Friday, January 31st, 2025
Cybersecurity Week in Review (31/01/25)
DeepSeek halts new signups amid “large-scale” cyberattack
Chinese AI platform DeepSeek has disabled registrations on its DeepSeek-V3 chat platform due to an ongoing “large-scale” cyberattack targeting its services.
DeepSeek is a relatively new AI platform that has quickly gained attention over the past week for its development and release of an advanced AI model that allegedly matches or outperforms the capabilities of US tech giant’s models at significantly lower costs.
Threat of cyber-attacks on Whitehall ‘is severe and advancing quickly’, NAO says
The threat of potentially devastating cyber-attacks against UK government departments is “severe and advancing quickly”, with dozens of critical IT systems vulnerable to an expected regular pattern of significant strikes, ministers have been warned.
PayPal to pay $2 million settlement over 2022 data breach
New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state’s cybersecurity regulations, leading to a 2022 data breach.
TalkTalk investigates breach after data for sale on hacking forum
UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum.
API Supply Chain Attack Exposes Millions of Airline Users Accounts to Hackers
A vulnerability in a third-party travel service API has exposed millions of airline users to potential account takeovers, enabling attackers to exploit airline loyalty points and access sensitive personal information.
Source: https://cybersecuritynews.com/api-supply-chain-oauth-redirects/
Engineering giant Smiths Group discloses security breach
London-based engineering giant Smiths Group disclosed a security breach after unknown attackers gained access to the company’s systems.
Smiths is a British multinational listed on the London Stock Exchange that employs more than 15,000 people in over 50 countries. It also provides products to customers in the energy, safety, security, aerospace, and defense markets and reported £3,132 million in revenue last year.
PowerSchool starts notifying victims of massive data breach
Education software giant PowerSchool has started notifying individuals in the U.S. and Canada whose personal data was exposed in a late December 2024 cyberattack.
Though this is a step forward, the company has still not officially disclosed the exact number of individuals impacted by the security incident.
UnitedHealth now says 190 million impacted by 2024 data breach
UnitedHealth has revealed that 190 million Americans had their personal and healthcare data stolen in the Change Healthcare ransomware attack, nearly doubling the previously disclosed figure.
Hellcat Ransomware Attacking Organization In Raas Model With Affiliates
A significant threat in the cybersecurity landscape has emerged, dubbed Hellcat, a new ransomware group.
This ransomware group leverages a Ransomware-as-a-Service (RaaS) model to target critical sectors such as government, education, and energy.
Source: https://cybersecuritynews.com/hellcat-ransomware-attacking-organization/
FleshStealer, A New Infostealer Attacking Chrome & Mozilla Users
A new strain of information-stealing malware, dubbed FleshStealer, has emerged as a significant threat to internet users worldwide.
Source: https://cybersecuritynews.com/fleshstealer-a-new-infostealer/
Contact Us
The data you supply here will not be added to any mailing list or given to any third party providers without further consent. View our Privacy Policy for more information.