Your quick weekend update and reminder.

☝️ TWA

Breaches are back in the news

🤷‍♀️ What now?: Enable multi-factor authentication (MFA) and stay away from passwords, if possible.

Tools: Lack of MFA Is Common Thread in Vast Cloud Credential Heist

Meanwhile … Dozens of Major Data Breaches Linked to Single Threat Actor

📰 Headline Highlights

• Covenant Health patient data breach numbers skyrocket

• Sedgwick confirms cyber incident affecting its major federal contractor subsidiary

• Cybercriminals Abuse Google Cloud Email Feature in Multi-Stage Phishing Campaign

• Korean Air Data Compromised in Oracle EBS Hack

• DarkSpectre Browser Extension Campaigns Exposed After Impacting 8.8 Million Users Worldwide

• Kimwolf Android Botnet Infects Over 2 Million Devices via Exposed ADB and Proxy Networks

• Illinois state agency exposed personal data of 700,000 people

• Major Data Breach Hits Company Operating 150 Gas Stations in the US

In other news, Microsoft to enforce MFA for Microsoft 365 admin center sign-ins

GOOD READ: ESA calls cops as crims lift off 500 GB of files, say security black hole still open

Despite not being surprised by the numerous data breaches observed this week, we were not anticipating their occurrence. In fact, we intended to discuss the cyber aspect of Venezuela, but it is satisfactory that it has been included in the “Look Out” and “Must Read” sections.

Inside Hexagon

Hexagon Center got a new logo. It was released on January 7 and quickly published to the front page of our website. Check it out at hexagoncenter.org.

HOUSEKEEPING

Glossary/Legend:

• Agentic AI - autonomous artificial intelligence systems that can perceive their environment, reason, plan, and take actions independently to achieve complex goals with minimal human intervention, moving beyond simple command-response to proactive, goal-oriented behavior.

• LLM or Large Language Model - an advanced AI trained on vast text data to understand and generate human-like text for tasks like chatbots and content creation.

• Parked Domain - a registered web address (URL) that isn't actively linked to a full website but serves as a placeholder, often showing a generic page or ads, used to reserve the name for future development, protect a brand, or generate passive income from type-in traffic. It's like buying a piece of land but not building a house on it yet. 

• Holistic security - a comprehensive strategy that integrates various protection layers—physical, digital, psycho-social, and organizational—to safeguard individuals, communities, or systems, recognizing that true security involves overall well-being, not just isolated technical defenses.

• Personal Identifier - A unique word or phrase shared exclusively with an individual or a group, serving as a means of identification and affirmation within the established relationship. It is recommended that 2 or more Personal Identifiers be established per person.

• Malware (short for malicious software) - refers to any intrusive software developed by cybercriminals (often called hackers) to steal data and damage or destroy computers and computer systems.

• Ransomware - A type of malware that locks or encrypts a victim's files and demands a ransom payment to unlock and decrypt them. Ransomware can infect a variety of devices, including computers, smartphones, printers, and more.

Spread cybersecurity culture

Do you have any suggestions on how we can further share this newsletter? Tell your friends and family about us by sharing with them the Hexagon Center official website:

hexagoncenter.org

View archives at hxweekly.beehiiv.com

You may reply to this newsletter or email us at
[email protected]

Send us any questions or things you want to talk about. Please share some fun facts with us. We welcome feedback and suggestions.

_{Hexagon Center is formed as a nonprofit corporation in California for public benefit,
and is tax-exempt under section 501(c)(3) of the Internal Revenue Code.}

_DISCLAIMER

_{Cybersecurity is an ever-changing field, and threats may evolve. While Hexagon Center strives to provide accurate and timely information, we cannot guarantee absolute security. Users are responsible for implementing their security measures and staying informed about the latest cybersecurity developments. Hexagon Center is not responsible for any cyber or scam attacks by our readers. HX Weekly tips are advice are not official positions of Hexagon Center nor is Hexagon Center responsible for its content.}

Content of this newsletter is not an official representation of Hexagon Center.

_{SEE MORE DISCLAIMER HERE}