📰 Headlines
- The US Treasury have announced sanctions on Chinese hackers responsible for the breach of Treasury Department workstations last month. The sanctions target a Chinese hacker and a China-based cybersecurity company. (SecurityWeek)
- Researchers have warned of Mirai malware targeting vulnerabilities in Avtech cameras and Huawei routers to catch devices in a botnet. The campaign has been active for six months, with at least 1,300 systems infected. (SecurityWeek)
- Hackers have earned over $700,000 USD so far at the ‘Pwn2OWN Automotive 2025’ hacking competition in Tokyo this week for finding vulnerabilities in EV chargers and connectors. (SecurityWeek)
- Cloudflare was able to detect and block the largest DDoS attack ever recorded – a 5.6 Terabit per second attack – during the week of Halloween in 2024. (Cloudflare)
🎣 Vulnerabilities, Bugs, & Hacks
- Russian cybercriminals are operating a new scam on Microsoft 365. The attack involves flooding victims with thousands of spam emails, then impersonating tech support via Microsoft Teams calls to gain access and install ransomware on their devices. (The Record)
- A previously unknown China state-sponsored hacker group has been targeting users in East Asia with malicious VPN installers, according to a new report from ESET. (The Record)
- California-based education tech provider PowerSchool is notifying students and teachers that their personal information was compromised in a data breach in December 2024. (SecurityWeek)
- Hewlett Packard Enterprise is investigating claims of a breach after a threat actor claimed to have stolen documents from the company’s developer environment. (BleepingComputer)
- Two critical security flaws have been discovered impacting premium real estate plugins for WordPress, enabling unauthenticated users to gain administrative privileges. (BleepingComputer)
🚨 Vendor News & Announcements
- SailPoint, an identity security provider currently owned by Thoma Bravo, is pursuing a return as a public company. (CRN)
- Cloud-native application security company Sysdig has launched Stratoshark, a new open-source tool that extends Wireshark network visibility into the cloud. (SiliconAngle)
- Security data curation pipeline startup Axoflow has raised $7 million USD in a seed funding round, bringing the total raised by the company to close to $10 million. (SecurityWeek)
- Application security company DryRun Security has raised $8.7 million USD in a recent seed funding round. (SecurityWeek)
📟 Product Releases & Patches
- Oracle has released it’s January 2025 Critical Patch update which addresses 318 security vulnerabilities across it’s products and services. (THN)
- 7-Zip has patched a vulnerability that allowed attackers to bypass the Mark of the Web Windows security feature and execute code on users’ computers. All users should update as soon as possible. (BleepingComputer)
- Cisco has released patches for three vulnerabilities, including a critical bug in Meeting Management. (SecurityWeek)
🏛️ Policy & Legislation
- Newly inaugurated US President Donald Trump has revoked a 2023 Executive Order requiring developers of AI systems to share the results of safety tests with the US government, signalling a focus on promoting AI innovation. (Reuters)
- The Trump administration has dismissed all members of Department of Homeland Security advisory panels, including the Cyber Safety Review board. The committee issues reports and recommendations addressing major cybersecurity incidents. (The Record)
- The FBI and CISA have issued new guidance for software vendors, including making several recommendations such as avoiding hardcoding secrets. (Cybernews)
- The European Union is working on new ‘action plan’ to strengthen cybersecurity in healthcare, focussing on prevention, detection, impact mitigation and deterrence. (CSO Online)
🎙️ Expert Insights: Interviews & Buyers Guides
Don’t miss this week’s round of interviews & buyers guides with cybersecurity experts and thought leaders.
- Hoxhunt’s Maime Carter on Understanding Successful Human Risk Management
- Application Control Buyers Guide 2025
- 4 Cloud Backup Experts Share Their Predictions For 2025
- 8 Email Security Experts Share Their Advice For Security Leaders
That’s all for this week! 👋
Do you have any stories to share with Expert Insights, or any feedback on the format of this newsletter? Please let us know.
Contact [email protected]
Expert Insights’ Cybersecurity Resources
- The Top RMM Solutions For MSPs
- The Top Mobile Device Management (MDM) Solutions
- The Top Email Security Solutions For Office 365
- The Top Email Security Gateways
- The Top Multi-Factor Authentication (MFA) Solutions For Business
- The Top Phishing Protection Solutions
- The Top Cyber Threat Intelligence Solutions
