top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #130 - December 30, 2024

Massive healthcare breaches prompt US cybersecurity rules overhaul

Source: Bleeping Computer

The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to enhance the security of patient health data. These changes aim to address a surge in healthcare data breaches and cyberattacks, including ransomware incidents. The proposed rules would require healthcare organizations to encrypt protected health information, implement multifactor authentication, and segment networks to prevent lateral movement by attackers.




US Treasury Department breached through remote support platform

Source: Bleeping Computer

Chinese state-sponsored threat actors breached the U.S. Treasury Department by exploiting vulnerabilities in a remote support platform provided by BeyondTrust. The department was informed of the breach on December 8, 2024, and has classified it as a major cybersecurity incident. BeyondTrust identified two zero-day vulnerabilities, CVE-2024-12356 and CVE-2024-12686, which the attackers used to gain unauthorized access.




Dozens of Chrome Browser Extensions Hijacked by Data Thieves

Source: Infosecurity Magazine

In late December 2024, a significant cybersecurity incident emerged involving the hijacking of at least 36 Google Chrome browser extensions, potentially compromising the data of approximately 2.6 million users. The attack was first detected when the extension for cybersecurity startup Cyberhaven was compromised following a phishing attack on December 24.




US Issues Final Rule for Protecting Personal Data Against Foreign Adversaries

Source: Security Week

The U.S. Department of Justice (DoJ) has issued a final rule implementing Executive Order 14117, aimed at mitigating the risks associated with foreign adversaries accessing and exploiting Americans' sensitive personal data. This rule targets countries such as China, Russia, North Korea, Iran, Cuba, and Venezuela, as well as specific individuals and entities classified as 'covered persons'.




Cisco Confirms Authenticity of Data After Second Leak

Source: Security Week

Cisco has confirmed that 4 gigabytes of data leaked by a hacker are authentic and pertain to a previously disclosed security incident. The hacker, known as IntelBroker, had earlier claimed to have obtained 800 gigabytes of files from Cisco's DevHub environment, which serves as a resource center providing source code, scripts, and other content to customers.



101 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page