It's been a busy week in cybersecurity and time for a Friday Wrap Up. Here are some of the interesting stories from this past week.

Threat Actors and Malware

• 🎯 Lazarus Group targets the nuclear industry using CookiePlus malware. Critical threat intelligence updates shared by Kaspersky. (Published on 12/23/2024, Hackread). Read More

• 🐱 Iran’s Charming Kitten deploys BellaCPP, a C++ variant of the BellaCiao malware, increasing its attack sophistication. (Published on 12/25/2024, The Hacker News). Read More

• ☁️ Cloud Atlas uses VBCloud malware in phishing campaigns, with over 80% of victims in Russia. (Published on 12/27/2024, The Hacker News). Read More

Data Breaches and Cyberattacks

• 🏥 Health care giant Ascension reports a cyberattack affecting 5.6 million patients, disrupting emergency services. (Published on 12/23/2024, Ars Technica). Read More

• 💰 North Korean hackers steal $308M in Bitcoin from DMM Bitcoin in a targeted cryptocurrency heist. (Published on 12/24/2024, The Hacker News). Read More

• 🔓 Researchers uncover a Dark Web operation selling stolen identities with matching biometrics to bypass KYC systems. (Published on 12/26/2024, Hackread). Read More

• 🌊 U.S. water utilities are facing a rising number of cyberattacks from diverse threat actors. (Published on 12/27/2024, Dark Reading). Read More

Vulnerabilities and Exploits

• ⚠️ Postman workspaces leak 30,000 API keys and sensitive tokens, exposing businesses to severe risks. (Published on 12/24/2024, Hackread). Read More

• 🔧 Apache warns of critical vulnerabilities in MINA, HugeGraph, and Traffic Control, urging updates. (Published on 12/26/2024, BleepingComputer). Read More

• 🧩 Chrome extensions hijacked to steal user data in a coordinated attack affecting thousands. (Published on 12/27/2024, BleepingComputer). Read More

Legal and Policy Developments

• ⚖️ U.S. court finds NSO Group liable for WhatsApp hacks, ruling it violated federal hacking laws. (Published on 12/23/2024, BleepingComputer). Read More

Cyber Awareness and Best Practices

• 🎁 Share cybersecurity tips with loved ones this holiday season to prevent online threats. (Published on 12/25/2024, TechCrunch). Read More

• 🔍 Beware of SEO poisoning—cybercriminals exploiting search engine rankings to spread malware. (Published on 12/25/2024, Hackread). Read More

Ransomware and Threat Groups

• 💣 Cl0p ransomware group reveals over 60 victims in Cleo attack, affecting major companies. (Published on 12/26/2024, SecurityWeek). Read More

Industry Insights

• 🔑 "Zero trust" needs stronger testing to address gaps in cybersecurity frameworks. (Published on 12/24/2024, Dark Reading). Read More

Stay informed and secure in the tech and cybersecurity world. Have a great weekend, and remember to patch and protect your systems!