Your Weekly Cybersecurity News, headlines, Patches and Bans

Welcome to this weekend's digest of the top cybersecurity stories discussed on the CyberHub Podcast this week.

Here’s what you need to know to stay informed:

Major Stories This Week

Chinese Hackers Breach U.S. Treasury Offices

Chinese threat actors, Silk Typhoon (Hafnium), breached critical U.S. Treasury offices like OFAC and CFIUS, using compromised BeyondTrust SaaS API keys. This espionage operation targeted trade and sanction enforcement, signaling China's preparations for future sanctions and its geopolitical maneuvering to bolster BRICS.

Key Takeaway: Secure remote access tools and monitor API key usage vigilantly.

Ivanti Exploits Persist

Ivanti vulnerabilities (CVE-2025-0282, CVE-2025-0283) exploited by Chinese cyber spies (UNC5337) highlight the risks of legacy systems. These flaws allow remote code execution, emphasizing the challenge of replacing critical but outdated infrastructure.

Action Item: Apply Ivanti patches promptly to avoid exposure or get the support to replace it.

Looming TikTok Ban in the U.S.

The U.S. Supreme Court heard arguments on the impending TikTok ban, set for January 19. With ByteDance resisting U.S. ownership transfer, concerns grow about national security and the precedent of government power over businesses. The Supreme Court upheld the decision to ban TikTok on Friday and confirmed the shut down of the app on Sunday January 19th, 2025. However the unintended consequence is the raise of RedNote another Chinese social media app thats currently number 1 in both Apple and Android App store.

Phishing Campaigns Target PayPal and Job Seekers

• PayPal Users: Attackers exploit legitimate PayPal URLs to trick users into fake portals and steal credentials.
• Job Seekers: Fake CrowdStrike job offers direct victims to malicious sites, installing crypto miners like XMRig.

Pro Tip: Educate employees about these tactics to improve awareness.

Telefonica, Thizzy, and Healthcare Data Breaches

• Telefonica: Spanish telecom giant exposed sensitive customer and ticketing data.
• Thizzy Dispensary: California-based marijuana dispensary suffered a breach, compromising customer IDs and passports.
• Healthcare: The U.S. healthcare industry saw 180 million compromised records in 2023, with over 585 reported cybersecurity incidents highlighting the growing threat of insurance fraud and the easy target healthcare is for cyber criminals.

Takeaway: No industry is immune—prioritize robust data protection measures.

FBI Removes Chinese PlugX Malware

The FBI successfully removed PlugX malware, linked to China’s Mustang Panda, from over 4,200 systems. This persistent threat spread via USB drives and targeted organizations globally.

Key Insight: Stay vigilant against state-sponsored cyber operations.

Microsoft Patch Tuesday Highlights

Microsoft patched 159 vulnerabilities, including 8 zero-days. Companies like Adobe, Fortinet, and Zoom also issued critical updates.

Action Item: Update systems immediately to mitigate exploitation risks.

North Korean Cryptocurrency Thefts

North Korea stole over $660 million in cryptocurrency in 2024, funding its regime. Targets include platforms like DMM and Upbit, underscoring the blockchain industry’s vulnerability.

Recommendation: Blockchain platforms must enhance security protocols.

Key Themes Across the Cyber Landscape

• Geopolitical Cyber Threats: China, North Korea, and Russia continue to dominate the threat landscape.
• Patch Management: Critical vulnerabilities in legacy systems remain a challenge.
• Cyber Hygiene: Misconfigurations and basic lapses still fuel botnets and malware campaigns.

Action Plan for Cyber Teams

1. Review Access Controls: Secure API keys and remote tools.
2. Educate Staff: Include phishing tactics in awareness training.
3. Apply Patches: Prioritize updates from Ivanti, Fortinet, and Microsoft.
4. Strengthen Cloud Security: Address risks like the Aviatrix vulnerability.
5. Monitor Emerging Threats: Track state-sponsored and cryptocurrency-related activities.
6. Enhance Healthcare Defenses: Protect sensitive patient data against fraud.

Catch James Azar’s exclusive interview with Andy Ellis partner at YL Ventures (CSO Hall of Famer) tomorrow at 11 a.m. EST.

Stay vigilant, stay informed, and most importantly—stay cyber safe!

?? Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

?? Important Links to Follow:

??Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

??Listen here: https://linktr.ee/cyberhubpodcast

? Stay Connected With Us.

??Facebook: https://www.facebook.com/CyberHubpodcast/

??LinkedIn: https://www.dhirubhai.net/company/cyberhubpodcast/

??Twitter (X): https://twitter.com/cyberhubpodcast

??Instagram: https://www.instagram.com/cyberhubpodcast

?? For Business Inquiries: [email protected]

=============================

?? About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.

For Collaboration and Business inquiries, please use the contact information below:

?? Email: [email protected]