☝️ TOP STORY

CISA election, disinformation officials placed on administrative leave, sources say

🤷‍♀️ What now?: While we didn’t share any disinformation news in this edition, there were many this week. (See therecord.media) We anticipate a significant increase in the prevalence of disinformation in the future.

Meanwhile … Apple and Google take down malicious mobile apps from their app stores (There could be more not taken down.)

📰 Headline Highlights

• Security attacks on password managers have soared

• DeepSeek App transmits sensitive user and device data without encryption

• Information of 120,000 Stolen in Ransomware Attack on Georgia Hospital

• Ransomware Gangs Increasingly Prioritize Speed and Volume in Attacks

• U.S. adversaries increasingly turning to cybercriminals and their malware for help

• New LiDAR system can ID a face a kilometer away

• Romance Scams Cost Americans $697.3M Last Year

• Hacker leaks account data of 12 million Zacks Investment users

• Cyberattack Disrupts Publication of Lee Newspapers Across the U.S.

• Judge says US Treasury ‘more vulnerable to hacking’ since Trump let the DOGE out

• The World's Longest and Strongest WiFi Passwords

• OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials

• China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers

• Anyone Can Push Updates to the DOGE.gov Website

In other news, Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins

MUST READ: Phishing Tests, the Bane of Work Life, Are Getting Meaner

We have dedicated this week’s edition to public service announcements (PSA). Even though you didn’t see a lot of news about malicious information and the fight against disinformation, we have noticed that it was a lot more than usual. We hope our subscribers will not only be vigilant but also spread the word about what you have learned from our newsletter. Better yet, invite people to subscribe to it at hexagoncenter.org.

Inside Hexagon

Another week has come and gone and we are more and more aware of the work that Hexagon Center is going to undertake in the coming future. While we do not fact check, we urge you to remain vigilant and actively question the veracity of the things you see. Furthermore, we encourage you to invite others to subscribe to HX Weekly at hexagoncenter.org.

HOUSEKEEPING

Glossary/Legend:

• Phishing - a cybercrime that involves tricking people into giving away sensitive information.

• LiDAR, or Light Detection and Ranging - a remote sensing technology that uses lasers to measure distances and create 3D models of the Earth's surface

• Legacy MFA - Legacy multi-factor authentication (MFA) is an older method of MFA that uses one-time passwords (OTPs) via SMS or mobile apps. It's considered outdated and inadequate to protect against modern cyber threats.

• Romance scam - a confidence trick involving feigning romantic intentions towards a victim, gaining the victim's affection, and then using that goodwill to get the victim to send money to the scammer under false pretenses or to commit fraud against the victim.

• Cyberattack - A malicious attempt to gain unauthorized access to a computer system, network, or device. The goal of a cyberattack is to disrupt or damage the target, or to steal data, intellectual property, or money.

• Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

• Password manager - a software application that allows users to securely store, generate, and manage their online login credentials (passwords and usernames) across different websites and applications, typically requiring only one "master password" to access all stored information, promoting strong password hygiene by creating unique passwords for each site and automatically filling them in when needed.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

hexagoncenter.org

View archives at hxweekly.beehiiv.com

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

_{Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.}

_DISCLAIMER

_{Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.}

Content of this newsletter is not an official representation of Hexagon Center.

_{SEE MORE DISCLAIMER HERE}