Cyber attacks Cybersecurity

CyberWednesday: Top 10 Cybersecurity Updates #13

5 min. read
Placeholder for Female engineer behind screenFemale engineer behind screen

Share

Welcome to this week's edition of Nomios Weekly CyberWednesday! This week’s roundup dives into the most pressing cybersecurity developments impacting enterprises across Europe and beyond. Through the European Commission's recommendations on security in the health sector, to supply chain threats and identity-based attacks, to geopolitical tensions. Stay informed with the latest insights to safeguard your organisation against emerging threats in the ever-changing digital landscape.

1. EU Commission Calls for Health Sector Cyber 'Action Plan'

The European Commission is calling for a comprehensive cybersecurity action plan to protect the healthcare sector from increasing cyber threats. This initiative follows a rise in ransomware attacks on hospitals and medical institutions, which have disrupted critical services and put patient data at risk. The plan emphasizes the need for stronger cybersecurity frameworks, improved incident response, and enhanced collaboration among EU member states. The Commission also highlights the importance of securing medical devices and digital health infrastructure to prevent future attacks. With healthcare systems becoming prime targets for cybercriminals, the proposed measures aim to strengthen resilience and ensure the safety of patient data across Europe. (Source: govinfosecurity.com)

2. How Kroll and DORA Tackle Supply Chain Cybersecurity Risks

Kroll experts emphasize the rising cybersecurity threats targeting supply chains, especially in technology and telecom sectors. Attacks on critical infrastructure can cause widespread disruptions, and as supply chains become increasingly reliant on cloud services, risks grow. The Digital Operational Resilience Act (DORA) introduces new compliance requirements, stressing third-party risk management and strong incident response measures. As AI-driven cyberattacks rise, firms must adopt advanced security practices like multi-layered defenses, encryption, and endpoint monitoring to protect their operations and mitigate potential vulnerabilities. (Source: cybermagazine.com)

3. Hackers Deploy Malicious npm Packages to Steal Solana Wallet Keys via Gmail SMTP

Hackers have deployed malicious npm packages designed to steal Solana wallet private keys by exploiting Gmail's SMTP servers. These packages, disguised as legitimate Solana development tools, can transfer stolen funds to attacker-controlled addresses. Additionally, some npm packages include a "kill switch" that wipes sensitive data from infected systems. The malicious code also exfiltrates environment variables and authentication tokens, granting backdoor access to compromised systems. Companies and developers should verify package sources and use security analysis tools to prevent potential threats. (Source: thehackernews.com)

4.13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks

Around 13,000 MikroTik routers have been hijacked and are now part of a botnet used to send malicious spam emails (malspam). These emails exploit misconfigured DNS settings, allowing attackers to spoof legitimate domains and bypass email security. The attack uses compromised routers to act as proxies, making it difficult to trace the source of malicious activity. The infected routers could also be used for DDoS attacks or other malicious purposes. MikroTik users are advised to update their devices and change default credentials to prevent exploitation. (Source: thehackernews.com)

5. 2024: A year of identity attacks

The article discusses the increasing threat of identity attacks in 2024, highlighting how cybercriminals are targeting organizations by exploiting weak or stolen credentials. As more businesses move to digital platforms, identity-based attacks are becoming a primary method of compromise. The article outlines preventive measures, including robust authentication protocols and monitoring systems. It emphasizes the importance of staying ahead of cyber attackers and securing user identities to protect sensitive information. (Source: pushsecurity.com)

6. 318 Vulnerabilities Patched in January 2025 Oracle Critical Security Update

Oracle's January 2025 Critical Patch Update addresses 318 security vulnerabilities across multiple products, including Oracle Database, MySQL, Fusion Middleware, and Communications Applications. Among these, some critical flaws carry CVSS scores as high as 9.9, indicating severe risks. Notably, vulnerabilities affecting Oracle WebLogic Server and Oracle Communications could allow remote code execution without authentication. Oracle urges immediate application of these patches to prevent exploitation, as unpatched systems are highly vulnerable to cyberattacks. For detailed information, users are advised to consult the full update and review their system configurations. (Source: cybersecuritynews.com)

7. Zero Trust Security, Why It's Essential In Today's Threat Landscape

Zero Trust Security is becoming essential as cyber threats continue to evolve, making traditional perimeter-based defenses ineffective. The article explains that Zero Trust operates on the principle of "never trust, always verify," requiring continuous authentication and strict access controls. Organizations implementing Zero Trust can minimize the risk of unauthorized access, insider threats, and ransomware attacks. The approach relies on technologies like multi-factor authentication, micro-segmentation, and continuous monitoring. As cybercriminals find new ways to exploit vulnerabilities, adopting a Zero Trust framework is crucial for protecting sensitive data and critical systems. Businesses are encouraged to prioritize security strategies that assume threats exist both inside and outside their networks. (Source: thehackernews.com)

8. AI Cyber Security Predictions 2025

AI will play a crucial role in shaping cybersecurity in 2025, both as a defense tool and a weapon for cybercriminals. The increasing sophistication of AI-driven attacks highlights the urgent need for stronger security frameworks and proactive defense strategies. Organizations must adapt by investing in AI-powered security solutions while ensuring human oversight remains a key component. As cyber threats evolve, balancing innovation and risk mitigation will be essential to staying ahead of attackers. (Source: cybersecuritynews.com)

9. Attackers Exploit IBM i Access Client Solutions on Windows 11 To Steal Passwords

IBM i Access Client Solutions has been found to have a critical vulnerability that could allow attackers to execute malicious code on affected systems. This security flaw poses a significant risk to businesses relying on IBM's platform for remote system access and management. IBM has released patches to address the issue, urging all users to update their software immediately. Delaying updates could leave systems exposed to potential exploitation by cybercriminals. Organizations should also implement additional security measures, such as monitoring network activity and restricting access where necessary. Proactive action is essential to mitigate the risks associated with this vulnerability. (Source: cybersecuritynews.com)

10. UK Government Debuts AI Tools for Enhanced Public Services

The UK government has introduced AI tools aimed at enhancing public services, with a focus on improving efficiency and service delivery. These tools are designed to help in areas such as digital identity verification, fraud detection, and automating routine processes. By leveraging AI, the government hopes to create more streamlined and responsive services for citizens, while also addressing security concerns. These advancements are part of the UK's broader initiative to modernize government operations through technology. (Source: govinfosecurity.com)

Stay ahead of the latest cybersecurity developments by keeping an eye on these stories, and ensure your organisation's security protocols remain up to date.

Sign up for our newsletter

Get the latest security news, insights and market trends delivered to your inbox.

Updates

More updates