News: When Good Extensions Go Bad: Takeaways from the Campaign Targeting Browser Extensions
| News has been making headlines over the weekend of the extensive attack campaign targeting browser extensions and injecting them with malicious code to steal user credentials. Currently, over 25 extensions, with an install base of over two million users, have been found to be compromised, and customers are now working to figure out their exposure. |  |
HIPAA: New HIPAA Rules Mandate 72-Hour Data Restoration and Annual Compliance Audits
 |
The United States Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) has proposed new cybersecurity requirements for healthcare organizations with an aim to safeguard patients’ data against potential cyber attacks. |
News: What Security Lessons Did We Learn in 2024?
| Proactive defenses, cross-sector collaboration, and resilience are key to combating increasingly sophisticated threats. |  |
Cyber Savvy AI Antics |
 |
| Finish the following joke in 3 different ways…”A cybersecurity professional and a business executive walk into a bar….”
1. The Realistic Ending: 2. The Technical Ending: 3. The Dark Humor Ending: |
News: Over 3.1 million fake “stars” on GitHub projects used to boost rankings
| GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories, helping them reach more unsuspecting users. |  |
News: New “DoubleClickjacking” Exploit Bypasses Clickjacking Protections on Major Websites
 |
Threat hunters have disclosed a new “widespread timing-based vulnerability class” that leverages a double-click sequence to facilitate clickjacking attacks and account takeovers in almost all major websites. |
AI: 6 AI-Related Security Trends to Watch in 2025
| AI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks. |  |
News: Selling fear: Marketing for cybersecurity products often leaves consumers less secure
 |
Scare tactics might help sell security products, but they can actually make you less safe. |
News: AI-generated phishing emails are getting very good at targeting executives
| Hyper-personalized emails use “an immense amount” of scraped data. |  |
News: Bad Tenable plugin updates take down Nessus agents worldwide
 |
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. |
Windows: Windows 10 users urged to upgrade to avoid “security fiasco”
| Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a “security fiasco” as the 10-year-old operating system nears the end of support in October 2025. |  |
News: Farewell to the Fallen: The Cybersecurity Stars We Lost Last Year
 |
It’s time once again to pay our respects to the once-famous cybersecurity solutions whose usefulness died in the past year. The cybercriminal world collectively mourns the loss of these solutions and the easy access they provide to victim organizations. These solutions, though celebrated in their prime, succumbed to the twin forces of time and advancing threats. Much like a tribute to celebrities lost in the past year, this article will look back at a few of cybersecurity’s brightest stars that went dark in the past year. |
News: Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
| Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to resonate with decision-makers. The result? Clients who struggle to understand the value of your work and remain uncertain about their security posture. |  |
News: A Novel Paypal Phishing Campaign Hijacks Accounts
 |
Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. |
News: Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
| No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. |  |
News: The $10 Cyber Threat Responsible for the Biggest Breaches of 2024
 |
You can tell the story of the current state of stolen credential-based attacks in three numbers. |
Vulnerability Vortex
Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score
| Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. |  |
Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104
 |
Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. |
Netgear warns users to patch critical WiFi router vulnerabilities
| Netgear has fixed two critical vulnerabilities affecting multiple WiFi router models and urged customers to update their devices to the latest firmware as soon as possible. |  |
Apple fixes zero-day exploited in ‘extremely sophisticated’ attacks
 |
Apple has released emergency security updates to patch a zero-day vulnerability that the company says was exploited in targeted and “extremely sophisticated” attacks. |
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw
| Over twelve thousand GFI KerioControl firewall instances are exposed to a critical remote code execution vulnerability tracked as CVE-2024-52875. |  |
Microsoft’s Patch Tuesday Fixes 63 Flaws, Including Two Under Active Exploitation
 |
Microsoft on Tuesday released fixes for 63 security flaws impacting its software products, including two vulnerabilities that it said has come under active exploitation in the wild. |
Adobe Plugs 45 Software Security Holes, Warns of Code Execution Risks
| Patch Tuesday: Adobe patches 45 vulnerabilities across multiple products and warns of remote code execution exploitation risks |  |
Read also
Welcome to v062 : Roses are red, violets are blue, cyber-hackers are waiting for you
Welcome to v061 : New Year’s Resolution: Strengthen Cybersecurity, Protect Missions.
About Us
Developing cybersecurity plans, evaluating and implementing technology, building effective software, and executing strategic initiatives.