Cybersecurity News of the Week, January 12, 2025

This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate. Now includes Weekend Patch Report.

Stan's Corner

Our hearts go out to everyone impacted by the fires here in Los Angeles. The destruction and the psychological trauma are overwhelming.

It has also been beautiful to see the sense of community that has emerged from this tragedy. People are opening their homes, offering support to those in need, whether it's family, friends, even strangers.

I posted some thoughts about this on LinkedIn on Thursday after my wife and I returned home from evacuating Wednesday. I wrote “What we’re witnessing in our grief is heartwarming. It’s a testament to our natural instinct to help one another. … It makes me wonder what it would take for our community to come together around cybersecurity.?Hopefully not a cyber-tragedy.”

Adding to our challenges, fires and other disasters bring out the cyber-scum looking to take advantage of other's misfortune and our human instincts to help. Be especially suspicious. Don't trust texts and emails from people and organizations you don't know asking for support. Make sure the person who says he’s from FEMA is really from FEMA.

Shifting to cybersecurity …

If you're an attorney, you'll want to attend our 5th Annual Reasonable Security Summit on January 30. It is critical for legal professionals to remain at the forefront of cybersecurity developments. With data breaches and new privacy laws on the rise, understanding what qualifies as “reasonable security” has never been more important.

Key Benefits for Attorneys:

1. Stay Current on “Reasonable Security.” The concept of “reasonable security” is quickly evolving. Attorneys will gain insights into the legal frameworks and industry standards that define how organizations must protect client and consumer data.
2. Enhance Client Services. By advising clients on best practices and regulatory requirements, attorneys can broaden their practice areas and increase revenue.
3. Protect Your Own Firm. Implementing robust cybersecurity protocols within your practice is vital to safeguarding privileged information and maintaining client trust.
4. Expand Your Network. This summit offers invaluable opportunities to connect with cybersecurity experts, insurers, bankers, IT service providers, and fellow attorneys.

Featured Panel: “The Rise of Reasonable Cybersecurity.”

One of the summit’s central discussions focuses on the growing duty of care that organizations owe their customers, as shaped by tort principles and state data privacy laws. Panelists include:

• Tony Sager – Senior Vice President & Chief Evangelist, Center for Internet Security
• Kirk Herath – Chairman, CyberOhio
• The Honorable Sam Thumma – Uniform Law Commissioner

Attendees will gain a multidimensional perspective—technical, legal, and public policy—on why “reasonable security” is emerging as a fundamental expectation.

In a second panel, we'll explore the cybersecurity challenges faced by smaller businesses. Joining this discussion are two well-known Los Angeles attorneys, Robert Braun and Scott Koller, who will share practical solutions and legal considerations tailored to smaller enterprises.

In recognition of the legal community’s ongoing professional requirements, participants at the summit will receive MCLE credits.

For more information and to register, please visit securethevillage.org. We look forward to seeing you on January 30 to explore the critical role attorneys play in shaping a more secure digital landscape.

From SecureTheVillage

• A Reasonable Approach to Reasonable Security. January 30, 2025. SecureTheVillage's 5th Annual Reasonable Security Summit. In collaboration with the Center for Internet Security (CIS). Keynote Speakers: Tony Sager, CIS Chief Evangelist. Bill Leider, Axies Group. Westdrift Hotel, Manhattan Beach and live-streamed. Register now. Sponsorships available.

Needed Now

• 10 IT Service Providers / MSPs wanting to up their security game and grow their business.
• 20 smaller business owners and nonprofit leaders committed to improving their cybersecurity.
• 10 law firms and banks who seek competitive advantage by partnering with us.
• 3 large corporations who want to join us in bringing cybersecurity to an under served Los Angeles.
• 3 new governing board members skilled in fundraising and community building

SecureTheVillage FREE Newsletters. Sign up or share with a friend!

• Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
• Family Protection Newsletter:Our monthly newsletter for non-cyber experts. For your parents, friends,and those who need to protect themselves in a digital world.

SecureTheVillage Guides for families and individuals

• How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
• Guide to Password Managers. What you need to know to get a password manager that's right for you.

Support SecureTheVillage: We need your help if we're to build a world of CyberGuardians. Donate to SecureTheVillage.

Cybersecurity Nonprofit of the Week

Our kudos this week to the Center for Internet Security (CIS?). CIS? is a community-driven nonprofit responsible for the CIS Controls?, CIS Benchmarks?, and CIS Hardened Images?. … The Center released its newest publication, “A Guide to Defining Reasonable Cybersecurity” at this year’s RSA Conference. … Strong proponents of collaboration and innovation, CIS is also home to the Multi-State Information Sharing and Analysis Center? (MS-ISAC?) and the Elections Infrastructure Information Sharing and Analysis Center? (EI-ISAC?). … SecureTheVillage was a recipient of a grant from the Center’s Allen Paller Laureate Program to support our launch of LA Cybersecure? to measurably improve the cybersecurity of small and midsize organizations. ?… The Center for Internet Security is one of the founders of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits including SecureTheVillage.

?

Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.?

Another sad story of loss.

• American woman lost her life savings to scammers posing as Amazon. Here’s how the scam works and how to protect yourself: When a Knoxville, Tennessee woman named Colleen saw a duplicate charge on her credit card for an Amazon purchase, she attempted to contact the merchant to resolve the issue. But instead of getting in touch with Amazon, she wound up contacting a scammer by accident. … Her mistake was innocent enough. Rather than go to Amazon's website and use their channels to connect with someone from customer service, Colleen did an internet search for a customer service phone number. … The problem? She didn't reach Amazon. Instead, she reached someone who would ultimately rob her of her life savings.

Please freeze your credit. It's your best defense against synthetic identity theft.

• Frankenstein Fraud: How Synthetic Identity Theft Targets the Most Vulnerable: If a criminal steals a Social Security number, they could piece it together with other real or fake details to create an entirely new identity. … Criminals stitching parts of people together sounds like something out of a horror movie. Unfortunately, it's happening every day with fragments of people's identities. … Synthetic identity fraud happens when someone steals an individual's Social Security number and combines it with information from other people's identities, such as a name, address or birthdate. The criminal can then use this new identity to borrow money. If a fraudster succeeds, the real SSN owner may be left on the hook. … While scary, this crime hinges on a cybercriminal using your Social Security number. Luckily, there are several ways you can prevent someone from using your SSN once they have it.

Just because a link is at the top of your search doesn't mean it's legit. Always be suspicious.

• Google warns of legit VPN apps being used to infect devices with malware: Attackers are reportedly using popular VPN applications as a backdoor to inject malware and gain remote control of infected devices. … This is the worrying finding coming from Google's Managed Defense team, which shed light on how malicious actors employ SEO poisoning tactics to spread what's known as Playfulghost malware. … "The malware is bundled with popular applications, like LetsVPN, and distributed through SEO poisoning," wrote the expert. "This involves manipulating search engine results to make the bundled software appear at the top of searches, making it seem like a legitimate download." … Phishing attacks, meaning malicious emails that trick users into clicking on dangerous links to download malware, are another known distribution method.

Section 3: Cybersecurity and Privacy News for the Cyber-Concerned.

National Cybersecurity News.

• Chinese hackers breached US government office that assesses foreign investments for national security risks: Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN. … The theft, which has not previously been reported, underscores Beijing’s keen interest in spying on a US government office that has broad powers to block Chinese investment in the US as tensions between the world’s two superpowers remain high. … The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system.
• Japan says Chinese hackers targeted its government and tech companies for years: The Japanese government published an alert on Wednesday accusing a Chinese hacking group of targeting and breaching dozens of government organizations, companies, and individuals in the country since 2019. … Japan’s National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity attributed the years-long hacking spree to a group called MirrorFace. … “The MirrorFace attack campaign is an organized cyber attack suspected to be linked to China, with the primary objective of stealing information related to Japan’s national security and advanced technology,” the authorities wrote in the alert, according to a machine translation.
• ‘We have to prioritize cybersecurity’ within federal budgets, outgoing cyber czar says: The Trump administration shouldn’t abandon an effort to get federal agencies to set cybersecurity priorities as part of their annual budget requests, the nation’s outgoing cyber czar said on Tuesday. … Last year, the Office of the National Cyber Director (ONCD) and the Office of Management and Budget (OMB) on Wednesday published a list of digital security benchmarks they wanted agencies to pursue as part of their fiscal 2026 budgets. It was intended to be a powerful new oversight tool for the White House, giving both offices the ability to review the cyber plans each agency submits and send them back if they have any concerns. … “I'm not going to dance around things: it's good to give budget guidance. We need to give budget direction when it comes to cybersecurity,” National Cyber Director Harry Coker said at an event at The Foundation for Defense of Democracies in Washington, D.C. … “I would love for the incoming administration, or any administration, to recognize the priority of cybersecurity.”

Fail to protect other people's information. Expect to be sued.

• Lawsuits pile up against PIH Health in wake paralyzing ransomware attack : In the first of what is expected to be a flurry of lawsuits stemming from a cyberattack against a Los Angeles County medical network, a Whittier man is suing PIH Health for failing to safeguard his confidential information from hackers who purportedly stole 17 million patient records from computer servers last month. ... The Southern California News Group obtained a copy of a threatening, typewritten letter purportedly faxed by the unidentified hackers to PIH outlining the scope of the attack. … The cyberthieves said they found PIH’s network “highly vulnerable,” with data stored insecurely on servers, and claimed to have stolen about 2 terabytes of files, including 17 million confidential patient records that include home addresses, phone numbers, places of employment and medical expenses. … Hackers also claimed they had recovered data for 8.1 million “medical episodes,” detailing patient diagnoses, test results, photos, scans and private emails.
• US state sues T-Mobile over 2021 data breach which leaked data of millions: The US state of Washington is taking legal action against telecommunications giant T-Mobile over consumer protections failures following a 2021 data breach which exposed up to 79 million consumers worldwide, including the social security numbers of almost 184,000 customers in the state. … As part of Washington’s lawsuit, the state claims T-Mobile failed to ‘adequately secure sensitive personal information of more than 2 million Washingtonians’. This failure, the state claims, left those consumers vulnerable to fraud and identity theft. … The suit claims that the breach was ‘entirely avoidable’ and explains T-Mobile had years to fix key vulnerabilities in its cybersecurity systems, and failed to properly address them. A lack of security monitoring meant T-Mobile was unaware of the breach.
• Pig butchering victim sues banks for allowing scammers to open accounts: A California man has sued three banks for alleged “willful blindness” in allowing criminals to open accounts used to steal nearly $1 million from him in a cryptocurrency investment scam.

From the Electronic Frontier Foundation.

• Online Behavioral Ads Fuel the Surveillance Industry—Here’s How: A global spy tool exposed the locations of billions of people to anyone willing to pay. A Catholic group bought location data about gay dating app users in an effort to out gay priests. A location data broker sold lists of people who attended political protests. … What do these privacy violations have in common? They share a source of data that’s shockingly pervasive and unregulated: the technology powering nearly every ad you see online. … Each time you see a targeted ad, your personal information is exposed to thousands of advertisers and data brokers through a process called “real-time bidding” (RTB). This process does more than deliver ads—it fuels government surveillance, poses national security risks, and gives data brokers easy access to your online activity. RTB might be the most privacy-invasive surveillance system that you’ve never heard of. … A key vulnerability of real-time bidding is that while only one advertiser wins the auction, all participants receive the data. Indeed, anyone posing as an ad buyer can access a stream of sensitive data about the billions of individuals using websites or apps with targeted ads. That’s a big way that RTB puts personal data into the hands of data brokers, who sell it to basically anyone willing to pay.

Kudos to New York as it continues to strengthen its personal data consumer protection laws.

• New consumer protection laws in New York: What you need to know: New Yorkers will now have stronger personal data protections as six new laws were signed by Gov. Hochul in December, ranging from quicker notification of data breaches to better protections for New Yorkers using online dating services. … "New Yorkers should never have to worry about their personal information being misused or falling into the wrong hands," Hochul said. "With this legislative package, we are taking bold action to hold companies accountable, strengthen protections, and give consumers the transparency and security they need and deserve." … Here's what to know about the newly passed laws.

This week in cybercrime.

• Massive breach at location data seller: “Millions” of users affected: Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if you’re a US citizen. … Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sources—from publicly available data to stolen datasets—and then sell the gathered data on. Gravy Analytics specializes in location intelligence, meaning it collects sensitive phone location and behavior data. … One of the buyers is the US government who increasingly circumvents the need to get a warrant by simply buying what they want to know from a data broker. Ironic, given that the FTC sued Gravy Analytics after saying it routinely collects sensitive phone location and behavior data without getting the consent of consumers.
• Hack of Rhode Island social services platform impacted at least 709K, officials say: State officials received reports from Deloitte and a third-party forensic firm showing the threat to the database has been mitigated and efforts are underway to restore access. … The officials held a Jan. 10 briefing to notify thousands of recipients that breach notification letters were being mailed out. Courtesy of Rhode Island. … Rhode Island began mailing notification letters Friday to alert individuals impacted by the December ransomware attack against the state social services agency, Gov. Dan McKee said during a Friday press conference. … Victims will get five years of free credit monitoring and additional identity protection services.
• PowerSchool hack could affect millions of K-12 students: Education software giant PowerSchool suffered from a hack that might have put the sensitive data of K-12 students and teachers at risk. It’s unclear how many people were affected, but the PowerSchool Student Information System (SIS) platform contains the data of over 60 million students and 18,000 customers. … Some of the leaked data could be limited to names and addresses but some school districts may have been hit harder, with data like Social Security numbers (SSNs), personally identifiable information (PII), grades, and medical information being stolen, as reported by Bleeping Computer.
• UN aviation agency 'actively investigating' cybercriminal’s claimed data breach: The U.N.’s International Civil Aviation Organization (ICAO) announced late on Monday that it was “actively investigating reports of a potential information security incident” following a criminal claim to have breached the agency. … According to ICAO’s statement, the incident was “allegedly linked to a threat actor known for targeting international organizations.”
• Cannabis company Stiiizy says hackers accessed customers’ ID documents: Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyberattack. … In a data breach notice filed with California’s attorney general this week, Stiiizy said it was notified by its point-of-sale processing vendor that an “organized cybercrime group” had compromised the data from some of its retail locations.

Section 4: For smaller businesses and nonprofits

Kudos to our friends at the Cyber Readiness Institute. Five important things for smaller businesses to do. Now.

• CYBER READINESS INSTITUTE SHARES TOP NEW YEAR’S RESOLUTIONS FOR SMALL AND MEDIUM-SIZED BUSINESSES: Entering 2025, millions of small and medium-sized businesses (SMBs) are setting New Year’s resolutions to improve their operations, grow their customer bases, and achieve financial success. But in today’s digital age, top security experts suggest a different set of resolutions should rise to the top of every SMB’s list: safeguarding their business from cyber threats. … Recent studies reveal that almost half (41%) of the world’s more than 350 million small businesses experienced a cyberattack in the past year, a number that continues to grow. The financial fallout can be overwhelming: Microsoft reports cyber attacks cost SMBs an average of $250,000 and, in some cases, as much as $7 million—losses that most small businesses cannot afford. … “SMBs are prime targets because they often lack the resources and expertise to defend against attacks,” said Karen S. Evans, Managing Director of CRI. “But there are simple, affordable steps SMBs can take to reduce their risk and build resilience against cyber threats – we call them the ‘5 for ‘25’.” … CRI’s top cybersecurity “resolutions” for SMBs in 2025:

Running Ivanti? Patch now.

• Chinese spies targeting new Ivanti vulnerability, Mandiant says: A newly publicized vulnerability in popular products from tech company Ivanti is being exploited by China-based espionage threat actors, according to Google-owned cybersecurity firm Mandiant. … Mandiant published a blog post detailing its examination of CVE-2025-0282 — a vulnerability Ivanti announced on Wednesday that affects the company’s popular Connect Secure VPN appliance. ?… On Wednesday night, the leading U.S. cybersecurity agency ordered all federal civilian agencies to patch the vulnerability by January 15 — the shortest time frame it has ever issued since creating its Known Exploited Vulnerabilities Catalog.

Section 5: Weekend Patch Report

Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. While patching is increasingly automated, it's important to double-check that it's being done. The following lists current versions of common software programs. Items in Bold have been updated in the past week. Updates are usually available from within the program. If not, updates can be downloaded from the company's website.

7-Zip 24.09.

Adobe Acrobat Reader 2024.005.20320

AVG 24.12.3362.

Apple iOS updated to 18.2.1

Apple iPadOS updated to 18.2.1

Apple macOS Sequoia ?15.2

Apple macOS Sonoma 18.2

Apple macOS Ventura 18.2

Apple watchOS ?18.2

Apple tvOS 18.2

Apple visionOS 2.2

Apple Safari 18.2

Brave updated to 1.73.105.

CCleaner 6.31.11415.

Chrome updated to 131.0.6778.265.

Discord updated to 1.0.9177.

Dropbox updated to 215.4.7202.

Edge updated to 131.0.2903.146.

ExpressVPN 12.95.0

Firefox updated to 134.0.

Foxit Reader 2024.4.0.27683.

Google Drive for Desktop 101.0.3.0.

iTunes 12.13.4.4.

KeePass 2.57.1.

Malwarebytes 5.2.4.157.

Microsoft 365 & Office

Microsoft Windows

Notepad++ ?8.7.5.

Opera Chromium updated to 116.0.5366.21.

Skype to 8.134.0.202.

Spotify 1.2.53.440.

TeamViewer 15 updated to 15.61.4.

Thunderbird ESR 128 updated to 128.6.0.

Zoom updated to 6.3.5.54827.

About SecureTheVillage:

The vision of SecureTheVillage is to make Los Angeles the cyber-safest metropolitan region in the United States for smaller businesses, nonprofits, families, and individuals. Making this happen takes a village.

Follow Stan Stahl, PhD on LinkedIn!

Support SecureTheVillage: We need your help if we’re to build a world of CyberGuardians?. Donate to SecureTheVillage.

It takes a village to secure the village.?