Happy Thursday !

Welcome to Cycoresecure.io, your go-to partner for transforming security and compliance into effortless processes. Whether you're a startup or a growing tech company, we provide services to tackle your biggest security challenges, freeing you to focus on scaling your business with confidence. Let's secure your future together!

Make sure to follow our Cycore LinkedIn page and subscribe to receive updates on current events, trends, and industry news that matter to you .

In Today's Rundown

• What caught our attention: CISA's Call for Secure …

  • Security

  • Privacy

  • Compliance

• Let's Build Trust

Let’s dive right in.

What caught our attention: CISA's Call for Secure Messaging Amid Global Telecom Breaches

This week, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a strong advisory urging political and government officials to switch to Signal-like encrypted messaging apps. This recommendation follows alarming telecom breaches across dozens of countries, including the U.S., where sophisticated threat actors exploited vulnerabilities in telecom carriers to intercept sensitive communications.

CISA emphasized the criticality of adopting end-to-end encryption, which ensures that only intended recipients can access the messages, thereby mitigating interception risks. Signal, praised for its robust security protocols, has been highlighted as a key tool for safeguarding confidential communication, especially during heightened geopolitical tensions.

Cycore’s Take: At Cycore, we view this directive as a pivotal reminder for organizations globally to prioritize secure communication channels. With telecom infrastructure becoming a frequent target, businesses must implement similar encryption tools to protect internal discussions and sensitive data. Signal and other encrypted messaging platforms are cost-effective and easy to deploy—an essential step toward a resilient security posture.

Security, Privacy and Compliance Roundup

Security

1. CISA Urges Adoption of Secure Messaging Apps
   Following widespread telecom breaches across the globe, CISA has recommended government and political officials adopt end-to-end encrypted messaging apps like Signal. The breaches highlight the vulnerability of traditional telecom systems, underscoring the urgent need for secure communication channels.

2. Juniper Warns of Mirai Botnet Targeting IoT Devices
   A Mirai-based malware campaign is actively exploiting unpatched IoT vulnerabilities, including those in TP-Link routers and NVRs. Attackers leverage these devices for DDoS attacks, emphasizing the critical need for regular updates and secure default configurations.

3. Apache Traffic Control Flaw Exposes Systems to Critical Attacks
   A critical SQL injection vulnerability (CVE-2024-45387) in Apache Traffic Control has been patched. Rated 9.9 on the CVSS scale, the flaw could allow attackers to execute arbitrary commands, emphasizing the urgency for organizations to update to version 8.0.2.

4. North Korean Hackers Steal $308 Million in Bitcoin
   The FBI has linked North Korean threat actors to a significant cryptocurrency heist at the Japanese exchange DMM Bitcoin. The operation involved advanced social engineering tactics, reflecting the persistent risk of targeted attacks in the financial sector.

Privacy

1. Italy Fines OpenAI €15 Million for GDPR Violations
   Italy’s privacy watchdog imposed a significant fine on OpenAI for non-compliance with GDPR data transparency requirements. The penalty highlights growing regulatory scrutiny on AI platforms' handling of user data.

2. FTC Mandates Data Security Reforms for Marriott
   The Federal Trade Commission has ordered Marriott International to implement stricter data security measures following previous breaches. This marks a step toward greater accountability for organizations handling sensitive customer data.

3. European Space Agency Store Hacked
   A breach at the ESA's official web shop enabled attackers to insert a fake Stripe payment page, compromising customer payment card details. This highlights the continued threat of e-commerce-focused cyberattacks.

4. Researchers Uncover PyPI Package Theft Campaign
   Malicious PyPI packages like "Zebo" and "Cometlogger" have been found stealing user keystrokes and hijacking social media accounts. This emphasizes the ongoing need for vigilance in securing software supply chains.

Compliance

1. CISA Expands KEV Catalog with BeyondTrust Flaw
   CISA has added a critical BeyondTrust vulnerability (CVE-2024-12356) to its Known Exploited Vulnerabilities catalog. Agencies are required to patch affected systems promptly to mitigate exploitation risks.

2. 2025 NDAA Allocates $3 Billion for Cyber Initiatives
   The 2025 National Defense Authorization Act has approved funding for FCC's Rip-and-Replace Program and other cyber initiatives. This investment reflects a robust commitment to national cybersecurity improvements.

3. Sophos Patches Critical Firewall Vulnerabilities
   Sophos has released patches for three critical vulnerabilities, including remote code execution and SQL injection flaws in its Firewall product. Businesses are advised to update to the latest versions to ensure compliance and security.

Let's Build Trust

Work with us or follow along:

1. Cycore, builds enterprise-grade security, privacy and compliance programs for the modern organization. Partner with us.

2. Follow us on LinkedIn for security, privacy & compliance updates!

3. How else can we help? Feedback? Have a question? Reply to this email.

4. Know someone who would like this email? Forward it to a friend...

Your security & compliance ally,
Cycore Team