News: Six password takeaways from the updated NIST cybersecurity framework
| Password security is changing — and updated guidelines from the National Institute of Standards and Technology (NIST) reject outdated practices in favor of more effective protections. |  |
Apple: Security Compliance Monitoring: Best Practices
 |
In this blog, we discuss the real-world need for actively monitoring endpoints for compliance as part of a holistic cybersecurity plan. Also, best practices are outlined, as well as deeper dives into other crucial aspects that impact the success of your compliance monitoring program. |
Crime: Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals’ Data
| Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. |  |
Cyber Savvy AI Antics |
 |
|
News: Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok
| In a historic decision, Romania’s constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. |  |
News: Microsoft 365 outage takes down Office web apps, admin center
 |
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. |
News: Cybercrime Gangs Abscond With Thousands of Orgs’ AWS Credentials
| The Nemesis and ShinyHunters attackers scanned millions of IP addresses to find exploitable cloud-based flaws, though their operation ironically was discovered due to a cloud misconfiguration of their own doing. |  |
AI: Scottish Parliament TV at Risk From Deepfakes
 |
Because the streaming service website offers no content restrictions, attackers are able to hijack and manipulate live streams. |
News: 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
| A now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials. |  |
Scam: New Investment Scam Leverages AI, Social Media Ads to Target Victims Worldwide
 |
Cybersecurity researchers are calling attention to a new kind of investment scam that leverages a combination of social media malvertising, company-branded posts, and artificial intelligence (AI) powered video testimonials featuring famous personalities, ultimately leading to financial and data loss. |
News: US considers banning TP-Link routers over cybersecurity risks
| The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. that are active right now. |  |
Crime: Bank of America: Cybercrime Could Be ‘World’s Third-Largest Economy’
 |
The cost of cyberattacks is reportedly growing alongside the increases in digitization and artificial intelligence (AI). |
News: Top 10 Cybersecurity Trends to Expect in 2025
| The 2025 cybersecurity landscape is increasingly complex, driven by sophisticated cyber threats, increased regulation, and rapidly evolving technology. In 2025, organizations will be challenged with protecting sensitive information for their customers while continuing to provide seamless and easy user experiences. Here’s a closer look at ten emerging challenges and threats set to shape the coming year. |  |
News: Managing Threats When Most of the Security Team Is Out of the Office
 |
During holidays and slow weeks, teams thin out and attackers move in. Here are strategies to bridge gaps, stay vigilant, and keep systems secure during those lulls. |
MSFT: Microsoft fixes bug behind random Office 365 deactivation errors
| Microsoft has rolled out a fix for a known issue that causes random “Product Deactivated” errors for customers using Microsoft 365 Office apps. |  |
News: New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
 |
The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks. |
Vulnerability Vortex
7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now
| A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users’ computers when extracting malicious files from nested archives. |  |
SonicWall Urges Immediate Patch for Critical CVE-2025-23006 Flaw Amid Likely Exploitation
 |
SonicWall is alerting customers of a critical security flaw impacting its Secure Mobile Access (SMA) 1000 Series appliances that it said has been likely exploited in the wild as a zero-day. |
U.S. CISA adds SonicWall SMA1000 flaw to its Known Exploited Vulnerabilities catalog
| U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds SonicWall SMA1000 vulnerability to its Known Exploited Vulnerabilities catalog. |  |
Hackers use Windows RID hijacking to create hidden admin account
 |
A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. |
Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer
| Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.