Columbia cyberattack political. SSN scam warning. New CA privacy law specialization. Improve awareness training. Prepare your Kick-the-Bucket list. Iran fin'l system attacked. Scam centers worldwide.
Cybersecurity News of the Week & Patch Report, July 6, 2025
This week's essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned. Designed to educate, support, and advocate.
Sections
Section 1: National and International News
SecureTheVillage: Events. Programs. Guides. Newsletters.
Section 2: Families and Individuals: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.
Cybersecurity Nonprofit of the Week
Section 4: Patch and Update Report
Section 1: National and International News
LA’s Most Entangled Law: California's Upcoming Privacy Law Specialization: A new California specialty in Privacy Law is pending final approval. As the State Bar of California moves to formally certify privacy lawyers, what could this mean for LA's Angeles's legal landscape? … A quiet revolution is unfolding in California’s legal community and Los Angeles stands at its epicenter. In a move expected to ripple across law schools, courtrooms, and corporate compliance departments, California is preparing to formally certify privacy lawyers through a new Privacy Law Specialization. Pending final approval from the State Bar’s Board of Trustees in August 2025, this designation will make California the first state to recognize privacy law as a legal specialty– a monumental shift decades in the making. … Historically, U.S. privacy law operated under the “notice and consent” model. Essentially, companies told users what they might do with their data, and that users' continued use of the service would be considered compliance and consent. The vague, expansive wording of these policies enabled companies to operate without real accountability. Privacy policies functioned more as liability shields than meaningful safeguards. … California, however, is working towards new consumer safeguards. With laws like the California Online Privacy Protection Act (2003), the California Consumer Privacy Act (2018), and the California Privacy Rights Act (2020), the state has steadily established enforceable limits and consumer rights. The formation of the California Privacy Protection Agency (2020) further cemented California’s leadership in digital rights enforcement.
North Korean Tech Workers Infiltrating Companies Around World, U.S. Says: Using falsified and stolen IDs, prosecutors say, North Koreans secure jobs that help finance the regime by evading sanctions. They also steal corporate secrets, some elated to military technology. … On Monday, federal law enforcement authorities took a series of actions across 16 states aimed at shutting down the scheme.
Europol Dismantles $540 Million Cryptocurrency Fraud Network, Arrests Five Suspects: Europol on Monday announced the takedown of a cryptocurrency investment fraud ring that laundered €460 million ($540 million) from more than 5,000 victims across the world. … The international effort, codenamed Operation Borrelli, was carried out by the Spanish Guardia Civil, along with support from law enforcement authorities from Estonia, France, and the United States. Europol said the investigation into the syndicate started in 2023.
U.S. Sanctions Russian Bulletproof Hosting Provider for Supporting Cybercriminals Behind Ransomware: The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has levied sanctions against Russia-based bulletproof hosting (BPH) service provider Aeza Group to assist threat actors in their malicious activities and targeting victims in the country and across the world.
How Israel-Aligned Hackers Hobbled Iran’s Financial System: Broken cash machines, halted payments and a crippled crypto exchange were all the result of pro-Israeli efforts. … Israeli authorities, and a pro-Israeli hacking group called Predatory Sparrow, targeted financial organizations that Iranians use to move money and sidestep the U.S.-led economic blockade, according to Israeli officials and other people familiar with the efforts. … Predatory Sparrow said this past week that it crippled Iran’s state-owned Bank Sepah, which services Iran’s armed forces and helps them pay suppliers abroad, knocking out its online banking services and cash machines. Iranian state media acknowledged the damage. … The group also breached Nobitex, Iran’s largest cryptocurrency exchange. The hackers extracted about $100 million in funds and forced the platform to shut down, according to the exchange. … Iran’s government pulled the plug on much of the country’s online activities to prevent further attacks and keep a lid on dissent.
Columbia Cyberattack Appears Politically Motivated, University Says: The attacker, described as a “hacktivist,” shut down computer systems and stole student data last week. … The cyberattack that caused a widespread shutdown of Columbia University’s computer systems last week appears to be the work of a “hacktivist” — a hacker who also stole student data with the apparent goal of furthering a political agenda, a Columbia official said on Tuesday. … Bloomberg News, which received messages from the apparent hacker, said that the person described stealing student data in order to see if Columbia was using affirmative action in its admission policies, a practice the Supreme Court effectively barred in 2023.
INTERPOL releases new information on globalization of scam centres: Human trafficking-fueled scam centres have expanded their global footprint, according to a new crime trend update released by INTERPOL. … Victims have been trafficked into criminality from more than 60 countries around the world. … West Africa is emerging as a potential regional hub for online scam centres
Data breach reveals Catwatchful ‘stalkerware’ is spying on thousands of phones: A security vulnerability in a stealthy Android spyware operation called Catwatchful has exposed thousands of its customers, including its administrator. … Catwatchful is spyware masquerading as a child monitoring app that claims to be “invisible and cannot be detected,” all the while uploading the victim’s phone’s private contents to a dashboard viewable by the person who planted the app. The stolen data includes the victims’ photos, messages, and real-time location data. The app can also remotely tap into the live ambient audio from the phone’s microphone and access both front and rear phone cameras. … Spyware apps like Catwatchful are banned from the app stores and rely on being downloaded and planted by someone with physical access to a person’s phone. As such, these apps are commonly referred to as “stalkerware” (or spouseware) for their propensity to facilitate non-consensual surveillance of spouses and romantic partners, which is illegal.
Over 100k Medicare Accounts Breached in Latest Hack: Was Yours One?: Letters are going out to 103,000 Medicare beneficiaries who may have been impacted. Here's how to protect your identity and benefits. … Be on the lookout for a letter from Medicare & Medicaid Services (CMS). The government agency that provides medical insurance for more than 67 million Americans 65 and older is notifying Medicare beneficiaries that they may have been part of a data breach in which fake accounts were created in their names.
Qantas data breach exposes up to six million customer profiles: Qantas is contacting customers after a cyber attack targeted their third-party customer service platform. … On 30 June, the Australian airline detected "unusual activity" on a platform used by its contact centre to store the data of six million people, including names, email addresses, phone numbers, birth dates and frequent flyer numbers. … The company is still investigating the full extent of the breach, but says it is expecting the proportion of data stolen to be "significant".
Kelly Benefits says 2024 data breach impacts 550,000 customers: Kelly & Associates Insurance Group (dba Kelly Benefits) is informing more than half a million people of a data breach that compromised their personal information. … The Maryland-based health and life insurance agency is a provider of benefits consulting, enrollment technology, payroll administration, HRIS, compliance support, and carrier management.
SecureTheVillage
Events
July15: Cybersecurity Connect Discussion Group. Preparing for disruption. What your small business / nonprofit can learn from how the military plans ahead. As President & General Dwight Eisenhower famously said, “In going into battle, plans are useless, but planning is indispensable.” This month, JC Vega, CISSP, retired Army Colonel and cybersecurity strategist, joins us to unpack what that really means for small businesses and nonprofits faced with the inevitable disruptions of a cyber-event. You’ll walk away with a few battle-tested strategies (and maybe a new way to think about disruption). Cybersecurity Connect is where cybersecurity professionals, IT leaders, attorneys, risk managers, executive leaders, educators, investors, and law enforcement come together to discuss challenges, exchange ideas, and strengthen our collective defenses. July 15, 3:45 - 5:00 PDT.
Programs
The Reasonable Cybersecurity Lab™
Guides for families and individuals
How Hackable Are You? Strengthen your cybersecurity and privacy defenses with our free updated 13-step guide.
Guide to Password Managers. What you need to know to get a password manager that's right for you.
After a Disaster: A Guide to Keep Your Phone Secure, Safeguard Your Information, and Avoid Being Scammed. This is a concise guide on how to protect yourself from scams in the aftermath of a local disaster, whether it's an earthquake, major fire, hurricane, or other crisis.
SecureTheVillage FREE Newsletters. Sign up or share with a friend!
Cybersecurity News of the Week & Weekend Patch Report. Our award winning newsletter, now on Substack. Essential cybersecurity and privacy news for the cyber-aware and the cyber-concerned.
Family Protection Newsletter: Our monthly newsletter for non-cyber experts. For your parents, friends, and those who need to protect themselves in a digital world.
Section 2: Let’s Be Careful Out There. And Let’s Help Others Who Aren’t Yet Cyber-Aware.
Another sad scamming story.
Washington man scammed out of $500K after conmen told him his SSN had been stolen — how to protect yourself: It’s a scam so convincing that it’s raked in millions from unsuspecting residents across Washington State, including one victim who lost a jaw-dropping $870,000. … Con artists posing as government agents are using high-pressure, fear-fueled tactics to trick victims into handing over huge sums. Many of the scams involve references to victims’ Social Security. … It begins with an ominous email, text, or computer pop-up that appears to be from the Social Security Administration (SSA) or a related agency that claims your identity has been stolen or your accounts hacked. … Victims are told to act fast and click on a link or call a number to connect with an official — when in fact they’re directed to a live con artist.
Follow SecureTheVillage’s recommendations. Prepare your Kick-the-Bucket list.
A Loved One Dies. No One Knows Their Passwords. Here’s What to Do.: Before I lost my father, I’d always heard that nothing can prepare you for the grief of losing a loved one. But in the aftermath of his death, I was especially blindsided by what came next: the bills that stopped for no one, the accounts that needed to be closed, and the frustrations of taking over someone’s estate — even a digital one.
Section 3: Smaller Businesses and Nonprofits: A Discipline of Cybersecurity.
“Culture eats strategy for breakfast,” management maven Peter Drucker said. It’s every bit as true in cyberscurity as anywhere else in the organization. If you want your people to refrain from clicking those links, you’ve got to embed your cybersecurity awareness training inside a cybersecurity culture that viscerally understands and acts upon the potential devastation that can come from cyber-disruption. Otherwise you’re wasting your people’s time.
We've All Been Wrong: Phishing Training Doesn't Work: Teaching employees to detect malicious emails isn't really having an impact. What other options do organizations have? … A recent study suggests, contrary to popular belief, that most phishing awareness initiatives aren't having a material impact on employee cybersecurity.
Do not forget this story. Make sure your procedures are explicit and clear. When they’re gone, make sure they’re gone. More than just money is the disruption to the business and its customers.
British IT worker jailed for revenge attack on employer that caused a “ripple effect of disruption” for colleagues and customers: A disgruntled IT worker has been jailed after costing his employer £200,000 - and its good reputation - by exploiting his privileged network access. … West Yorkshire man Mohammed Umar Taj was suspended from his job in Huddersfield in July 2022, and began taking revenge within hours. … According to West Yorkshire Police, he went back to the company’s premises and accessed its computer systems, altering login credentials to disrupt the firm’s day to day activities. … A day later, he went further, changing access credentials and the company’s multi-factor authentication (MFA) - causing big problems for the firm’s clients both in the UK and overseas in Germany and Bahrain.
Cybersecurity Nonprofit of the Week … The Institute for Security and Technology
Kudos this week to The Institute for Security and Technology and their Ransomware Task Force (RTF). The Task Force aims to equip businesses, organizations, and governments of all sizes to prepare for ransomware attacks, effectively respond, and quickly recover. The Task Force has published the Cyber Incident Reporting Framework and the Blueprint for Ransomware Defense representing a set of foundational and actionable safeguards derived from the Center for Internet Security’s Critical Security Controls. Like SecureTheVillage, the Institute is a member of Nonprofit Cyber, a coalition of implementation-focused cybersecurity nonprofits.
Section 4: Weekend Patch Report
Keeping your computers, smartphones, notepads and other devices patched and updated is #4 on SecureTheVillage's How Hackable Are You Guide. The following lists current versions of common software programs. Items in Bold have been updated. Updates are usually available from within the program. If not, updates can be downloaded from the company's website. Even as patching is increasingly automated, it's important to double-check that it's being done.
7-Zip updated to 25.00.
Adobe Acrobat Reader 25.001.20531
AVG 25.6.3385.
Apple iOS 18.5
Apple iPadOS 18.5
Apple macOS Sequoia 15.5
Apple macOS Sonoma 14.7.6
Apple macOS Ventura 13.7.6
Apple watchOS 11.5
Apple tvOS 18.5
Apple vision OS 2.5
Apple Safari 18.5
Brave updated to 1.80.115.
CCleaner 6.37.11523.
Chrome updated to 138.0.7204.97.
Discord updated to 1.0.9198.
Dropbox 227.4.4774.
Edge updated to 138.0.3351.65.
Evernote updated to 10.144.3.
ExpressVPN 12.103.0.22
Firefox 140.0.2.
Foxit Reader 2025.1.0.27937.
Google Drive for Desktop 110.0.2.0.
iTunes 12.13.7.1.
KeePass 2.57.1.
Malwarebytes updated to 5.3.3.198.
Microsoft 365 & Office Updated.
Microsoft Windows
Notepad++ updated to 8.8.2.
OneDrive 25.105.0601.0002.
Opera Chromium updated to 120.0.5543.38.
Spotify 1.2.67.553.
Teams 25153.1010.3727.5483.
TeamViewer 15 updated to 15.67.4.
Thunderbird updated to 140.0.
Zoom updated to 6.5.3.7509.
Thank you.