The online world never takes a break, and this week shows why. From ransomware creators being caught to hackers backed by governments trying new tricks, the message is clear: cybercriminals are always changing how they attack, and we need to keep up.
Hackers are using everyday tools in harmful ways, hiding spyware in trusted apps, and finding new ways to take advantage of old security gaps. These events aren’t random—they show just how clever and flexible cyber threats can be.
In this edition, we’ll look at the most important cyber events from the past week and share key takeaways to help you stay safe and prepared. Let’s get started.
LockBit Developer Rostislav Panev Charged in the U.S. — Rostislav Panev, a 51-year-old dual Russian and Israeli national, has been charged in the U.S. for allegedly acting as the developer of the now-disrupted LockBit ransomware-as-a-service (RaaS) operation, netting about $230,000 between June 2022 and February 2024. Panev was arrested in Israel in August 2024 and is currently pending extradition. With the latest development, a total of seven LockBit members have been charged in the U.S. That said, the group appears to be readying a new version, LockBit 4.0, that’s scheduled for release in February 2025.
Heads up! Some popular software has serious security flaws, so make sure to update now to stay safe. The list includes — CVE-2024-12727, CVE-2024-12728, CVE-2024-12729 (Sophos Firewall), CVE-2023-48788 (Fortinet FortiClient EMS), CVE-2023-34990, (Fortinet FortiWLM), CVE-2024-12356 (BeyondTrust Privileged Remote Access and Remote Support), CVE-2024-6386 (WPML plugin), CVE-2024-49576, CVE-2024-47810 (Foxit Software), CVE-2024-49775 (Siemens Opcenter Execution Foundation), CVE-2024-12371, CVE-2024-12372, CVE-2024-12373 (Rockwell Automation PowerMonitor 1000), CVE-2024-52875 (GFI KerioControl), CVE-2024-56145 (Craft CMS), CVE-2024-56050, CVE-2024-56052, CVE-2024-56054, CVE-2024-56057 (VibeThemes WPLMS), CVE-2024-12626 (AutomatorWP plugin), CVE-2024-11349 (AdForest theme), CVE-2024-51466 (IBM Cognos Analytics), CVE-2024-10244 (ISDO Software Web Software), CVE-2024-4995 (Wapro ERP Desktop), CVE-2024-10205 (Hitachi Ops Center Analyzer), and CVE-2024-46873 (Sharp router)
Don’t Let Hackers Peek into Your Cloud — Cloud storage makes life easier, but it can also expose your data if not secured properly. Many people don’t realize that misconfigured settings, like public folders or weak permissions, can let anyone access their files. This is how major data leaks happen—and it’s preventable.
Start by auditing your cloud. Tools like ScoutSuite can scan for vulnerabilities, such as files open to the public or missing encryption. Next, control access by only allowing those who need it. A tool like Cloud Custodian can automate these policies to block unauthorized access.
Finally, always encrypt your data before uploading it. Tools like rclone make it simple to lock your files with a key only you can access. With these steps, your cloud will stay safe, and your data will remain yours.
The holidays are a time for celebration, but they’re also peak season for cyber risks. Cybercriminals are more active than ever, targeting online shoppers, gift exchanges, and even festive email greetings. Here’s how you can enjoy a secure and worry-free holiday:
As we head into the New Year, let’s make cybersecurity a priority for ourselves and our families. After all, staying safe online is the gift that keeps on giving.
Happy Holidays, and here’s to a secure and joyful season! 🎄🔒
