CybersecurityHQ News Roundup - January 7, 2025

News By Daniel Michan Published on January 7

Veracode Targets Malicious Code Threats with Phylum Acquisition

Veracode, a leader in software code analysis, has bolstered its defenses against software supply chain attacks by acquiring key assets from Phylum, a startup specializing in malicious package detection. Phylum’s technology will integrate into Veracode’s Software Composition Analysis (SCA) product, enhancing real-time identification and mitigation of threats in open-source libraries. With software supply chain attack costs expected to triple by 2031, this acquisition underscores Veracode’s proactive stance on security. Learn more.



Former NSA Director Rob Joyce Joins DataTribe as Venture Partner

Rob Joyce, former NSA director, has joined DataTribe as a venture partner to support early-stage cybersecurity startups. With extensive experience in cyber offense and defense, Joyce will guide DataTribe’s portfolio companies, including Dragos and Enveil, in developing innovative defense strategies. His role highlights the increasing influence of public-sector expertise in private cybersecurity initiatives. Explore the story.



Chinese Tech Giants Challenge U.S. Military Designations

The U.S. Department of Defense has added Tencent, CATL, and other Chinese companies to its military-linked list, barring them from federal procurement by 2026. Tencent and CATL dispute their inclusion, claiming no ties to China’s military. The controversy has sparked debate over global trade and tech sector impacts. Read the full report.



Dell, HPE, MediaTek Patch Critical Security Flaws

Tech giants Dell, HPE, and MediaTek issued critical security patches addressing vulnerabilities in their products. These flaws included remote code execution risks in MediaTek modems, privilege escalation issues in Dell’s Update Package Framework, and authentication bypass bugs in HPE’s SAN switches. Users are urged to apply updates immediately. Details here.



Washington Attorney General Sues T-Mobile Over 2021 Breach

Washington State AG Bob Ferguson is suing T-Mobile for allegedly failing to secure customer data, resulting in a 2021 breach impacting over 76 million records. The lawsuit claims T-Mobile neglected long-known vulnerabilities and misled customers about the breach’s severity. More info.



CISA: BeyondTrust Incident Limited to Treasury Department

CISA confirmed that only the U.S. Treasury was affected by a recent BeyondTrust breach involving a compromised API key. The attack, attributed to Chinese state-backed actors, exploited vulnerabilities in BeyondTrust’s Remote Support SaaS. Patch updates have since been deployed. Learn more.



Ransomware Tracker Logs 2,000 Critical Infrastructure Incidents

Temple University’s ransomware database now includes over 2,000 incidents targeting critical infrastructure since 2013. Key sectors include healthcare, education, and government. Analysts note a rise in ransom demands exceeding $5 million, reflecting the growing sophistication of attackers. Access the database.



Wallet Drainer Malware Causes $500M in Crypto Losses

Wallet drainer malware stole nearly $500 million from over 332,000 victims in 2024. These attacks, which surged in Q1, exploit phishing to steal crypto assets. Chainalysis reports $2.2 billion in total cryptocurrency thefts last year. Full story.



Code Execution Flaw Found in Nuclei Vulnerability Scanner

A vulnerability in the Nuclei scanner (CVE-2024-43405) allowed attackers to inject malicious templates, bypassing signature verification. The flaw has been patched in version 3.3.2. Organizations are advised to update and isolate scanning environments. Read more.



Cybersecurity M&A Roundup: December 2024 Sees 37 Deals

December 2024 recorded 37 cybersecurity M&A deals, including Cisco acquiring SnapAttack to enhance Splunk capabilities and Arctic Wolf buying Cylance for $160 million. Analysts anticipate increased M&A activity in 2025. Discover the full roundup.



Tesla's Privacy Spotlighted After Cybertruck Explosion

Tesla’s ability to provide detailed data after a Cybertruck explosion raised privacy concerns. While aiding law enforcement, experts warn about the risks of vehicle data misuse. The incident renews calls for stricter regulations on connected car data. Explore the story.



India Proposes Tough Data Protection Rules

India’s draft Digital Personal Data Protection Rules propose stricter cybersecurity requirements, mandatory breach notifications within 72 hours, and data retention limits. Public feedback on the rules is open until February 18, 2025. Learn more.



US Cyber Trust Mark Launched for IoT Devices

The U.S. Cyber Trust Mark, a security label for IoT devices, will debut this year. Certified products meeting NIST standards will display the label, enhancing transparency and consumer confidence in connected devices. Learn more.



Outgoing White House Cyber Official Urges Workforce Reform

Harry Coker, outgoing U.S. cyber director, called for more funding, streamlined regulations, and hiring non-degree holders to fill cybersecurity roles. With 500,000 open cyber jobs, Coker emphasized a skills-based approach to recruitment. Full story.



Finland Recovers Anchor Linked to Russian Cable Sabotage

Finnish authorities retrieved an anchor allegedly used by the Russian spy ship Eagle S to sever undersea cables. The ship is detained, while investigations continue into its role in damaging critical infrastructure. Read more.



Ukraine’s Cybersecurity Market Quadruples Amid Conflict

Ukraine’s cybersecurity market reached $138 million in 2024, driven by constant Russian cyberattacks and rising demand for innovative solutions. Projections indicate 50% growth by 2029. Learn more.



Israel’s Cybersecurity Sector Raises $4 Billion Despite War

Israel’s cybersecurity startups attracted $4 billion in 2024, doubling 2023’s total. Investments focused on cloud security and AI threats, underscoring Israel’s resilience and global leadership in cybersecurity innovation. Read more.



DNA Sequencer Vulnerabilities Highlight Medical Risks

Illumina patched vulnerabilities in its iSeq 100 DNA sequencer, which could allow attackers to disable devices or install malicious firmware. The flaws emphasize the need for robust security in medical IoT devices. Learn more.



Hackers Compromise Argentina’s Airport Security Payroll

Hackers exploited vulnerabilities in Argentina’s payroll system, deducting funds from employee salaries. The attack highlights growing risks in financial systems and third-party integrations. More info.



Moxa Issues Critical Patches for Router Vulnerabilities

Taiwan’s Moxa released patches for severe flaws in its routers, including a vulnerability allowing unauthorized command execution. Users are advised to update firmware immediately. Learn more.