January 2025: Recent Cyber Attacks, Data Breaches, Ransomware Attacks
What do an open-source toolkit, a cannabis product supplier, a Chinese AI startup, and a UK telecom giant have in common? While they operate in vastly different industries, they all found themselves in the crosshairs of cybercriminals. January 2025 has already seen major data breaches, operational disruptions, and even healthcare service interruptions—proving once again that no organization is immune to cyber threats.
Key Cybersecurity Events in January 2025
This month, the cybersecurity landscape has been shaped by:
🔹 Ransomware Attacks crippling businesses and critical infrastructure
🔹 Major Data Breaches compromising millions of sensitive records
🔹 Targeted Cyber Attacks affecting global enterprises across industries
🔹 New Malware & Ransomware Variants leveraging AI-driven tactics
🔹 Security Vulnerabilities & Patch Releases addressing evolving threats
🔹 Threat Intelligence Reports & Advisories providing key insights
Cyber Resilience: The Top Business Priority in 2025
Cybersecurity is no longer just an IT issue—it’s a core business priority. With AI-powered cyber threats becoming more sophisticated, organizations must move beyond prevention and embrace resilience. Being prepared to detect, respond, and recover from cyber incidents is now essential for business continuity.
How to Strengthen Your Cyber Defenses
While cyber threats are inevitable, proactive defense strategies can significantly minimize risk. If the recent surge in cyber incidents has raised concerns, it’s time to take action.
At Synergy IT Cybersecurity Solutions, we help businesses build and sustain cyber resilience through:
✔ Cyber Incident Planning & Response – NCSC Assured Training Programs
✔ Incident Response Playbooks – Structured frameworks for rapid action
✔ Cybersecurity Tabletop Exercises – Over 400 delivered to enhance readiness
✔ Executive Cybersecurity Training – Equipping leadership with strategic defense skills
✔ Virtual Cyber Consultancy & Trusted Advisory Services – Ongoing expert support
Ransomware Attacks in January 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| January 02, 2025 | Atos | Atos, contractor for French military and intelligence agencies, dismisses ransomware attack claims | Space Bears | A ransomware group calling itself Space Bears, named Atos on its darknet site on December 28 alongside a pledge to publish data pilfered from the company on January 8. Atos responded to the criminal’s claim by stating it “takes such allegations very seriously” and that its cybersecurity team was “actively investigating the situation.” The company said its “initial analysis shows no evidence of any compromise or ransomware affecting any Atos/Eviden systems in any country, and no ransom demand has been received to-date.” | Atos Ransomware Attack Incident |
| January 08, 2025 | Casio | Casio warns employees, customers about data leak from October ransomware attack | Underground ransomware | Thousands of employees, customers and business partners of Japanese electronics manufacturer Casio had data stolen during a ransomware attack in October. In a notice, Casio provided a post-mortem on the attack, explaining that 6,456 employees, 1,931 business partners and 91 customers were impacted by the ransomware incident last fall. | Source: The Record |
| January 13, 2025 | OneBlood | OneBlood confirms personal data stolen in July ransomware attack | Unknown | Blood-donation not-for-profit OneBlood confirmed that donors’ personal information was stolen in a ransomware attack last summer. OneBlood first notified the public about the attack on July 31, 2024, noting that ransomware actors had encrypted its virtual machines, forcing the healthcare organization to fall back to using manual processes. | OneBlood Ransomware Attack Update |
| January 29, 2025 | ENGlobal Corporation | Ransomware attack kept major energy industry contractor out of some systems for 6 weeks | Unknown | Officials at a large energy industry and federal government contractor were locked out of company financial systems for six weeks due to a recent ransomware attack. ENGlobal Corporation revealed the extended disruptions in an update to the U.S. Securities and Exchange Commission as the Oklahoma-based firm warned that the incident also involved the threat actor’s access to a portion of the Company’s IT system that contained sensitive personal information. | Source: The Record |
| January 29, 2025 | Frederick Health Medical Group | Maryland healthcare network forced to shut down IT systems after ransomware attack | Unknown | A ransomware attack on a large healthcare network in Maryland has forced officials to shut off IT systems and cancel some appointments as Frederick Health Medical Group warned that there will be delays in service as it contends with the cyber attack. | Source: The Record |
| January 30, 2025 | The New York Blood Center (NYBC) | Ransomware attack disrupts New York blood donation giant | Unknown | The New York Blood Center (NYBC), one of the world’s largest independent blood collection and distribution organisations, said a ransomware attack forced it to reschedule some appointments as it detected the attack after noticing suspicious activity on its IT systems over the weekend, on January 26. The attack came days after NYBC announced a blood emergency after a nearly 30% drop in blood donations that led to 6,500 fewer donations and “crippled the region’s blood supply.” | Source: Bleeping Computer |
| January 30, 2025 | Tata Technologies | Indian tech giant Tata Technologies hit by ransomware attack | Unknown | Tata Technologies said it had to suspend some of its IT services following a ransomware attack that impacted the company network. The company said in a notification to India’s national stock exchange that the ransomware attack has temporarily affected IT assets that now have been restored. Client delivery services remained fully operational through the cyber attack, though, causing no impact on customer operations. | Source: Bleeping Computer |
Data Breaches in January 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| January 05, 2025 | Charter and Windstream networks | Chinese hackers breached Charter and Windstream networks | Salt Typhoon | Chinese hackers have breached the systems of Charter Communications, Consolidated Communications, and Windstream. | Source: Bleeping Computer |
| January 06, 07 2025 | The U.N.’s International Civil Aviation Organization (ICAO) | UN aviation agency ‘actively investigating’ cybercriminal’s claimed data breach | The threat actor known as “Natohub” on the hacking forum BreachForums-2 | The U.N.’s International Civil Aviation Organization (ICAO) announced that it was “actively investigating reports of a potential information security incident” following a criminal claim to have breached the agency. The threat actor known as “Natohub” on the hacking forum BreachForums 2 has compromised 42,000 documents from ICAO containing personal data. According to Natohub, the ICAO personal records include full names, dates of birth, physical and email addresses, phone numbers, and details about the individuals’ education history and employment. The International Civil Aviation Organization (ICAO), a part of the United Nations, confirmed a hack of its recruitment systems involving the compromise of more than 40,000 records containing personal information. | Source: The Record |
| January 07 and 22, 2025 | PowerSchool | PowerSchool hack exposes student, teacher data from K-12 districts | Unknown | PowerSchool has confirmed that the stolen data primarily contains contact details such as names and addresses. However, for some districts, it could also include Social Security numbers (SSNs), personally identifiable information (PII), medical information, and grades. The hacker claimed in an extortion demand that they stole the personal data of 62.4 million students and 9.5 million teachers. | Source: Bleeping Computer |
| January 07, 2025 | American football team Green Bay Packers | Thousands of credit cards stolen in Green Bay Packers store breach | Unknown | American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. In breach notification letters sent to affected individuals this week, the National Football League (NFL) team said it immediately disabled all checkout and payment capabilities after being notified on October 23 that the packersproshop.com website was breached. While the letters didn’t share the number of impacted customers, the football team said in documents filed with Maine’s Attorney General on Monday that the incident affected 8,514 people. | Source: Bleeping Computer |
| January 07, 2025 | Medical billing company Medusind | Medical billing firm Medusind discloses breach affecting 360,000 people | Unknown | Medusind, a leading billing provider for healthcare organisations, notified hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. In the Maine filing, the company revealed that the December 2023 breach affected the personal and health information of 360,934 individuals. | Source: Bleeping Computer |
| January 08, 2025 | BayMark Health Services | Largest US addiction treatment provider notifies patients of data breach | Unknown | BayMark Health Services, North America’s largest provider of substance use disorder (SUD) treatment and recovery services, notified an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. In data breach notification letters mailed to affected individuals, BayMark revealed that it learned of the breach on October 11, 2024, following an IT systems disruption. A follow-up investigation revealed that the attackers accessed BayMark’s systems between September 24 and October 14. | Source: Bleeping Computer |
| January 09, 2025 | Russian government land record agency, Rosreestr | Hackers claim breach of Russian property agency, leak personal data | Silent Crow | A hacker group known as Silent Crow has claimed responsibility for breaching Rosreestr, the Russian government agency responsible for managing property and land records. The group, which created a Telegram channel in December, released a portion of a database containing sensitive personal data of Russian citizens, including names, dates of birth, addresses, phone numbers, and insurance account numbers. While Rosreestr has denied the breach, claiming its systems were not compromised, it has launched an investigation into the hackers’ claims. Russian investigative journalists at Agentstvo news reviewed leaked data and confirmed the authenticity of some of the personal details, including matching property addresses. | Data breach attack on Russian land record agency, Rosreestr |
| January 09, 2025 | The Committee on Foreign Investment in the US (CFIUS) | Chinese hackers breached US government office that assesses foreign investments for national security risks | Silk Typhoon | Chinese hackers breached the US government office that reviews foreign investments for national security risks, three US officials familiar with the matter told CNN. The breach was part of a broader incursion by the hackers into the Treasury Department’s unclassified system. The office targeted by the hackers, the Committee on Foreign Investment in the US (CFIUS), in December gained greater authority to scrutinize real estate sales near US military bases. | Source: CNN |
| January 10, 2025 | Telefonica Ticketing System | Infostealer Infections Lead to Telefonica Ticketing System Breach | Hellcat ransomware group | Information stealer malware allowed threat actors to compromise the credentials of multiple Telefonica employees and access the telecommunication giant’s internal ticketing system. The data breach came to light, after members of the Hellcat ransomware group (which previously claimed the attack on Schneider Electric) boasted on the BreachForums cybercrime forum about stealing customer data, ticket data, and thousands of files from the Spain-based telecom company. | Source: Security Week |
| January 12, 2025 | UK domain registry Nominet | UK domain registry Nominet confirms breach via Ivanti zero-day | Unknown | Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability-CVE-2025-0282. | Source: Bleeping Computer |
| January 15, 2025 | Label giant Avery | Label giant Avery says website hacked to steal credit cards | Unknown | Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers’ credit cards and personal information. Following an internal investigation by digital forensic experts, it was discovered that threat actors had planted a card skimmer on ‘avery.com,’ the company’s online shop domain, on July 18, 2024. As a result, sensitive payment information customers inputted on Avery’s website between July 18, 2024, and December 9, 2024, were exfiltrated to the threat actors. | Source: Bleeping Computer |
| January 15, 2025 | Wolf Haldenstein law firm | Wolf Haldenstein law firm says 3.5 million impacted by data breach | Unknown | Wolf Haldenstein Adler Freeman & Herz LLP (“Wolf Haldenstein”) reported that it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. | Source: Bleeping Computer |
| January 17, 2025 | Otelier | Otelier data breach exposes info, hotel reservations of millions | Unknown | Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests’ personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. | Source: Bleeping Computer |
| January 20, 2025 | Hewlett Packard Enterprise (HPE) | HPE investigates breach as hacker claims to steal source code | IntelBroker | Hewlett Packard Enterprise (HPE) investigated claims of a new breach after a threat actor said they stole documents from the company’s developer environments. IntelBroker, who announced the sale of information allegedly stolen from HPE’s networks, claimed they had access to the company’s API, WePay, and (private and public) GitHub repositories for at least two days and stole certificates (private and public keys), Zerto and iLO source code, Docker builds, and old user personal information used for deliveries. | Source: Bleeping Computer |
| January 26, 2025 | TalkTalk | TalkTalk investigating data breach after hacker claims theft of customer data | An individual using the alias “b0nd” | U.K. telecom giant TalkTalk has confirmed that it is investigating a data breach after a hacker claimed to have stolen the personal information of millions of customers. In a post on a popular cybercrime forum seen by TechCrunch, an individual using the alias “b0nd” claimed to have stolen the personal data of more than 18.8 million current and former TalkTalk subscribers. This data, which the threat actor is offering for sale, supposedly includes customer names, email addresses, IP addresses, phone numbers, and subscriber PINs. TalkTalk spokesperson Liz Holloway confirmed the company is investigating the data breach, but said the 18.8 million figure claimed by the hacker is “wholly inaccurate and very significantly overstated.” | Source: Tech Crunch |
| January 28, 2025 | Matagorda County’s Emergency Operation Center | Texas county issues disaster declaration following cyber attack | Unknown | Matagorda County’s Emergency Operation Center published a statement warning that a cybersecurity breach had been discovered “involving a virus that has affected several internal systems.” Matagorda County Judge Bobby Seiferman issued a declaration of disaster based on the security breach. | Source: The Record |
| January 28, 2025 | CenterPoint Energy | Texas utility firm investigating potential leak of customer data tied to 2023 MOVEit breach | Cl0p ransomware (MOVEit) | CenterPoint Energy confirmed it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during a 2023 breach. CenterPoint Energy said that it is aware of reports that customer data has been leaked after researchers uncovered a cybercriminal forum post with the information. | Source: The Record |
| January 30, 2025 | South African Weather Service (SAWS) | South Africa’s government-run weather service knocked offline by cyber attack | Unknown | A cyber attack has forced the government-run South African Weather Service (SAWS) offline, limiting access to a critical service used by the country’s airlines, farmers and allies. SAWS said its Information and Communication Technology (ICT) systems went down “following a security breach by criminal elements.” | Source: The Record |
| January 30, 2025 | Insurance giant Globe Life | Globe Life data breach may impact an additional 850,000 clients | Unknown | Insurance giant Globe Life finished the investigation into the data breach it suffered last June and says that the incident may have impacted an additional 850,000 customers. On June 13, 2024, the company discovered during a security review of its networks that it had been compromised by hackers who had gained unauthorised access to one of its web portals. | Source: Bleeping Computer |
| January 30, 2025 | Mizuno USA | Mizuno USA says hackers stayed in its network for two months | BianLian ransomware | Mizuno USA, a subsidiary of Mizuno Corporation, one of the world’s largest sporting goods manufacturers, confirmed in data breach notification letters that unknown attackers stole files from its network between August and October 2024. The information contained in the stolen files varies by impacted individual, and it may include the name, Social Security number, financial account information, driver’s license information, and passport number. | Source: Bleeping Computer |
| January 30, 2025 | Community Health Center (CHC) USA | US healthcare provider data breach impacts 1 million patients | Unknown | Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients of a data breach that impacted their personal and health data. CHC said in filing with Maine’s attorney general that unknown attackers gained access to its network in mid-October 2024, a breach discovered more than two months later, on January 2, 2025 as the threat actors stole files containing patients’ personal and health information belonging to 1,060,936 individuals. | Source: Bleeping Computer |
Cyber Attacks in January 2025
| Date | Victim | Summary | Threat Actor | Business Impact | Source Link |
| January 05, 2025 | Argentina’s airport security police (PSA) | Hackers reportedly compromise Argentina’s airport security payroll system | Unknown | Argentina’s airport security police (PSA) have fallen victim to a cyber attack that reportedly compromised the personal and financial data of its officers and civilian personnel. The threat actor gained access to PSA’s payroll records and deducted small amounts of money from employees’ salaries as the hacker listed these fraudulent deductions — ranging from 2,000 to 5,000 pesos ($100 to $245) — under false labels, such as “DD mayor” and “DD seguros.” | Source: The Record |
| January 05, 2025 | South Portland Public Schools in Maine and Rutherford County Schools | Cyber attacks hit Maine, Tennessee school districts | Unknown | At least two U.S. school districts (South Portland Public Schools in Maine and Rutherford County Schools) suffered from cyber attacks over the Christmas and New Years holidays, continuing an annual trend of hackers targeting K-12 schools and colleges during periods when IT staffing is at its lowest. South Portland Public Schools in Maine said it was forced to take its network down after a cyber attack was discovered, and Rutherford County Schools said on December 27 that it had been dealing with a “network and systems disruption” since November 25. | Source: The Record |
| January 07, 2025 | Russian internet provider Nodex | Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers | Ukrainian Cyber Alliance | Russian internet provider Nodex reported that its network had been ruined in a cyber attack, which it suspects originated from Ukraine. The company said the “planned” attack “destroyed” its infrastructure overnight as it added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume. | Source: The Record |
| January 08, 2025 | Winston-Salem, North Carolina | Some Winston-Salem city services knocked offline by cyber attack | Unknown | Winston-Salem, North Carolina, residents are not able to pay their utility bills online after a post-Christmas cyber attack knocked the city’s systems offline. City officials initially announced a cyber attack on December 30, telling residents that they discovered issues with their digital platforms one day after Christmas. The city said that out of an abundance of caution, certain city computer systems had been taken offline. | Source: The Record |
| January 09, 2025 | Office of Geodesy Cartography and Cadastre of the Slovak Republic (UGKK) | Slovakia Hit by Historic Cyber-Attack on Land Registry | A large-scale cyber-attack originating from outside Slovakia’s borders has hit the information system of the Office of Geodesy, Cartography and Cadastre of the Slovak Republic (UGKK). All systems have been shut down as a response to the incident. | Slovakia Land Registry (UGKK) cyber attack | |
| January 09, 2025 | Cannabis company Stiiizy | Cannabis company Stiiizy says hackers accessed customers’ ID documents | Everest ransomware group | Popular Los Angeles-based cannabis brand Stiiizy has confirmed that hackers accessed reams of sensitive customer data, including government-issued documents and medical cannabis cards, during a November cyber attack. | Stiiizy ransomware attack |
| January 22, 2025 | Conduent | Conduent confirms cyber attack after government agencies report outages | Unknown | Conduent has confirmed suffering disruptions due to a cyber attack after government agencies in multiple US states reported service outages. The Department of Children and Families in Wisconsin said that the incident impacted payments. Oklahoma Human Services also reported that a Conduent customer service line had been experiencing a technical outage. | Conduent cyber attack |
| January 23, 2025 | Phemex | Hackers steal $85 million worth of cryptocurrency from Phemex | Unknown | The Phemex crypto exchange suffered a massive security breach where threat actors stole over $85 million worth of cryptocurrency. Following the cyberattack, the cryptocurrency exchange immediately suspended deposits and withdrawals and published proof of reserves for transparency. According to Phemex’s CEO, Federico Variola, the incident only impacted hot wallets while cold wallets remained safe. | Source: Bleeping Computer |
| January 27, 2025 | DeepSeek | DeepSeek halts new signups amid “large-scale” cyber attack | Unknown | Chinese AI platform DeepSeek has disabled registrations on its DeepSeek-V3 chat platform due to an ongoing “large-scale” cyber attack targeting its services. | Source: Bleeping Computer |
| January 28, 2025 | UK engineering firm Smiths Group | UK engineering firm Smiths Group hit by cyber attack | Unknown | British engineering firm Smiths Group said it is managing a cybersecurity incident that involved unauthorised access to its systems, and sent its shares down as much as 2.3% in early trade. | Source: Reuters |
New Ransomware/Malware Discovered in January 2025
| New Ransomware | Summary |
| FunkSec ransomware | Researchers have uncovered a new ransomware group that has claimed over 80 victims in just one month – more than any other threat actor in December. |
| FireScam malware | A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. |
| Eagerbee malware | New variants of the Eagerbee malware framework are being deployed against government organisations and internet service providers (ISPs) in the Middle East. |
| A new Mirai-based botnet | A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. |
Vulnerabilities/Patches Discovered in January 2025
| Date | New Flaws/Fixes | Summary |
| January 07, 2025 | CVE-2024-41713, CVE-2020-2883, CVE-2024-55550 | CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. |
| January 08, 2025 | CVE-2024-52875 | Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall products. |
| January 08, 2025 | CVE-2024-53704 | SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” |
| January 09, 2025 | CVE-2024-9138, CVE-2024-9140 | Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impacts various models of its cellular routers, secure routers, and network security appliances. |
| January 09, 2025 | CVE-2025-0282 and CVE-2025-0283 | IT software vendor Ivanti said that multiple customers have been affected by a new vulnerability being exploited by hackers. The bugs affect the company’s Connect Secure, Policy Secure and ZTA Gateways products – all of which are used widely across local and federal government agencies in the U.S. as well as internationally. |
| January 11, 2025 | CVE-2024-49113 | A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. |
| January 23, 2025 | CVE-2024-12084, CVE-2024-12085, CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, and CVE-2024-12747 | QNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices. |
| January 27, 2025 | CVE-2025-24085 | Apple has released security updates to fix this year’s first zero-day vulnerability, tagged as actively exploited in attacks targeting iPhone users. |
| January 28, 2025 | CVE-2024-57726, CVE-2024-57727, and CVE-2024-57728 | Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. |
| January 28, 2025 | CVE-2024-55417, CVE-2024-55416, CVE-2024-55415 | Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. |
| January 29, 2025 | CVE-2024-40891 | Hackers are exploiting a critical command injection vulnerability in Zyxel CPE Series devices that is currently tracked as CVE-2024-40891 and remains unpatched since last July. |
| January 29, 2025 | CVE-2024-41710 | A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. |
Warnings/Advisories/Reports/Analysis
| News Type | Summary |
| Report | The government of Rhode Island said the hackers behind a recent ransomware attack on several of the state’s digital platforms have leaked some of the data that was stolen from the platform last month. |
| Report | The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech for its involvement in cyber attacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. |
| Report | A Beijing-based cybersecurity company, Integrity Technology Group, has been sanctioned by the U.S. for its role in facilitating attacks conducted by a state-sponsored hacking group known for targeting critical infrastructure. |
| Report | A California man has sued three banks for alleged “willful blindness” in allowing criminals to open accounts used to steal nearly $1 million from him in a cryptocurrency investment scam. In his suit filed in the Central District of California on December 31, Liem accuses the financial institutions – Hong Kong-based Chong Hing Bank Limited and Fubon Bank Limited, as well as Singapore-based DBS Bank, which has a Los Angeles branch – of failing to conduct Know Your Customer anti-money laundering checks as required by the Bank Secrecy Act. |
| Report | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said that the Treasury Department breach disclosed last week did not impact other federal agencies. |
| Report | Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. |
| Report | Telegram revealed that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. |
| Report | Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. |
| Warning | CrowdStrike warned that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). |
| Report | Proton, which provides privacy-focused online services, said that a worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. Proton users reported that they couldn’t connect to their Proton VPN, Proton Mail, Proton Calendar, Proton Drive, Proton Pass, and Proton Wallet accounts. |
| Report | The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. |
| Report | Threat actors are employing a new tactic called “transaction simulation spoofing” to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. |
| Report | A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. |
| Report | The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Yin Kecheng, a Shanghai-based hacker for his role in the recent Treasury breach and a company associated with the Salt Typhoon threat group. |
| Report | Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. |
| Report | Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and installing malware that provides access to the company network. |
| Report | Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. |
| Warning | Cloudflare mitigated a record-breaking 5.6Tbps DDoS attack as security experts have warned of an increase in hyper-volumetric DDoS attacks designed to overwhelm networks, after revealing the largest such effort to date peaked at 5.6 Terabits per second (Tbps). |
| Report | Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. |
| Report | Security researchers have discovered an arbitrary account takeover flaw in Subaru’s Starlink service that could let attackers track, control, and hijack vehicles in the United States, Canada, and Japan using just a license plate. |
| Report | New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state’s cybersecurity regulations, leading to a 2022 data breach. |
| Report | UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure. |
| Report | The European Union sanctioned three hackers, part of Unit 29155 of Russia’s military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia’s government agencies in 2020. |
| Report | Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. |
| Report | MGM Resorts International agreed to pay $45 million to settle multiple class action lawsuits related to a data breach in 2019 and a ransomware attack the company experienced in 2023. |
| Report | A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. |
| Report | Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. |
Contact :
Synergy IT solutions Group
US : 167 Madison Ave Ste 205 #415, New York, NY 10016
Canada : 439 University Avenue, 5th Floor, Toronto, ON M5G 1Y8
US : +1(917) 688-2018
Canada : +1(905) 502-5955
Email :
info@synergyit.com
sales@synergyit.com
info@synergyit.ca
sales@synergyit.ca
Website : https://www.synergyit.ca/ , https://www.synergyit.com/
Comments
Post a Comment