It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

🔐 Cybersecurity Threats & Vulnerabilities

The latest cybersecurity developments highlight ongoing threats and vulnerabilities across various sectors.

• 🚨 A Microsoft MFA outage is preventing users from accessing Microsoft 365 apps. (Published on 1/13/2025, BleepingComputer). Read More

• 🛑 Over 4,000 web backdoors were hijacked by registering expired domains, exposing compromised systems to further risks. (Published on 1/12/2025, The Hacker News). Read More

• 🕵️‍♂️ A fake PoC exploit for an LDAP vulnerability is spreading infostealer malware. (Published on 1/13/2025, SecurityWeek). Read More

• 🔥 Microsoft has released a record-breaking 159 security patches, including eight zero-days. (Published on 1/14/2025, Dark Reading). Read More

• 🔓 A Google OAuth flaw allows attackers to hijack credentials using domains from failed startups. (Published on 1/14/2025, The Hacker News). Read More

• 🦠 Hackers leaked VPN credentials and configurations for 15,000 FortiGate devices on the dark web. (Published on 1/15/2025, BleepingComputer). Read More

• 🔑 A UEFI Secure Boot vulnerability could allow attackers to install bootkits, despite a recent patch. (Published on 1/16/2025, The Hacker News). Read More

🏛 Regulatory Actions & Privacy Concerns

Governments and advocacy groups are stepping up efforts to enforce cybersecurity and privacy regulations.

• ⚖️ Texas is suing Allstate for unlawfully tracking and selling driving data from 45 million Americans. (Published on 1/14/2025, BleepingComputer). Read More

• 🛡️ The FCC has ordered telecoms to improve security after last year’s Salt Typhoon cyberattacks. (Published on 1/17/2025, BleepingComputer). Read More

• 🏢 An Austrian privacy group is suing TikTok, AliExpress, and others over illicit data transfers to China. (Published on 1/16/2025, The Hacker News). Read More

• 🚗 GM faces a potential ban on selling driver data that insurers could use to raise rates. (Published on 1/17/2025, Ars Technica). Read More

• 🇺🇸 Industry leaders react to President Biden’s latest cybersecurity executive order. (Published on 1/17/2025, SecurityWeek). Read More

🎭 Cybercrime & Emerging Attack Techniques

Cybercriminals continue to refine their tactics, exploiting vulnerabilities in both technology and human behavior.

• 💳 Label giant Avery suffered a data breach, exposing customers’ credit card details. (Published on 1/15/2025, BleepingComputer). Read More

• 🎯 Attackers hijacked Google advertiser accounts to spread malware through malicious ads. (Published on 1/15/2025, Dark Reading). Read More

• 🔮 The rise of MFA failures and AI-powered attacks is worsening authentication security. (Published on 1/16/2025, BleepingComputer). Read More

🛠 Cybersecurity Trends & Insights

Insights into emerging security challenges and best practices for protecting digital infrastructure.

• 🏗️ Open-source software remains a primary target for supply chain attacks, posing ongoing risks. (Published on 1/15/2025, SecurityWeek). Read More

• 🤖 CISA’s new AI playbook aims to improve threat intelligence sharing for AI-related cyber risks. (Published on 1/16/2025, Dark Reading). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!