Weekly Cybersecurity Roundup: January 6, 2025 – January 12, 2025

Keypoints :

• Proton Mail experienced a worldwide outage due to a surge in database connections during infrastructure migration.
• Ivanti VPN had critical vulnerabilities exploited by state-sponsored actors, leading to the release of patches.
• Banshee macOS Stealer uses advanced evasion techniques to steal sensitive user information.
• BayMark Health Services reported a data breach affecting patient information due to a ransomware attack.
• Medusind disclosed a data breach impacting over 360,000 individuals’ personal and health information.
• The Chinese APT group MirrorFace has been targeting Japanese organizations for sensitive information since 2019.
• STIIIZY experienced a data breach exposing customer information at multiple retail locations.
• A zero-click vulnerability in Samsung devices was disclosed, allowing remote code execution.
• GFI KerioControl identified a critical vulnerability that could lead to CSRF token theft.
• Mitel MiCollab has critical vulnerabilities that are actively exploited, requiring immediate updates.
• The U.S. government launched a Cyber Trust Mark for IoT devices to certify security compliance.
• Three Russian nationals were charged for operating crypto-mixing services facilitating illicit transactions.
• Phishing campaigns impersonating CrowdStrike target job seekers with cryptomining malware.
• Akamai plans to discontinue its CDN services in China by June 2026.
• Casio suffered a ransomware attack exposing personal data of approximately 8,500 individuals.