ~ The Cyber Beat ~ Leave a comment Backdoor Found in Two Healthcare Patient Monitors, Linked to IP in ChinaMusk Aides Lock Workers Out of OPM Computer SystemsCISA Employees Told They Are Exempt From Federal Worker Resignation ProgramWhatsApp Disrupts Spyware Campaign Targeting JournalistsKrebs: FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing GangGilmore Girls Fans Nabbed as Eurocops Dismantle Two Major Cybercrime Forums: Nulled & CrackedFormer Polish Justice Minister Arrested in Sprawling Spyware ProbeKuCoin to Pay Nearly $300 Million in Penalties After Guilty PleaDeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI ChatbotTata Technologies Hit by Ransomware AttackCommunity Health Center (CT) Data Breach Impacts 1 Million PatientsGlobe Life Data Breach May Impact an Additional 850,000 ClientsMizuno USA Says Hackers Stayed in Its Network for Two MonthsBeyondTrust Zero-Day Breach Exposed 17 SaaS Customers via Compromised API KeyHackers Use Fake Wedding Invitations to Spread Android Malware in Southeast AsiaThreat Actors Target Public-Facing Apps for Initial AccessBroadcom Patches VMware Aria Flaws – Exploits May Lead to Credential TheftPyPi Adds Project Archiving System to Stop Malicious UpdatesChinese AI App DeepSeek Was Downloaded by Millions. Deleting It Might Come Next
1/30/2025 January 30, 2025January 30, 2025 ~ The Cyber Beat ~ Leave a comment Google: Over 57 Nation-State Threat Groups Using AI for Cyber OperationsTime Bandit ChatGPT Jailbreak Bypasses Safeguards on Sensitive TopicsGoogle Blocked 2.36 Million Risky Android Apps From Play Store in 2024Krebs: Infrastructure Laundering: Blending in with the CloudU.S. FDA Identifies Cybersecurity Risks in Certain Patient MonitorsAuthorities Seize Domains of Popular Hacking Forums in Major Cybercrime CrackdownGabbard Grilled Over Snowden Comments During Senate Confirmation HearingRansomware Attack Disrupts Blood Donation Services in U.S.AngelSense Exposed Location Data and Personal Information of Tracked UsersCybersecurity Event at Benefits Management Group (IL) Results in Data BreachSolana Pump.Fun Tool DogWifTool cCompromised to Drain WalletsSyncjacking Attack Enables Full Browser and Device TakeoverNew Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS AttacksStates With Laws Requiring Data Brokers to Register Are Ramping up Enforcement
1/29/2025 January 29, 2025January 29, 2025 ~ The Cyber Beat ~ Leave a comment Poland Accuses Russia of Recruiting Polish Citizens Online for Election MeddlingLazarus Group Uses React-Based Admin Panel to Control Global Cyber AttacksUAC-0063 Expands Cyber Attacks to European Embassies Using Stolen DocumentsGoogle Will Now Automatically Revoke Permissions From Harmful Android AppsExposed DeepSeek Database Revealed Chat Prompts and Internal Data…DeepSeek Leveraged U.S. Chips, ‘Stolen’ Technology, Trump’s Commerce Secretary Pick Says…Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster CyberattacksItalian Regulator Asks DeepSeek for Information About Data CollectionNation-State Hackers Abuse Gemini AI ToolThe Trial at the Tip of the Terrorgram IcebergFBI Seizes Cracked.io, Nulled.to Hacking Forums in Operation TalentThreat Actors Exploit Government Websites for PhishingHow Interlock Ransomware Infects Healthcare OrganizationsSouth Africa’s Government-Run Weather Service Knocked Offline by CyberattackFrederick Health (MD) Network Forced to Shut down It Systems After Ransomware AttackAlbany Gastroenterology Associates (NY) Files Notice of Data Breach Following Unauthorized Access to Computer NetworkLaravel Admin Package Voyager Vulnerable to One-Click Rce FlawZyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 VulnerabilityBroadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load BalancerCritical Cacti Security Flaw (CVE-2025-22604) Enables Remote Code ExecutionNew SLAP & FLOP Attacks Expose Apple M-Series Chips to Speculative Execution ExploitsSectigo Buys Entrust’s Public Certificate Business
1/28/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Krebs: A Tumultuous Week for Federal Cybersecurity EffortsDeepSeek’s Popular AI App Is Explicitly Sending U.S. Data to China…Apple Researchers Reveal the Secret Sauce Behind DeepSeek AIScammers Are Creating Fake News Videos to Blackmail VictimsAI Haters Build Tarpits to Trap and Trick AI Scrapers That Ignore robots.txtMicrosoft Tests Edge Scareware Blocker to Block Tech Support ScamsGoogle Play Will Now Verify VPNs That Prioritize Privacy and SafetyBritish Vishing-as-a-Service Trio SentencedProsecutors Say They Can’t Obtain Murder Conviction After Judge Throws Out Evidence From Facial Recognition Match58% of Ransomware Victims Forced to Shut Down OperationsHow Long Does It Take Hackers to Crack Modern Hashing Algorithms?UK Engineering Firm Smiths Group Hit by Cyber AttackTexas Utility Firm CenterPoint Energy Investigating Potential Leak of Customer Data Tied to 2023 MOVEit BreachAPI Supply Chain Attacks Put Millions of Airline Users at RiskPowerSchool Starts Sending Breach Notifications, but There Are Still Questions Left to AnswerENGlobal Cyber-Attack Exposes Sensitive DataPureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing CyberattacksLynx Ransomware Group Unveiled with Sophisticated Affiliate ProgramHellcat: Baguette Bandits Strike Again With Ransomware and a Side of MockeryHackers Exploiting Flaws in SimpleHelp RMM to Breach NetworksNew Apple CPU Side-Channel Attacks Steal Data From BrowsersSignal Will Let You Sync Old Messages When Linking New Devices
1/27/2025 January 28, 2025January 28, 2025 ~ The Cyber Beat ~ Leave a comment Silicon Valley Is Raving About a Made-in-China DeepSeek AI Model…China’s DeepSeek AI App Sends U.S. Tech Stocks Reeling…DeepSeek’s Top-Ranked AI App Is Restricting Sign-Ups Due to ‘Malicious Attacks’Hackers Hijack Emergency Sirens in Kindergartens Across IsraelUkraine Denies Involvement in Cyberattack Against SlovakiaSweden Seizes Cargo Ship After Another Undersea Cable Hit in Suspected SabotageEU Sanctions Russian GRU Hackers for Cyberattacks Against EstoniaMGM Agrees to Pay $45 Million to Settle Data-Breach LawsuitBrazil Bans Iris Scan Company Co-Founded by Sam Altman From Paying Citizens for Biometric DataDemocrat Members of U.S. Surveillance Watchdog Fired After Refusing to ResignMatagorda County (TX) Issues Disaster Declaration Following CyberattackUniversal Lenders (IL) Sends Data Breach Letters to 19,575 IndividualsHidden Text Salting Disrupts Brand Name Detection SystemsNew Phishing Campaign Targets Mobile Devices with Malicious PDFsMintsLoader Delivers StealC Malware and BOINC in Targeted Cyber AttacksClone2Leak: GitHub Desktop Vulnerability Risks Credential Leaks via Malicious Remote URLsApple Fixes This Year’s First Actively Exploited Zero-Day BugCISOs Boost Crisis Simulation Budgets Amid High-Profile Cyber-AttacksBitwarden Makes It Harder to Hack Password Vaults Without MFAMicrosoft Teams Phishing Attack Alerts Coming to Everyone Next Month
1/24-26/2025 January 26, 2025January 26, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Diplomacy Funding Halted as U.S. Issues Broad Freeze on Foreign AidKristi Noem Confirmed by U.S. Senate as Trump’s Homeland SecretaryUK to Examine Undersea Cable Vulnerability as Russian Spy Ship Spotted in British WatersUnitedHealth Estimates Change Healthcare Hack Impacted About 190 Million PeopleRussian Scammers Target Crypto Influencers with InfostealersHacker Infects 18,000 “Script Kiddies” With Fake Malware BuilderCan’t Download TikTok? How About a Used iPhone for $3,000U.S. Privacy Snags a Win as Judge Limits Warrantless FBI SearchesHackers Get $886,250 For 49 Zero-Days at Pwn2Own Automotive 2025TalkTalk Investigates Breach After Data for Sale on Hacking ForumAt Least $69 Million Stolen From Crypto Platform Phemex in Suspected CyberattackGame Developer Big Cheese Studio Targeted in Cyber Attack, PAP ReportsRansomware Gang Uses SSH Tunnels for Stealthy VMware ESXi AccessHackers Use Windows RID Hijacking to Create Hidden Admin AccountMeta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution RisksCISA Adds Five-Year-Old jQuery XSS Flaw to Exploited Vulnerabilities ListMicrosoft: Outdated Exchange Servers Fail to Auto-Mitigate Security BugsZyxel Warns of Bad Signature Update Causing Firewall Boot Loops
1/23/2025 January 24, 2025January 24, 2025 ~ The Cyber Beat ~ Leave a comment Hackers Imitate Kremlin-Linked Group to Target Russian EntitiesFBI: North Korean IT Workers Steal Source Code to Extort EmployersDOJ Indicts Two Americans for Running Laptop Farm Used in North Korea IT Worker ScamGoogle Is Giving IT More Control Over Your Chrome ExtensionsNew GhostGPT AI Chatbot Facilitates Malware Creation and PhishingHundreds of Fake Reddit Sites Push Lumma Stealer MalwareBookmakers Ramp Up Efforts to Combat Arbitrage Betting FraudPayPal Fined by New York for Cybersecurity FailuresTexas Probes Four More Car Companies Over How They Collect and Sell Consumer DataLinkedIn Sued for Allegedly Training AI Models With Private Messages Without ConsentTesla EV Charger Hacked Twice on Second Day of Pwn2Own TokyoCISA: Hackers Still Exploiting Older Ivanti Bugs to Breach NetworksCISOs Dramatically Increase Boardroom Influence but Still Lack Soft SkillsNew Android Identity Check Locks Settings Outside Trusted LocationsFortiGate Config Leaks: Victims’ Email Addresses Published OnlineRansomHub Lays Claim on American Standard, Grohe BreachesPFS Investments Inc. (GA) Files Notice of Recent Data Breach Leaking Confidential InformationExperts Find Shared Codebase Linking Morpheus and HellCat Ransomware PayloadsQakBot-Linked BC Malware Adds Enhanced Remote Access and Data Gathering FeaturesSubaru Security Flaws Exposed Its System for Tracking Millions of CarsCritical Zero-Days Impact Premium WordPress Real Estate PluginsQNAP Fixes Six Rsync Vulnerabilities in NAS Backup, Recovery AppCustom Backdoor Exploiting Magic Packet Vulnerability in Juniper RoutersPalo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware ExploitsSonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely ExploitationCisco Fixes Critical 9.9-Rated, Make-Me-Admin Bug in Meeting ManagementThe Security Risk of Rampant Shadow AI
1/22/2025 January 22, 2025January 22, 2025 ~ The Cyber Beat ~ Leave a comment Iran and Russia Deepen Cyber Ties With New AgreementTrump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity ReviewTrump Admin Tells All Democrats on Intelligence Oversight Board to ResignKrebs: MasterCard DNS Error Went Unnoticed for YearsWhat PowerSchool Isn’t Saying About Its ‘Massive’ Student Data Breach…PowerSchool Hacker Claims They Stole Data of 62 Million StudentsCloudflare CDN Flaw Leaks User Location Data, Even Through Secure Chat AppsMajor Cybersecurity Vendors’ Credentials Found on Dark WebBreachForums Admin to Be Resentenced After Appeals Court Slams Supervised ReleaseIsraeli Private Eye Wanted in U.S. Over Alleged Hacking for Exxon Lobbyist, Lawyer SaysTrump Frees Silk Road Creator Ross Ulbricht After 11 Years in PrisonConduent Confirms Cybersecurity Incident Behind Recent OutageOctagon (CT) Sends Round of Data Breach Letters Following Recent Cybersecurity IncidentPlushDaemon APT Targeted South Korean VPN SoftwareTelegram CAPTCHA Tricks You Into Running Malicious Powershell ScriptsTycoon 2FA Phishing Kit Upgraded to Bypass Security MeasuresIPany VPN Breached in Supply-Chain Attack to Push Custom MalwareHackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS BotnetCisco Warns of Denial of Service Flaw With PoC Exploit CodeMicrosoft Issues Out-Of-Band Fix for Windows Server 2022 NUMA GlitchHackers Exploit 16 Zero-Days on First Day of Pwn2Own Automotive 2025Why CISOs Must Think Clearly Amid Regulatory Chaos
1/21/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Russian Ransomware Groups Deploy Email Bombing and Teams VishingCERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security AuditsFake Homebrew Google Ads Target Mac Users With MalwareQuad Foreign Ministers Meet in Washington in Signal of Trump’s China FocusTSA Chief Behind Cyber Directives for Aviation, Pipelines and Rail Ousted by Trump TeamU.S. Department of Homeland Security Firing All Advisory Committee Members, Letter SaysUK’s New Digital IDs Raise Security and Privacy FearsDisciplinary and Special Ed Records of Toronto Students May Have Leaked in PowerSchool BreachCloudflare Mitigated a Record-Breaking 5.6 Tbps DDoS AttackRussian Telecom Giant Rostelecom Investigates Suspected Cyberattack on ContractorGovtech Giant Conduent Won’t Rule Out Cyberattack as Outage Drags OnIntraSystems Data Breach Hits Home Care Patients at Allegheny Health NetworkPNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers13,000 MikroTik Routers Hijacked by Botnet for Malspam and CyberattacksNew Mirai Malware Variant Targets AVTECH Cameras, Huawei RoutersOracle To Address 320 Vulnerabilities in January Patch Update7-Zip Fixes Bug That Bypasses Windows MoTW Security Warnings, Patch NowPatch Procrastination Leaves 50,000 Fortinet Firewalls Vulnerable to Zero-Day
1/17-20/2025 January 21, 2025January 21, 2025 ~ The Cyber Beat ~ Leave a comment Ukraine’s State Registers Restored Following Cyber-AttackIndian APT Group DONOT Misuses App for Intelligence GatheringU.S. Treasury Department Imposes Sanctions on Chinese Company Over Salt Typhoon HackFCC Orders Telecoms to Secure Their Networks After Salt Tyhpoon HacksTrump Revokes Biden Executive Order on Addressing AI RisksHomeland Security Nominee Kristi Noem Bashes CISA, Says Agency Must Be ‘Smaller, More Nimble’Tough New EU Cyber Rules Require Banks to Ramp up Security — But Many Aren’t ReadyTikTok Goes Dark in the U.S. as Federal Ban Takes Effect January 19, 2025…How to Get around the U.S. TikTok Ban…TikTok Restores Service for U.S. Users Based on Trump’s Promised Executive OrderCanadian IT Company OpenText Corporation Added to Moscow’s List of ‘Undesirable’ OrganizationsFormer CIA Analyst Pleads Guilty to Sharing Top Secret FilesPhilippines Arrests Chinese National Suspected of Spying on Critical InfrastructureCosta Rica Refinery Cyberattack Was First Deployment for New U.S. Response Program, Ambassador SaysData on Half a Million Hotel Guests Exposed After Otelier BreachHPE Launches Investigation After Hacker Claims Data BreachMedusa Ransomware Group Claims Attack on UK’s Gateshead CouncilLifeBridge Health (MD) Posts Notice of 2024 Data Breach Affecting Patient SSNs and Medical InfoEdw. C. Levy Co. (MI) Announces Data Breach Following Ransomware AttackHackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTPPython-Based Bots Exploiting PHP Servers Fuel Gambling Platform ProliferationMalicious PyPi Package Steals Discord Auth Tokens From DevsCritical Flaws in WGS-804HPT Switches Enable RCE and Network ExploitationStrategic Approaches to Threat Detection, Investigation & ResponseFTC Orders GM to Stop Collecting and Selling Driver’s DataFTC Cracks Down on Genshin Impact Gacha Loot Box Practices
1/16/2025 January 16, 2025January 16, 2025 ~ The Cyber Beat ~ Leave a comment Biden’s Cyber Ambassador Urges Trump Not to Cede Ground to Russia and China in Global Tech FightKrebs: Chinese Innovations Spawn Wave of Toll Phishing Via SMSRussian Star Blizzard Shifts Tactics to Exploit WhatsApp QR Codes for Credential HarvestingBiden Issues 11th-Hour Cyber Executive OrderTrump’s Truth Social Users Targeted by Rampant Scams OnlineGitHub’s Deepfake Porn Crackdown Still Isn’t WorkingMiddle Eastern Real Estate Fraud Grows with Online ListingsEnzo Biochem Settles Lawsuit Over 2023 Ransomware Attack for $7.5mGDPR Complaints Filed Against TikTok, Temu for Sending User Data to ChinaU.S. Cracks Down on North Korean IT Worker Army With More SanctionsMicrosoft Expands Testing of Windows 11 Admin Protection FeatureWolf Haldenstein Law Firm Says 3.5 Million Impacted by Data BreachCarruth Compliance Consulting (OR) Sends Out Data Breach Letters Following December 2024 CyberattackClop Ransomware Gang Names Dozens of Victims Hit by Cleo Mass-Hack, but Several Firms Dispute BreachesHackers Hide Malware in Images to Deploy VIP Keylogger and 0bj3ctivity StealerPython-Based Malware Powers RansomHub Ransomware to Exploit Network FlawsResearcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint ManagerResearchers Find Exploit Allowing NTLMv1 Despite Active Directory RestrictionsW3 Total Cache Plugin Flaw Exposes 1 Million WordPress Sites to AttacksNew UEFI Secure Boot Vulnerability Could Allow Attackers to Load Malicious Bootkits
1/15/2025 January 15, 2025January 15, 2025 ~ The Cyber Beat ~ Leave a comment Russian Espionage and Financial Theft Campaigns Have Ramped Up, Ukraine Cyber Agency SaysChina’s Salt Typhoon Spies Spotted on U.S. Gov’t Networks Before Telcos, CISA Boss SaysNorth Korean IT Worker Fraud Linked to 2016 Crowdfunding Scam and Fake DomainsLazarus Group Targets Web3 Developers with Fake LinkedIn Profiles in Operation 99UN Security Council Members Meet on Spyware for First TimeNo New Funding in EU Plan to Tackle Ransomware Attacks Against HospitalsSection 702 Surveillance Powers Remain ‘Indispensable,’ CIA Pick Ratcliffe SaysFederal Court Orders Massive Return of $9.3b in Bitcoin Stolen From Bitfinex in 2016 HackFTC Cracks Down on GoDaddy for Cybersecurity FailingsFrom Gmail to Word, Your Privacy Settings and AI Are Entering Into a New RelationshipDJI Loosens Flight Restrictions, Decides to Trust Operators to Follow FAA RulesCISA Shares Guidance for Microsoft Expanded Logging CapabilitiesSuspected Ukrainian Hackers Impersonating Russian Ministries to Spy on IndustryUnitedHealth Hid Its Change Healthcare Data Breach Notice for MonthsLabel Giant Avery Says Website Hacked to Steal Credit CardsUniversity of Oklahoma Isolates Systems After ‘Unusual Activity’ on IT NetworkE-Benefit Solution Notifies Consumers of Recent Data BreachEncompassCare (OH) Files Notice of Data Breach Affecting Consumers’ Social Security NumbersGoogle Ads Users Targeted in Malvertising Scam Stealing Credentials and 2FA CodesMikroTik Botnet Uses Misconfigured SPF DNS Records to Spread MalwareCritical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE AttacksGoogle Cloud Researchers Uncover Flaws in Rsync File Synchronization ToolSAP Fixes Critical Vulnerabilities in NetWeaver Application ServersMicrosoft: Happy 2025. Here’s 161 Security Updates (Krebs)
1/14/2025 January 14, 2025January 14, 2025 ~ The Cyber Beat ~ Leave a comment North Korea Linked to Crypto Heists of Over $650 Million in 2024 AloneU.S. Issues Final Rule Barring Chinese, Russian Connected Car TechHegseth Says Debate Over Cyber Command, NSA Leadership Would Reach ‘Conclusion’FBI Hacked Thousands of Computers to Make PlugX Malware Used by China Uninstall ItselfBiden Opens Federal Land for AI Data Centers, Sets Rules for DevelopersThe UK Wants to Do Its ‘Own Thing’ on AI Regulation, Suggesting a Divergence From U.S. And EUUK Floats Ransomware Payout Ban for Public SectorWyze Cameras Will Use AI to Describe What They SeeThe ‘Largest Illicit Online Marketplace’ Ever Huione Guarantee Is Growing at an Alarming Rate, Report SaysAsset Manager Ashford Settles SEC Allegations It Failed to Disclose Extent of HackRussia’s Largest Platform for State Procurement Hit by Cyberattack From Pro-Ukraine GroupConnecticut City of West Haven Assessing Impact of CyberattackTennessee-Based Mortgage Lender Confirms December CyberattackWP3.XYZ Malware Attacks Add Rogue Admins to 5,000+ WordPress SitesGoogle OAuth Vulnerability Exposes Millions via Failed Startup DomainsHackers Use FastHTTP in New High-Speed Microsoft 365 Password AttacksZero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed InterfacesMicrosoft January 2025 Patch Tuesday Fixes 8 Zero-Days, 159 FlawsSnyk Appears to Deploy ‘Malicious’ Packages Targeting Cursor for Unknown ReasonNew Startups Focus on Deepfakes, Data-in-Motion & Model Security
1/13/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment Russian Malware Campaign Hits Kazakhstan and Central Asian Diplomatic FilesTurks and Caicos Recovering From Pre-Christmas Ransomware AttackCISA Orders Agencies to Patch BeyondTrust Bug Exploited in AttacksPoland Uncovers Russia-Linked Disinformation Campaign Targeting Upcoming Presidential ElectionRep. Don Bacon on Cyber Deterrence: ‘Speak Softly and Carry a Big-@$$ Stick’Expired Domains Allowed Control Over 4,000 Backdoors on Compromised SystemsThe Criminal Question in the Coming Wave of Pro-Crypto LegislationInside the Black Box of Predictive Travel SurveillanceTexas Sues Allstate, Alleging It Violated Data Privacy Rights of 45 Million AmericansWEF Warns of Growing Cyber Inequity Amid Escalating Complexities in CyberspaceA Breach of Gravy Analytics’ Huge Trove of Location Data Threatens the Privacy of MillionsUK Domain Registry Nominet Confirms Breach via Ivanti Zero-DayCyberattack Forces Eindhoven University of Technology to Cancel LecturesHCF Management (OH) Sends Data Breach Letters to Victims Following September 2024 CyberattackOneBlood Confirms Personal Data Stolen in July Ransomware AttackStolen Path of Exile 2 Admin Account Used to Hack Player AccountsHackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto MinersRansomware Abuses Amazon AWS Feature to Encrypt S3 BucketsWordPress Skimmers Evade Detection by Injecting Themselves into Database TablesMicrosoft: macOS Bug Lets Hackers Install Malicious Kernel DriversMicrosoft 365 MFA Outage Fixed
1/10-12/2025 January 13, 2025January 13, 2025 ~ The Cyber Beat ~ Leave a comment As China Hacking Threat Builds, Biden to Order Tougher Cybersecurity StandardsSilk Typhoon Treasury Hackers Also Breached Us Foreign Investments Review OfficeChinese Cyber-Spies Peek Over Shoulder of Officials Probing Real-Estate Deals Near American Military BasesPhishing Texts Trick Apple iMessage Users Into Disabling ProtectionSecret Phone Surveillance Tech Was Likely Deployed at 2024 DNCMicrosoft Sues Hacking Group Exploiting Azure AI for Harmful Content CreationPastor Who Saw Crypto Project in His “Dream” Indicted for FraudNew York Sues to Recover $2 Million in Crypto Stolen in Remote Job ScamsDoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime LaunderingNSO Ruling Is a Victory for WhatsApp, but Could Have a Small Impact on Spyware IndustrySlovakia Hit by Historic Cyber-Attack on Land RegistrySTIIIZY Data Breach Exposes Cannabis Buyers’ IDs and PurchasesTelefónica Confirms Internal Ticketing System Breach After Data LeakThe North Los Angeles County Regional Center Files Notice of Data Breach Following Apparent Ransomware AttackLaramie County (WY) Library System Hit by CyberattackAI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion TacticsFake PoC Exploit Targets Security Researchers with InfostealerNew Web3 Attack Exploits Transaction Simulations to Steal CryptoGoogle Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung DevicesDocker Desktop Blocked on Macs Due to False Malware AlertScammers File First — Get Your IRS Identity Protection PIN Now
1/9/2025 January 10, 2025January 10, 2025 ~ The Cyber Beat ~ Leave a comment Japan Faces Prolonged Cyber-Attacks Linked to China’s MirrorFaceIvanti Zero-Day Attacks Infected Devices With Custom Chinese MalwareU.S. Treasury Hack Linked to Silk Typhoon Chinese State HackersHow the U.S. TikTok Ban Would Actually WorkGoogle Messages Takes a Step Towards Secure Messaging Across Apps and Platforms (APK Teardown)Apple Says Siri Isn’t Sending Your Conversations to AdvertisersEU Commission Liable for Breaching EU’s Own Data Protection RulesNew AI Challenges Will Test CISOs & Their Teams in 2025Hackers Claim Massive Breach Gravy Analytics, the Parent Company of Location Data Giant Venntel, Threaten to Leak DataHackers Claim to Breach Russian State Agency Rosreestr Managing Property, Land RecordsLargest U.S. Addiction Treatment Provider BayMark Health Services Notifies Patients of Data BreachPowerSchool Says Hackers Stole Students’ Sensitive Data, Including Social Security Numbers, in Data BreachSome Winston-Salem (NC) City Services Knocked Offline by CyberattackFake CrowdStrike Job Offer Emails Target Devs With Crypto MinersNew Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption
1/8/2025 January 8, 2025January 8, 2025 ~ The Cyber Beat ~ Leave a comment Cyber Command Overhaul Gets Austin’s Approval, but Plan Faces Uncertain FuturePall Mall Process to Tackle Commercial Hacking Proliferation Raises More Concerns Than SolutionsRussian ISP Confirms Ukrainian Hackers “Destroyed” Its NetworkTikTok’s Fate Divides Trump and Fellow Republicans as Supreme Court Action LoomsNeglected Domains Used in Malspam to Evade SPF and DMARC Security ProtectionsFake Government Officials Use Remote Access Tools for Card FraudScammers Exploit Microsoft 365 to Target PayPal UsersKrebs: A Day in the Life of a Prolific Voice Phishing CrewPowerSchool Hack Exposes Student, Teacher Data From K-12 DistrictsMedical Billing Firm Medusind Discloses Breach Affecting 360,000 PeoplePediatric Home Service (MN) Files Official Notice of Data BreachResearchers Expose NonEuclid RAT Using UAC Bypass and AMSI Evasion TechniquesHackers Exploit KerioControl Firewall Flaw to Steal Admin CSRF TokensUnpatched Critical Flaws Impact Fancy Product Designer WordPress PluginIvanti Warns of New Connect Secure Flaw Used in Zero-Day AttacksSonicWall Urges Admins to Patch Exploitable SSLVPN Bug Immediately
1/7/2025 January 7, 2025January 7, 2025 ~ The Cyber Beat ~ Leave a comment ‘We Have to Prioritize Cybersecurity’ Within Federal Budgets, Outgoing Cyber Czar SaysCybercriminals Don’t Care About National Cyber PolicyPhishing Click Rates Triple in 2024Finland Finds Russian ‘Spy’ Ship Anchor as Subsea Cable Company Demands Ship’s Seizure for CompensationFormer NSA Cyber Chief Joins Venture Firm DataTribeU.S. Adds Web and Gaming Giant Tencent to List of Chinese Military CompaniesU.S. Cyber Trust Mark Launches as the Energy Star of Smart Home SecurityLicense Plate Readers Are Leaking Real-Time Video Feeds and Vehicle DataTelegram Hands Over Data on Thousands of Users to U.S. Law EnforcementUK Government to Ban Creation of Explicit DeepfakesWashington State Sues T-Mobile Over 2021 Data Breach Security FailuresMeta Ends Fact-Checking on Facebook, Instagram in Free-Speech PitchTurbulence at UN Aviation Agency as Probe Into Potential Data Theft BeginsPittsburgh Regional Transit Employees’, Applicants’ Personal Information Stolen During Ransomware AttackGreen Bay Packers’ Online Store Hacked to Steal Credit CardsCasio Says Data of 8,500 People Exposed in October Ransomware AttackWalker County Schools (GA) Alerting Parents, Educators of Student Information System Data BreachDragonfly Health (AZ) Files Notice of Data Breach with Federal RegulatorsHyperice (CA) Sends Data Breach Letters Following June 2024 CyberattackTeton Orthopaedics (WY) Sends Out Data Breach Letters Following Ransomware AttackNew Mirai Botnet Targets Industrial Routers With Zero-Day ExploitsCISA Warns of Critical Oracle, Mitel Flaws Exploited in AttacksResearchers Uncover Major Security Flaw in Illumina iSeq 100 DNA Sequencers
1/6/2025 January 6, 2025January 6, 2025 ~ The Cyber Beat ~ Leave a comment U.S. Cyber Watchdog Says No Indication Breach at Treasury Hit Other Federal AgenciesChinese Hackers Double Cyber-Attacks on TaiwanEagerbee Backdoor Deployed Against Middle Eastern Gov’t Orgs, ISPsRussia Blames Telecom Network Accident for Widespread Internet OutageIndia Proposes Digital Data Rules with Tough Penalties and Cybersecurity RequirementsIoT’s Regulatory Reckoning Is OverduePig Butchering (Romance Baiting) Victim Sues Banks for Allowing Scammers to Open AccountsHackers Reportedly Compromise Argentina’s Airport Security Payroll SystemSchool Districts in Maine, Tennessee Respond to Holiday CyberattacksPacific Pulmonary Medical Group (CA) October 2024 Announces Data BreachNew Infostealer Campaign Uses Discord Videogame LureCybercriminals Target Ethereum Developers with Fake Hardhat npm PackagesNew PhishWP Plugin Enables Sophisticated Payment Page ScamsVulnerable Moxa Devices Expose Industrial Networks to AttacksMediaTek Rings in the New Year With a Parade of Chipset Vulns
1/3-5/2025 January 5, 2025January 5, 2025 ~ The Cyber Beat ~ Leave a comment How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military WeaponsU.S. Sanctions Chinese Cybersecurity Firm for Global Botnet AttacksCyber Investors Expect More Mergers in 2025Cybersecurity Firm Tenable’s CEO Amit Yoran Dies After Battle With CancerCrypto Boss Extradited to Face $40bn Fraud ChargesCryptocurrency Wallet Drainers Stole $494 Million in 2024Apple to Pay Siri Users $20 Per Device in Settlement Over Accidental Siri Privacy ViolationsWindows 10 Users Urged to Upgrade to Avoid “Security Fiasco”Russia Orders Yandex to Scrub Maps and Images of Strategic Oil RefineryAtos Group Denies Space Bears’ Ransomware Attack ClaimsLexington Diagnostic Center (KY) Announces Recent Data Breach Involving Sensitive Patient InformationTycon Medical Systems (VA) Sends Data Breach Letters Following Cybersecurity IncidentNew FireScam Android Data-Theft Malware Poses as Telegram Premium AppPLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN AppsBad Tenable Plugin Updates Take down Nessus Agents WorldwideLDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain ControllersResearchers Uncover Nuclei Vulnerability Enabling Signature Bypass and Code Execution
1/2/2025 January 2, 2025January 2, 2025 ~ The Cyber Beat ~ Leave a comment Treasury’s Sanctions Office Hacked by Chinese Government, Officials Say…‘Office of Foreign Assets Control’‘No Definitive Link’ Found Between New Orleans Attack and Las Vegas Cybertruck Explosion, FBI SaysGlobal Campaign Targets PlugX Malware with Innovative PortalTighter Regulations Proposed for Foreign IT in Drones Used in U.S.Apple Offers to Settle ‘Snooping Siri’ Lawsuit for an Utterly Incredible $95MCrypto Hacks, Scam Losses Reach $29M in December, Lowest in 2024Japan’s Largest Mobile Carrier Says Cyberattack Disrupted Some ServicesHackers Leak Rhode Island Citizens’ Data on Dark WebCrown Mortgage Company (IL) Sends Data Breach Letters Following Recent Cybersecurity IncidentOver 3 Million Mail Servers Without Encryption Exposed to Sniffing AttacksMalicious Obfuscated NPM Package Disguised as an Ethereum Tool Deploys Quasar RATSevere Security Flaws Patched in Microsoft Dynamics 365 and Power Apps Web API
12/31/2024-1/1/2025 January 1, 2025January 1, 2025 ~ The Cyber Beat ~ Leave a comment What to Know about String of U.S. Hacks Blamed on ChinaU.S. Sanctions Russian & Iranian Groups Over AI-Generated Election DisinformationFinland Identifies Seven Suspects Among Crew of Alleged Russian ‘Spy’ TankerKrebs: U.S. Army Soldier Arrested in AT&T, Verizon ExtortionsHey, Maybe It’s Time to Delete Some Old Chat HistoriesOver 3.1 Million Fake “Stars” on GitHub Projects Used to Boost RankingsIndiana University Health Announces Data Breach Following Compromised Email AccountNew “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major WebsitesMisconfigured Kubernetes RBAC in Azure Airflow Could Expose Entire Cluster to ExploitationNew Details Reveal How Hackers Hijacked 35 Google Chrome ExtensionsThe Biggest Cybersecurity and Cyberattack Stories of 2024These Were the Badly Handled Data Breaches of 2024
12/30/2024 December 30, 2024December 30, 2024 ~ The Cyber Beat ~ Leave a comment China Hacked Treasury Dept. in ‘Major’ Breach, U.S. SaysAT&T and Verizon Say Networks Secure After Salt Typhoon BreachFinland Seizes Suspected Russian Spy Ship and Questions Crew Following Cable BreaksGermany Charges Three Suspected Russian Spies Accused of Surveilling Military SitesTelegram Blocks Russian State Media Channels in Several EU CountriesItalian Websites Subjected to Pro-Russian DDoS Attack Campaign…U.S. Treasury Says Chinese Hackers Stole Documents in ‘Major Incident’…U.S. Treasury Department Breached Through Remote Support PlatformAtos Says Space Bears Ransomware Group Claims It Compromised a DatabaseIn-Home Attendant Services (TX) Files Official Notice of Data BreachRansomware Is 35 Years Old and Now a Billion-Dollar Problem. Here’s How It Could EvolveHappy 15th Anniversary, KrebsOnSecurity!
12/27-29/2024 December 29, 2024December 29, 2024 ~ The Cyber Beat ~ Leave a comment White House: Salt Typhoon Hacks Possible Because Telecoms Lacked Basic Security Measures…U.S. Adds 9th Telcom to List of Companies Hacked by Chinese-Backed Salt Typhoon CyberespionageThe U.S. Proposes Rules to Make Healthcare Data More SecureBiden Administration Finalizes Rule to Block Sale of Americans’ Bulk Data to AdversariesThe Paper Passport Is DyingCISA’s 2024 Review Highlights Major Efforts in Cybersecurity Industry CollaborationRecord-Breaking Ransoms and Breaches: A Timeline of Ransomware in 2024How Cops Taking Down LockBit, ALPHV Led to RansomHub’s Meteoric RiseIt’s Only a Matter of Time Before LLMs Jump Start Supply-Chain AttacksHackers Steal ZAGG Customers’ Credit Cards in Third-Party BreachCustomer Data From 800,000 Electric Cars and Owners Exposed OnlineBlue Yonder Says November Ransomware Attack Not Connected to Cleo VulnerabilityHackers Hijacked Legitimate Chrome Extensions to Try to Steal DataCloud Atlas Deploys VBCloud Malware: Over 80% of Targets Found in RussiaFICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks15,000+ Four-Faith Routers Exposed to New Exploit Due to Default CredentialsPalo Alto Releases Patch for PAN-OS DoS Flaw — Update ImmediatelyToo Much ‘Trust,’ Not Enough ‘Verify’
12/26/2024 December 26, 2024December 26, 2024 ~ The Cyber Beat ~ Leave a comment Cyberattack on Ukraine’s State Registers Disrupts Marriage Registration, Real Estate DealsA Weird Windows 11 Bug Won’t Let Some People Install Any Security UpdatesThe Worst Hacks of 2024Brazilian Hacker Charged for Extorting $3.2M in Bitcoin After Breaching 300,000 AccountsUN General Assembly Approves Cybercrime Treaty Despite Industry BacklashJapan Airlines Systems Back to Normal After Cyberattack Delayed FlightNearly Half a Million People Had Data Stolen After Cyberattack on American Addiction CentersNew ‘OtterCookie’ Malware Used to Backdoor Devs in Fake Job OffersInfostealers Dominate as Lumma Stealer Detections Soar by Almost 400%Apache Warns of Critical Flaws in MINA, HugeGraph, Traffic Control
12/24-25/2024 December 25, 2024December 25, 2024 ~ The Cyber Beat ~ Leave a comment U.S. and Japan Blame North Korea for $308m DMM Bitcoin Crypto HeistIran’s Charming Kitten Deploys BellaCPP: A New C++ Variant of BellaCiao MalwareEuropean Space Agency’s Official Store Hacked to Steal Payment CardsAmerican Airlines Resumes Flights After Brief Grounding Ahead of Busy Christmas TravelFormer NSA Cyberspy’s Not-So-Secret Hobby: Hacking Christmas LightsYou Need to Create a Secret Password With Your FamilyMajor Biometric Data Farming Operation UncoveredInside Operation Destabilise: How a Ransomware Investigation Linked Russian Money Laundering and Street-Level Drug DealingRuijie Networks’ Cloud Platform Flaws Could Expose 50,000 Devices to Remote AttacksPittsburgh Regional Transit Attributes Recent Service Disruptions to Ransomware AttackColonial Surety Company (NJ) Announces Data Breach Stemming from May Cybersecurity IncidentClop Ransomware Is Now Extorting 66 Cleo Data-Theft VictimsHow Androxgh0st Rose From Mozi’s Ashes to Become ‘Most Prevalent Malware’New Botnet Exploits Vulnerabilities in NVRs, TP-Link RoutersCISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active ExploitationCritical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now
12/23/2024 December 23, 2024December 23, 2024 ~ The Cyber Beat ~ Leave a comment Inside The Invisible Russia-Ukraine BattlefieldFrance Extends Olympics Security Measures to Christmas MarketInterpol Identifies Over 140 Human Traffickers in New Innovative InitiativeAI Could Generate 10,000 Malware Variants, Evading Detection in 88% of CaseMFA: Shun This Basic Cybersecurity Tactic and Become a Target for HackersFTC Orders Marriott and Starwood to Implement Strict Data SecurityClassified Fighter Jet Specs Leaked on War Thunder – AgainAlta Resources Corporation (WI) Provides Notice of Data Breach Affecting Over 37k PeopleCritical Vulns Found in WordPress Plugins WPLMS and VibeBPAdobe Warns of Critical ColdFusion Bug with PoC Exploit CodeApache Fixes Remote Code Execution Bypass in Tomcat Web ServerNon-Human Identities Gain Momentum, Requires Both Management & Security
12/20-22/2024 December 22, 2024December 22, 2024 ~ The Cyber Beat ~ Leave a comment FAA Banning Drone Flights Over New Jersey, New York SitesUkraine’s State Registers Hit with One of Russia’s Largest Cyberattacks, Officials SayRussia Security Threat Is Far Reaching, Italy’s Prime Minister WarnsLazarus Group Spotted Targeting Nuclear Engineers with CookiePlus Malware…North Korean Hackers Stole $1.3 Billion Worth of Crypto This YearItaly’s Data Protection Watchdog Issues €15m Fine to OpenAI Over ChatGPT ProbePegasus Spyware Maker NSO Group Is Liable for Attacks on 1,400 WhatsApp UsersRansomware Attackers Target Industries with Low Downtime ToleranceU.S. Unseals Complaint Against Russian-Israeli Accused of Working for LockBitRomanian Netwalker Ransomware Affiliate Sentenced to 20 Years in PrisonMassive Live Sports Piracy Ring With 812 Million Yearly Visits Taken OfflineThree of the Biggest U.S. Banks Are Facing a Lawsuit for ‘Widespread Fraud’ on Zelle: Bank of America, JPMorgan Chase, and Wells FargoWhat Google’s Quantum Computing Breakthrough Willow Means for the Future of Bitcoin and Other CryptosAscension: Health Data of 5.6 Million Stolen in Ransomware AttackDuke Energy Reports Data Breach Potentially Impacting Over 8 Million CustomersPS Logistics Announces Data Breach Stemming from February 2024 CyberattackSRP Federal Credit Union (SC) Data Breach—240,000 Members Exposed in Attacked Claimed by Nitrogen Ransomware GroupWood County (OH) Agencies Continue Investigating Ransomware AttackKrispy Kreme Breach, Data Theft Claimed by Play Ransomware GangLockBit Admins Tease a New Ransomware Version: LockBit 4.0New FlowerStorm Microsoft Phishing Service Fills Void Left by Rockstar2FARspack npm Packages Compromised with Crypto Mining Malware in Supply Chain AttackHackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access ToolsSophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent ExploitationHow Not To Become A Botnet Victim: A Practical Guide For EveryoneInfosec Experts Divided on Ai’s Potential to Assist Red Teams
12/19/2024 December 19, 2024December 19, 2024 ~ The Cyber Beat ~ Leave a comment UAC-0125 Abuses Cloudflare Workers to Distribute Malware Disguised as Army+ AppKrebs: Web Hacking Service ‘Araneida’ Tied to Turkish IT FirmThis VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?Lumen Technologies Launches Sale of Consumer Fiber UnitU.S. Organizations Still Using Kaspersky Products Despite BanFour Smart Questions for Boards Overseeing CybersecurityU.S. Seeks Extradition of Alleged LockBit Ransomware Developer From IsraelBugs in a Major McDonald’s India Delivery System Exposed Sensitive Customer DataNew Malware Can Kill Engineering Processes in ICS EnvironmentsBadBox Malware Botnet Infects 192,000 Android Devices Despite DisruptionThousands Download Malicious npm Libraries Impersonating Legitimate ToolsJuniper Warns of Mirai Botnet Targeting SSR Devices with Default PasswordsFortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits
12/18/2024 December 18, 2024December 18, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Targets TP-Link With a Potential Ban on the Chinese RoutersU.S. Government Tells Officials, Politicians to Ditch Regular Calls and Texts…Chinese National Cyber Centre Says U.S. Hacks Stole Trade Secrets From Tech FirmsCongress Again Fails to Limit Scope of Spy Powers in New Defense BillKrebs: How to Lose a Crypto Fortune with Just One Bad ClickPhishing Attacks Double in 2024Nigeria Cracks Down on Cryptocurrency Investment Fraud and Romance ScamsRaccoon Stealer Malware Operator Gets 5 Years in Prison After Guilty PleaDutch Regulator Fines Netflix $5 Million for Data Privacy ViolationsQuantum AI Startup SandboxAQ Valued at $5.3 Bln After $300 Mln FundraisingAPT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP‘Bitter’ Cyberspies Target Defense Orgs With New MiyaRAT MalwareHubPhish Exploits HubSpot Tools to Target 20,000 European Users for Credential TheftBrighton Jones Files Official Notice of Data Breach Following Email Phishing AttackNew Fake Ledger Data Breach Emails Try to Steal Crypto WalletsA Lightweight App Comes With Some Heavy Consequences, Researchers SayNew Attacks Exploit VSCode Extensions and npm PackagesBeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS ProductsMicrosoft Won’t Let Customers Opt out of Passkey PushRecorded Future CEO Applauds “Undesirable” Designation by Russia
12/17/2024 December 17, 2024December 17, 2024 ~ The Cyber Beat ~ Leave a comment Intel Officials Warned Police That U.S. Cities Aren’t Ready for Hostile DronesU.S. Unveils New National Cyber Incident Response PlanSophisticated TA397 Malware Targets Turkish Defense SectorThe Mask APT Resurfaces with Sophisticated Multi-Platform Malware ArsenalStop Calling Online Scams ‘Pig Butchering,’ Interpol WarnsDrug Dealers Have Moved on to Social MediaFacebook Owner Meta Hit with 251 Million Euros in Fines for 2018 Data BreachCoder Wrote a Bug So Bad Security Guards Wanted a Word When He Arrived at WorkPositive Behavior Supports Corporation Reports Data Breach Affecting Sensitive Client InformationHackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan AttacksHackers Exploit Webview2 to Deploy CoinLurker Malware and Evade Security DetectionAttackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate MalwareCybercriminals Exploit Google Calendar to Spread Malicious LinksOver 25,000 SonicWall VPN Firewalls Exposed to Critical FlawsCritical Security Hole in Apache Struts Under ExploitCISA Orders Federal Agencies to Secure Microsoft 365 Tenants
12/16/2024 December 17, 2024December 17, 2024 ~ The Cyber Beat ~ Leave a comment Trump Administration Wants to Go on Cyber Offensive Against ChinaFederal Money Is Helping States Overhaul Cybersecurity. What Happens if It Dries Up?Russia Recruits Ukrainian Kids for Sabotage and ReconnaissanceSerbian Authorities Are Reportedly Hacking and Installing Spyware on Activists’ Phones: NoviSpyYouTube Creators Targeted in Global Phishing CampaignNew Investment Scam Leverages AI, Social Media Ads to Target Victims WorldwideThe Education Industry: Why Its Data Must Be ProtectedHackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and TicketsIsraeli Spyware Firm Paragon Acquired by U.S. Investment GroupBlackBerry Offloads Cylance for a Fraction of What It Paid in 2019Kali Linux 2024.4 Released With 14 New Tools, Deprecates Some FeaturesTexas Tech University System Data Breach Impacts 1.4 Million PatientsConnectOnCall Breach Exposes Health Data of Over 910,000 PatientsHackers Orchestrate Cyberattack Against PIH Health, Claiming Massive Data BreachRhode Island Confirms Data Breach After Brain Cipher Ransomware AttackCicada3301 Ransomware Claims Attack on French Peugeot DealershipNamibia’s State Telecom Provider Says Hackers Leaked Data After It Refused to Pay RansomFBI Spots HiatusRAT Malware Attacks Targeting Web Cameras, DVRsDeceptionAds Delivers 1M+ Daily Impressions via 3,000 Sites, Fake CAPTCHA PagesNew Glutton Malware Exploits Popular PHP Frameworks Like Laravel and ThinkPHPWindows Kernel Bug Now Exploited in Attacks to Gain SYSTEM Privileges
12/13-15/2024 December 16, 2024December 16, 2024 ~ The Cyber Beat ~ Leave a comment Winnti Hackers Target Other Threat Actors With New Glutton PHP BackdoorThai Officials Targeted in Yokai Backdoor Campaign Using DLL Side-Loading TechniquesUkraine Uncovers Russian Spy Network Recruiting Teens for Espionage“Hazardous Drone Operation” Leads to Two Arrests in BostonGame-Like ‘Task Scams’ Stole More Than $220 Million in Six MonthsThe Simple Math Behind Public Key CryptographyMajor Cloud Providers Could Get Key Role in AI Chip Access Outside the U.S., Sources SayPeak Design Denies Snitching on Luigi MangioneUnitedHealth’s Optum Left an AI Chatbot, Used by Employees to Ask Questions About Claims, Exposed to the InternetUK Shoppers Frustrated as Bots Snap Up Popular Christmas GiftsGermany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole ActionRussia Blocks Viber in Latest Attempt to Censor CommunicationsRhode Island’s Online Benefits System Shuts Down After CyberattackSRP Federal Credit Union (SC) Says 240,000 Impacted by Recent CyberattackAuto Parts Giant LKQ Says Cyberattack Disrupted Canadian Business UnitJapanese Game and Anime Publisher Kadokawa Reportedly Pays $3 Million Ransom to Russia-Linked HackersYoung Life Announces Data Breach Affecting Employees and Volunteers390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC ExploitsCISA Confirms Critical Cleo Bug Exploitation in Ransomware Attacks…Clop Ransomware Claims Responsibility for Cleo Data Theft AttacksAkira and RansomHub Surge as Ransomware Claims Reach All-Time HighCitrix Shares Mitigations for Ongoing Netscaler Password Spray AttacksCISA Warns Water Facilities to Secure HMI Systems Exposed Online
12/12/2024 December 13, 2024December 16, 2024 ~ The Cyber Beat ~ Leave a comment Gamaredon Deploys Android Spyware “BoneSpy” and “PlainGnome” in Former Soviet StatesNorth Korea’s Fake IT Worker Scam Hauled in at Least $88 Million Over Six Years…U.S. Offers $5 Million for Info on North Korean IT Worker FarmsTelecoms Haven’t Notified Most Victims of Chinese Phone Data Hacking Campaign, Sources SayGoogle Says Its Breakthrough Quantum Chip Can’t Break Modern CryptographyPolice Refer Westminster ‘Honeytrap’ to ProsecutorsSpain Busts Voice Phishing Ring for Defrauding 10,000 Bank CustomersPolice Shuts Down Rydox Cybercrime Market, Arrests 3 AdminsInsurance Worker Sentenced After Illegally Accessing Claimants’ DataBitcoin ATM Firm Byte Federal Hacked via GitLab Flaw, 58K Users ExposedOver 300K Prometheus Instances Exposed: Credentials and API Keys Leaking OnlineRemcos RAT Malware Evolves with New TechniquesNew Stealthy Pumakit Linux Rootkit Malware Spotted in the WildNew IOCONTROL Malware Used in Critical Infrastructure AttacksResearchers Uncover Symlink Exploit Allowing TCC Bypass in iOS and macOSWordPress Hunk Companion Plugin Flaw Exploited to Silently Install Vulnerable PluginsSecurity Flaws in WordPress Woffice Theme Prompts Urgent UpdateCleo Patches Critical Zero-Day Exploited in Data Theft Attacks
12/11/2024 December 11, 2024December 11, 2024 ~ The Cyber Beat ~ Leave a comment Researchers Uncover Espionage Tactics of China-Based APT Groups in Southeast AsiaChinese EagleMsgSpy Spyware Found Exploiting Mobile Devices Since 2017Secret Blizzard Targets Ukrainian Military with Custom Malware Kazuar BackdoorThe ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have ComeSnowflake Pledges to Make MFA MandatoryKrebs: How Cryptocurrency Turns to Cash in Russian BanksU.S. Charges Chinese Hacker for Exploiting Zero-Day in 81,000 Sophos FirewallsSouth Korea Takes Down Fraudulent Online Trading Network Used to Extort $6.3MOperation PowerOFF Takes Down DDoS BoostersKrispy Kreme Security Hole Leads to Cyberattack, Frosting OrdersLynx Ransomware Behind Electrica Energy Supplier CyberattackSabre (TX) Sends Data Breach Letter to Employees Announcing Leaked SSNs and MoreSophisticated Scam Targets UAE Residents with Fake Police FinesZLoader Malware Returns With DNS Tunneling to Stealthily Mask C2 CommsNew Malware Technique Could Exploit Windows UI Framework to Evade EDR ToolsMicrosoft Azure MFA Flaw Allowed Easy Access BypassMicrosoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without AlertsKrebs: Patch Tuesday, December 2024 Edition
12/10/2024 December 10, 2024December 10, 2024 ~ The Cyber Beat ~ Leave a comment Wyden Proposes Bill to Secure U.S. Telecoms After Salt Typhoon HacksU.S. Sanctions Chinese Firm Sichuan Silence Information Technology Company Over Potentially Deadly Ransomware AttackNvidia Probed in China Over Possible Antimonopoly ViolationsChinese Hackers Use Visual Studio Code Tunnels for Remote AccessPoker Cheaters Allegedly Use Tiny Hidden Cameras to Spot Dealt CardsNew Jersey Mayors Pen Letter Demanding Action on Mysterious Drone SightingsAI Safety Is Hard to Steer With Science in Flux, U.S. Official SaysAvast Antivirus Owner Gen Digital Acquires MoneyLion in $1 Bln DealFTC Distributes $72 Million in Fortnite Refunds From Epic GamesNext Congress Likely to Tussle Over Cyber OversightNemesis and ShinyHunters Hackers Exploit AWS Misconfigurations in Massive Data BreachHighgate Hotels Sends Out Data Breach Letters Following CyberattackFake Recruiters Distribute Banking Trojan via Malicious Apps in Phishing ScamNew AppLite Malware Targets Banking Apps in Phishing CampaignCleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation UrgedBadRAM: $10 Security Flaw in Amd Could Allow Hackers to Access Cloud Computing SecretsWPForms Bug Allows Stripe Refunds on Millions of WordPress SitesIvanti Warns of Maximum Severity CSA Auth Bypass VulnerabilityMicrosoft December 2024 Patch Tuesday Fixes 1 Exploited Zero-Day, 71 Flaws
12/9/2024 December 10, 2024December 10, 2024 ~ The Cyber Beat ~ Leave a comment China’s Salt Typhoon Recorded Top American Officials’ Calls, Says White House…U.S. Agencies to Brief House on Chinese Salt Typhoon Telecom HackingPhishing Scam Targets Ukrainian Defense CompaniesRadiant Links $50 Million Crypto Heist to North Korean HackersPolice Arrest UHC CEO Shooting Suspect, App Developer Luigi MangioneCybercrime Gang Arrested After Turning Airbnbs Into Fraud CentersFederal Appeals Court Upholds Law Threatening U.S. TikTok BanProposal for Cyber Force Study Is Watered down in Final Defense Bill…The Case For and Against Creating a Military Cyber ForceRussia Disrupts Internet Access in Multiple Regions to Test ‘Sovereign Internet’Romanian Energy Supplier Electrica Hit by Ransomware AttackU.S. Subsidiaries of Japanese Water Treatment Company, Green Tea Maker Kurita Water Industries Hit with RansomwareRansomware Attack Hits Leading Heart Surgery Device Maker ArtivionAmergis Healthcare Staffing (MD) Reports Data Breach Stemming from Compromised Email AccountsBlack Basta Ransomware Evolves with Email Bombing, QR Codes, and Social EngineeringSocks5Systemz Botnet Powers Illegal Proxy Service with 85,000+ Hacked DevicesOpenWrt Sysupgrade Flaw Let Hackers Push Malicious Firmware ImagesResearchers Uncover Prompt Injection Vulnerabilities in DeepSeek and Claude AILarge-Scale Incidents & the Art of Vulnerability Prioritization
12/6-8/2024 December 9, 2024December 9, 2024 ~ The Cyber Beat ~ Leave a comment FCC Chair Proposes Cybersecurity Rules in Response to China’s Salt Typhoon Telecom HackHow Chinese Insiders Are Stealing Data Scooped up by President XI’s National Surveillance SystemRomania Exposes TikTok Propaganda Campaign Supporting Pro-Russian Candidate…Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTokUK Cybersecurity Agency Unconcerned About Changes to Cisa Under TrumpHackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ DataQR Codes Bypass Browser Isolation for Malicious C2 CommunicationThe Weight-Loss Drug Boom Has Become One of the Internet’s Biggest ScamsWhy SOC Roles Need to Evolve to Attract a New GenerationPirated Corporate Software Infects Russian Businesses With Info-Stealing MalwareDeloitte Denies Breach, Claims Cyber-Attack Targeted Single ClientAnna Jaques Hospital (MA) Ransomware Breach Exposed Data of 300K PatientsBlue Yonder SaaS Giant Breached by Termite Ransomware GangCardano Foundation X Account Hacked, Scam Links Posted, Then RemovedUltralytics AI Model Hijacked to Infect Thousands With CryptominerMore_eggs MaaS Expands Operations with RevC2 Backdoor and Venom LoaderResearchers Uncover Flaws in Popular Open-Source Machine Learning FrameworksNew Windows Zero-Day Exposes NTLM Credentials, Gets Unofficial Patch
12/5/2024 December 6, 2024December 6, 2024 ~ The Cyber Beat ~ Leave a comment U.S. Phone Companies Could Face Fines for Weak Security Under a Proposed New RuleResearchers Uncover 4-Month Cyberattack on U.S. Firm Linked to Chinese HackersHackers Target Uyghurs and Tibetans with MOONSHINE Exploit and DarkNimbus BackdoorNew Android Spyware Found on Phone Seized by Russian FSBU.S. Arrests Scattered Spider Suspect Linked to Telecom HacksNebraska Man Pleads Guilty to Dumb Cryptojacking OperationEuropol Shuts Down Manson Market Fraud Marketplace, Seizes 50 ServersTexas Accuses Four Companies of Sharing Sensitive User Data Without Proper Notice and ConsentShe Escaped an Abusive Marriage—Now She Helps Women Battle Cyber HarassmentRomania’s Election Systems Targeted in Over 85,000 CyberattacksRansomware Hackers Target NHS Hospitals With New CyberattacksMajor USAID Contractor Chemonics Says 263,000 Affected by 2023 Data BreachHoboken Government Recovering From Ransomware Attack as Conti-Linked Gang Takes CreditPointClickCare Data Breach Affects Residents of Multiple Long-Term Care FacilitiesANEL and NOOPDOOR Backdoors Weaponized in New MirrorFace Campaign Against JapanPro-Russian Hacktivist Group ‘Noname’ Claims 6600 Attacks Targeting EuropeMitel MiCollab Zero-Day Flaw Gets Proof-of-Concept ExploitVulnerability Management Challenges in IoT & OT Environments