Orbik Cybersecurity Transforms into First Tech Cooperative in Euskadi

Orbik Cybersecurity, a tech startup in Euskadi, has become the region's first cooperative of its kind through an agreement between Ikerlan and Mondragon. Supported by the Basque government and the Gipuzkoa Provincial Council via the Basque Tek Ventures program, this transformation aims to mobilize over €10 million in the next four years to establish new cooperative startups in Euskadi. In 2024, Orbik reported revenues of €700,000 and plans to double its team and income in 2025. Their clientele includes companies in the electrical sector and industries adhering to the IEC62443-4-2 standard and the new European Cyber Resilience Act.

Credit --> Cadena SER

Delta Delta Delta Sorority Members Eligible for Up to $5,000 from Data Breach Settlement

Members of the Delta Delta Delta sorority can claim up to $5,000 from a $150,000 data breach settlement, provided they submit valid documentation of unreimbursed expenses or lost time. This follows a March 2024 breach that compromised sensitive member data, including names, addresses, and financial information. All class members will also receive three years of free identity theft protection and credit monitoring. Claim forms must be filed by February 3, 2025, with the final approval hearing scheduled for March 10, 2025.

Credit --> The US Sun

FCC's Jessica Rosenworcel Emphasizes Cybersecurity Amidst Leadership Transition

Jessica Rosenworcel, the outgoing Democratic chair of the Federal Communications Commission (FCC), has highlighted the importance of maintaining strong oversight of the telecommunications industry amidst cybersecurity concerns. Following a significant hacking campaign known as "Salt Typhoon," which compromised several telecom companies, Rosenworcel introduced new cybersecurity requirements for telecom operators. These measures face opposition from the incoming Republican FCC chair, Brendan Carr, and other GOP members, who argue against regulatory overreach. Rosenworcel's plan includes modernizing the 1994 Communications Assistance for Law Enforcement Act (CALEA) to incorporate cybersecurity measures.

Credit --> WIRED

Mirai Variant 'Murdoc Botnet' Exploits AVTECH IP Cameras and Huawei Routers

Cybersecurity researchers have identified a new large-scale campaign exploiting vulnerabilities in AVTECH IP cameras and Huawei HG532 routers. This campaign, active since at least July 2024, has infected over 1,370 systems, primarily in Malaysia, Mexico, Thailand, Indonesia, and Vietnam. The botnet leverages known security flaws, such as CVE-2017-17215 and CVE-2024-7029, to gain access to IoT devices and incorporate them into the 'Murdoc Botnet,' a variant of Mirai.

Credit --> The Hacker News

OWASP Releases Top 10 Smart Contract Vulnerabilities for 2025

The Open Web Application Security Project (OWASP) has unveiled its Top 10 Smart Contract Vulnerabilities for 2025. This comprehensive document identifies the most critical vulnerabilities in smart contracts, providing developers and security professionals with a roadmap to mitigate risks in decentralized ecosystems.

Credit --> Cyware Social

Ukrainian Authorities Warn of Cyber Scams Using Fake AnyDesk Requests

CERT-UA has issued a warning about cyber scams involving fake AnyDesk requests purporting to conduct security audits. These phishing attempts aim to exploit user trust by requesting remote access under the guise of assessing security levels. Organizations are advised to be vigilant against such social engineering tactics.

Credit --> Cyware Social

7-Zip Vulnerability CVE-2025-0411 Allows Code Execution

A security vulnerability in 7-Zip, tracked as CVE-2025-0411 with a CVSS score of 7.0 (High), has been uncovered. This flaw could allow attackers to bypass the Mark of the Web (MotW) security feature in Windows, leading to potential code execution. Users are advised to update to the latest version to mitigate this risk.

Ransomware Groups Exploit Microsoft Services for Initial Access

Recent reports indicate that ransomware groups are abusing Microsoft services to gain initial access to target systems. By exploiting legitimate services, attackers can bypass security measures and establish a foothold within networks, underscoring the need for vigilant monitoring and robust security protocols.

January 21, 2025

IT CyberSecurity Headlines