top of page
Untitled design.png

Weekly INK

Each week we compile an advisory on the latest threats, trends and newsworthy topics from the cyber security industry affecting small and medium enterprises. Join our subscribers below and help us prevent cybersecurity breaches.

watermark4.png

Issue #131 - January 6, 2025

36 Chrome Extensions Compromised in Supply Chain Attack

Source: Data Breach Today

A supply chain attack that subverted legitimate Google Chrome browser extensions is more widespread than security researchers first suspected. Researchers have identified three dozen Chrome extensions, collectively used by 2.6 million people, into which an attacker injected data-stealing malware.




New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy

Source: The Hacker News

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela.




2 HIPAA Business Associates Pay HHS Ransomware Settlements

Source: Data Breach Today

A Massachusetts firm that provides billing and other services to home health agencies and a Virginia-based data hosting and cloud provider are the latest companies paying federal regulators settlements. Federal regulators levied a total of $170,000 in fines and required corrective action following investigations into ransomware breaches.




SonicWall urges admins to patch exploitable SSLVPN bug immediately

Source: Bleeping Computer

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation.”




Hacking Group 'Silk Typhoon' Linked to US Treasury Breach

Source: Dark Reading

The Chinese threat actor group known as "Silk Typhoon" has been linked to the December 2024 hack on an agency that's part of the US Department of the Treasury. In the breach, the threat actors were able to use a stolen Remote Support SaaS API key through third-party cybersecurity vendor BeyondTrust to steal data from workstations in the Office of Foreign Assets Control (OFAC).



48 views

Help us Prevent Breaches.

We will never share or sell your information. Unsubscribe at any time.

Email: *

Received.

bottom of page