FlagThis

A hastily set up email server by the US Government’s HR department has raised concerns about potential cyber disasters. This highlights the risks of inadequate planning and security measures when deploying new infrastructure. The use of a hastily set up email server could expose sensitive employee data, systems, and other critical US Government infrastructure to various cyber threats, including data breaches and espionage. This incident underscores the importance of robust security protocols and thorough risk assessments for all government IT projects.

UnitedHealth Group has confirmed a massive data breach, stemming from a ransomware attack on its subsidiary, Change Healthcare, in February 2024. This breach has impacted approximately 190 million Americans, nearly doubling the initial estimate, making it one of the largest healthcare data breaches in US history. This incident underscores the significant cybersecurity risks in the healthcare sector and the vulnerability of large healthcare organizations.

UK telco TalkTalk is investigating a potential data breach, after a threat actor offered the data of millions of its current and former customers on a cybercrime forum. The investigation is in progress, but the claims suggest a potential exfiltration of sensitive user data. This incident highlights the ongoing challenges of safeguarding user data in the telecommunications sector. The claims about data size might be overstated.

The fact that a threat actor is attempting to sell user data on a cybercrime forum is a big risk. The incident highlights the need for telcos to invest more into security practices. It also shows that customers are at risk of their data being exposed via a third party.

PowerSchool, a US-based education technology provider, experienced a massive data breach in December 2024, compromising sensitive personal information of students, teachers, and others. The breach is one of the largest to impact the education sector recently, highlighting the vulnerability of educational institutions to cyberattacks and the importance of data protection.

Threat actor IntelBroker has claimed responsibility for a breach of Hewlett Packard Enterprise (HPE), a major IT provider. The group allegedly gained access to sensitive data, including source code, certificates, and PII, which is now reportedly available for sale on the dark web. The extent of the data compromise and its potential impact on customers and partners requires further assessment.

PowerSchool, a provider of education software, has suffered a data breach impacting millions of students and educators. Hackers stole historical data by compromising customer support portal credentials. This has led to the exfiltration of sensitive information from school districts in the US and Canada, highlighting the serious risks in educational institutions and the need for stronger security measures.

The US Treasury Department sanctioned a Chinese cybersecurity firm, Sichuan Juxinhe, and a Shanghai-based hacker, Yin Kecheng, for their involvement in the Salt Typhoon cyberattacks. These attacks targeted major US telecom companies, compromising sensitive data and the US Treasury’s network, including systems used for sanctions and foreign investment reviews, and even impacted the computer of the outgoing Treasury Secretary Janet Yellen. This highlights the ongoing sophisticated cyber espionage campaigns from China targeting critical infrastructure and government entities within the US and globally. The sanctioned entities are directly linked to the Chinese Ministry of State Security (MSS), and used a combination of zero-day exploits and other techniques for infiltrating networks and exfiltrating data. The compromise of the Department of the Treasury’s network is considered a major breach, potentially impacting national security due to access to sensitive information.

The Chinese state-sponsored hacking group ‘Silk Typhoon’ has been linked to a significant breach of a US Treasury agency in December 2024, with further reports indicating they also compromised the Committee on Foreign Investment in the United States (CFIUS), which assesses national security risks associated with foreign investments. The attackers are suspected to have stolen sensitive information from both the Treasury and the CFIUS, which has raised significant concerns in the US government. This coordinated attack demonstrates a pattern of sophisticated cyber espionage activities by the Silk Typhoon group.

A zero-day vulnerability in Fortinet firewalls is being actively exploited by attackers. The flaw allows attackers to compromise systems with exposed interfaces. There is a mass exploitation campaign against Fortinet firewalls that peaked in December 2024. Fortinet has released a patch (CVE-2024-55591). It is suspected that the attackers may have been exploiting a zero-day vulnerability before the patch was released. Organizations using Fortinet firewalls are strongly advised to apply the patch as soon as possible.

A recent cyberattack on PowerSchool has resulted in the compromise of all historical student and teacher data. The breach has affected multiple US school districts, exposing highly sensitive personal information. The impacted data includes all student and teacher records stored within PowerSchool’s systems. This breach represents a significant risk to the privacy and security of student and teacher information.

General Motors and OnStar are banned from disclosing consumers’ geolocation and driver behavior data to consumer reporting agencies for five years. The FTC launched an investigation after reports that GM collected data about customers’ vehicle use and sold it to third-party platforms used by insurance companies without adequate consent, specifically from the OnStar Smart Driver program. GM has now stopped sharing sensitive information with data brokers and must take additional steps to increase transparency for its customers.

A new hacking group has leaked configuration files and VPN credentials for over 15,000 FortiGate devices. This includes full configuration dumps and VPN passwords, exposing sensitive technical information to other cybercriminals. The affected devices appear to be primarily Fortigate 7.x and 7.2.x devices. The data was likely collected using a zero day exploit in 2022 but just released in Jan 2025.