It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.
?? Cybersecurity Threats & Vulnerabilities
The latest cybersecurity developments highlight ongoing threats and vulnerabilities across various sectors.
- ?? A Microsoft MFA outage is preventing users from accessing Microsoft 365 apps. (Published on 1/13/2025, BleepingComputer). Read More
- ?? Over 4,000 web backdoors were hijacked by registering expired domains, exposing compromised systems to further risks. (Published on 1/12/2025, The Hacker News). Read More
- ???♂? A fake PoC exploit for an LDAP vulnerability is spreading infostealer malware. (Published on 1/13/2025, SecurityWeek). Read More
- ?? Microsoft has released a record-breaking 159 security patches, including eight zero-days. (Published on 1/14/2025, Dark Reading). Read More
- ?? A Google OAuth flaw allows attackers to hijack credentials using domains from failed startups. (Published on 1/14/2025, The Hacker News). Read More
- ?? Hackers leaked VPN credentials and configurations for 15,000 FortiGate devices on the dark web. (Published on 1/15/2025, BleepingComputer). Read More
- ?? A UEFI Secure Boot vulnerability could allow attackers to install bootkits, despite a recent patch. (Published on 1/16/2025, The Hacker News). Read More
?? Regulatory Actions & Privacy Concerns
Governments and advocacy groups are stepping up efforts to enforce cybersecurity and privacy regulations.
- ?? Texas is suing Allstate for unlawfully tracking and selling driving data from 45 million Americans. (Published on 1/14/2025, BleepingComputer). Read More
- ??? The FCC has ordered telecoms to improve security after last year’s Salt Typhoon cyberattacks. (Published on 1/17/2025, BleepingComputer). Read More
- ?? An Austrian privacy group is suing TikTok, AliExpress, and others over illicit data transfers to China. (Published on 1/16/2025, The Hacker News). Read More
- ?? GM faces a potential ban on selling driver data that insurers could use to raise rates. (Published on 1/17/2025, Ars Technica). Read More
- ???? Industry leaders react to President Biden’s latest cybersecurity executive order. (Published on 1/17/2025, SecurityWeek). Read More
?? Cybercrime & Emerging Attack Techniques
Cybercriminals continue to refine their tactics, exploiting vulnerabilities in both technology and human behavior.
- ?? Label giant Avery suffered a data breach, exposing customers’ credit card details. (Published on 1/15/2025, BleepingComputer). Read More
- ?? Attackers hijacked Google advertiser accounts to spread malware through malicious ads. (Published on 1/15/2025, Dark Reading). Read More
- ?? The rise of MFA failures and AI-powered attacks is worsening authentication security. (Published on 1/16/2025, BleepingComputer). Read More
?? Cybersecurity Trends & Insights
Insights into emerging security challenges and best practices for protecting digital infrastructure.
- ??? Open-source software remains a primary target for supply chain attacks, posing ongoing risks. (Published on 1/15/2025, SecurityWeek). Read More
- ?? CISA’s new AI playbook aims to improve threat intelligence sharing for AI-related cyber risks. (Published on 1/16/2025, Dark Reading). Read More
Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!
Don't forget that you can also subscribe to the Friday Wrap Up on Substack and receive it in your inbox every Friday. Never miss an edition of the Friday Wrap Up!
Disclaimer: The views and opinions expressed in this newsletter are solely those of the author and do not necessarily reflect the official policy or position of any agency of the U.S. government or any other organization. This content is provided for informational purposes only and is not meant to represent the strategies or opinions of any aforementioned entities.
