Welcome back to your cybersecurity news recap from Expert Insights.
In this issue: The biggest headlines from the week in cyber, vulnerabilities and hacks you should know about, vendor news you shouldn’t miss, and the latest cyber-policy developments.
💡Don’t forget! You can now listen to this briefing on the Expert Insights Podcast. 🎙️
📰 Headlines
- A sophisticated Russia-linked phishing campaign targeting government, IT, defense, telecoms, and health services has been ongoing since August 2024, says Microsoft. The attacks exploit device code authentication flows & social engineering to bypass MFA controls. (SecurityWeek)
- A newly discovered malware strain dubbed ‘FinalDraft’ is able to abuse Outlook email drafts to execute command-and-control communication attacks; it has already used been in attacks against a South American ministry. (BleepingComputer)
- Ukraine’s cyberdefense director has warned that Russia is using AI to help it more efficiently analyze data stolen in cyberattacks – enabling them to deliver more targeted phishing campaigns. (TheRecord)
- Some 20 Italian websites have been targeted by alleged pro-Russian hackers according to Italy’s cybersecurity agencies, after rising diplomatic tensions between Russia and Italy. (Reuters)
- 405 cybersecurity related merger and acquisition deals were announced in 2024 – the smallest number since 2021 – for a value in excess of $50.75 billion. (SecurityWeek)
- IRONSCALES CEO: “We’ve got to have a different approach to how we think about social engineering and phishing in the future.” (Expert Insights)
🎣 Vulnerabilities, Scams, & Hacks
- Russian hackers have launched phishing campaigns using malicious QR codes that exploit the ‘Linked Devices’ feature in Signal to hack into high-profile accounts. (BleepingComputer)
- Cyber-attacks have hit the Virginia Attorney General’s Office, taking “Nearly all systems offline.” Virginia State Police are investigating the attack. (Richmond Times-Dispatch)
- ‘Fake browser’ updates are being used to spread a new MacOS malware campaign dubbed ‘FrigidStealer’. The malware is delivered via web inject campaigns. (Proofpoint)
- Security vulnerabilities have been discovered in the OpenSSH networking utility suite that, if exploited, could result in machine-in-the-middle and denial-of-service attacks, Qualys finds. (THN)
- News company Lee Enterprises has confirmed that the recent disruption at several local newspapers was caused by a ransomware attack. At least 75 titles were affected. (SecurityWeek)
- Fax hacks? Security vulnerabilities have been disclosed in a Xerox printer (VersaLink C7025 Multifunction) that could allow attacks to capture Windows Active Directory credentials. A patch is now available. (THN)
🚨 Vendor News & Announcements
- Identity security leader SailPoint has completed its initial public offering on the Nasdaq, raising $1.38 billion USD in proceeds. (YahooFinance)
- Check Point and Wiz have entered a ‘strategic partnership’ to deliver end-to-end cloud security via technology integration and a strategic business alliance. (CheckPoint)
- ArmorPoint and SentinelOne are partnering to offer AI-powered SOC automation with ‘real-time threat detection and response.’ (MSSPAlert)
- Israeli AI Security Startup Dream has raised $100M in Series B funding round, brining its total valuation to $1.1 billion USD. (SiliconAngle)
📟 Product Releases & Patches
- Google has released a new Chrome update that brings AI powered security features including real-time threat detection, download scanning, and password compromise alerts to all users. (CybersecurityNews)
- Palo Alto Networks has released ‘Cortex Cloud’, a new version of Prisma Cloud that adds AI-powered prioritization, automated remediation, and a revamped user experience. (PaloAltoNetworks)
- Juniper Networks has released security updates to patch a critical security flaw impacting Session Smart Router, Session Smart Conductor, and WAN Assurance Router products. (TNH)
🏛️ Policy, Law, & Legislation
- A bipartisan bill introduced in the US Senate would strengthen federal sentences for cybercriminals, up to life imprisonment depending on the severity of the crime. (CyberScoop)
- Ecuador’s state legislature was hit by two cyberattacks attempting to breach confidential information, just one week after the country held its general election. (TheRecord)
- Several US states have blocked the use of Chinese AI service DeepSeek on government devices, including Texas, New York State and Virginia. Texas’ attorney general is investigating DeepSeek’s links to the CCP. (The Record)
- Ukraine will struggle to counter Russian cyber-disinformation campaigns without US support, said the head of cyber and information security at Ukraine’s National Security and Defense Council. (TheRecord)
- Around 7,000 people have been rescued from illegal cyber scam hubs in Myanmar, as part of efforts to combat cyber scams in the region. Many victims of human trafficking in the region are forced to run romance fraud and cryptocurrency scams. (TheRecord)
🎙️ Expert Insights: Latest From Us
Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.
- IRONSCALES CEO Eyal Benishti On The Next Generation Of Phishing: AI Powered Deepfakes
- NinjaOne’s Josh Schofield On Scaling RMMs With Automation and AI
- What is the Best Framework for Vulnerability Management?
That’s all for this week! 👋
Do you have any stories to share with Expert Insights? Please let us know.
Contact [email protected]
Expert Insights’ Cybersecurity Resources
- The Top RMM Solutions For MSPs
- The Top Mobile Device Management (MDM) Solutions
- The Top Email Security Solutions For Office 365
- The Top Email Security Gateways
- The Top Multi-Factor Authentication (MFA) Solutions For Business
- The Top Phishing Protection Solutions
- The Top Cyber Threat Intelligence Solutions
