Beyond the Hack /February 2025
Blaze Information Security
Experts in offensive cybersecurity and penetration testing.
Hey folks,
As they say, January was a long year – but we made it. The cybersecurity rollercoaster isn't slowing down – DORA is now fully in play for financial entities in the EU, Trump is shaking up cybersecurity policy, and CISA might actually survive the political crossfire.
On the Blaze front, we hit our 9th anniversary last month. To our clients, partners, and the wider cybersecurity community – thank you for being part of the journey.
Cheers, Julio Fort
CISA's future appears more secure despite past Republican efforts to dismantle it. Homeland Security Secretary Kristi Noem and other Republicans now emphasize its role in defending critical infrastructure against Chinese cyber threats and ransomware. Trump has upheld Biden's executive order on securing federal software supply chains. The likely new CISA director, Sean Plankey, is seen as a nonpartisan cybersecurity expert. House Homeland Security Chair Mark Green supports shifting responsibility for security flaws to software vendors, echoing former CISA Director Jen Easterly's push for legal liability in software security. Bipartisan efforts to strengthen cybersecurity could emerge due to escalating Chinese espionage and the economic toll of ransomware.
Trump administration fires members of cybersecurity review board in 'horribly shortsighted' decision
The Department of Homeland Security has terminated all advisory committees, including the Cyber Safety Review Board (CSRB), which investigated critical incidents like Chinese cyberattacks on U.S. telecoms. Critics argue this decision undermines cybersecurity efforts, particularly as the CSRB provided crucial insights into breaches targeting critical infrastructure. While DHS cited resource misuse, members were unpaid. Experts stress the need for qualified advisors to maintain cybersecurity defenses amidst growing threats, calling the move a dangerous misstep.
The Digital Operational Resilience Act is now binding for all EU financial entities. DORA aims to bolster the digital operational resilience of the financial sector and oversight of Critical Third-Party ICT Providers. Compliance became mandatory on 17 January following a deployment period since January 2023.
Community Health Center (CHC) is notifying over a million patients of a data breach that exposed names, birthdates, contact details, diagnoses, test results, Social Security numbers, and insurance information. Detected on 2 January, the attack did not disrupt operations, and CHC claims to have stopped access within hours. The incident comes after ransomware attacks on Frederick Health (27 January) and the New York Blood Center Enterprises (29 January).
WhatsApp disrupted a hacking campaign linked to Israeli spyware maker Paragon, targeting about 90 users, including journalists and civil society members. The attack, which used malicious PDFs in WhatsApp groups, was patched by WhatsApp, requiring no user interaction to exploit. Paragon, recently acquired by AE Industrial, has maintained a low profile compared to NSO Group and Intellexa. The campaign affected victims in over two dozen countries, raising concerns about commercial spyware abuse.
Learn about SOC 2 penetration testing requirements and how to improve your company's security posture against cyber threats.?
If you're looking for a pentest for SOC 2 compliance, we offer 15% OFF this month in our penetration testing services package tailored for SOC 2 audits.
All you need to know about ISO 27001 penetration testing requirements and comply with the latest ISO/IEC 27000 standard.
领英推荐
We've compiled a list of essential cybersecurity practices designed specifically for startups and fast-growing businesses. These are practical, proven measures to help you safeguard your digital assets, protect critical operations, and reduce your attack surface.
A quick rundown of the latest changes to the HIPAA Security Rule. Conducting penetration testing will be mandatory every 12 months, and vulnerability scanning every 6 months.
?? Check out these articles and more on our blog for expert insights you can act on.
HackCon#20
Oslo, Norway
12-13 February
BSides Budapest
Budapest, Hungary
21 February
NULLCON Goa 2025
Sancoale, Goa, India
1-2 March
Kill Chain: The Cyber War on America's Elections (2020)
Electronic voting machines are a mess, and Kill Chain: The Cyber War on America's Elections doesn't hold back in showing why. Led by Harri Hursti, the documentary rips into the vulnerabilities of U.S. election systems, demonstrating just how easy it is to manipulate results. It covers real-world attacks, past interference, and the general failure to secure critical infrastructure. If you still trust electronic voting without a paper trail, this one might change your mind.
Being aware of threats is not enough – take action!
Discover special offers, explore our services and find the right penetration testing solution for your organization's cybersecurity needs.
Web Development ? Digital Marketing ? Data Analytics ? SaaS ? Mobile Apps ? DesignOps ? Digital Commerce ? DevOps
3 周??