Summary: This week’s cybersecurity news roundup highlights significant developments in the field, including new tools, vulnerabilities, and legal actions involving major companies. Key stories include the launch of MITRE’s D3FEND 1.0, a phishing campaign targeting CrowdStrike, and various lawsuits related to data breaches. The roundup emphasizes the evolving landscape of cyber threats and the ongoing efforts to enhance security measures.
Threat Actor: Phishers | phishers
Victim: CrowdStrike | CrowdStrike
Keypoints :
- MITRE launched D3FEND 1.0, a standardized cybersecurity ontology.
- Fake hiring emails from CrowdStrike deliver malware through a phishing campaign.
- CISA released a report on Cybersecurity Performance Goals and a guide for Microsoft cloud logs.
- Bishop Fox introduced Raink, an open-source tool for ranking security advisories.
- The WEF’s 2025 Global Risk Report highlights threats including cyber warfare and misinformation.
- Claroty disclosed vulnerabilities in industrial switches that could allow remote code execution.
- Robinhood and Enzo Biochem settled lawsuits related to data breaches.
- Noyb filed GDPR complaints against Chinese companies for unlawful data transfers.
- AT&T’s data breach may have exposed FBI call logs, risking informant identities.
- Booz Allen Ventures invested in quantum hardware firm SEEQC.
- Microsoft detailed a macOS vulnerability that bypasses System Integrity Protection.
- Cybersecurity venture investment rose to $11.6 billion in 2024.