Welcome to the Triad Situation Report, your trusted source for the latest cybersecurity and compliance news. In this edition, we bring you crucial updates on emerging cyber threats, including data breaches, phishing schemes, and sophisticated malware campaigns. Stay informed and take proactive steps to protect your business from evolving cyber risks.
FBI Warns: FSB-Linked Hackers Exploiting Unpatched Cisco Devices
A Russian state-sponsored espionage group known as Static Tundra, linked to the FSB, is actively exploiting a seven-year-old vulnerability in Cisco IOS and IOS XE. The group uses this flaw to establish persistent access to targeted networks, illustrating the ongoing importance of patching even long-standing vulnerabilities.
Read more here.
Massive Allianz Life Data Breach Impacts 1.1 Million People
Hackers compromised Salesforce data via a social engineering attack targeting Allianz Life, exposing personal information including names, addresses, emails, phone numbers, and Social Security numbers for approximately 1.1 million U.S. customers, financial professionals, and select employees. The breach underscores risks tied to CRM platforms and the need for strong identity verification and asset management.
Read more here.
Fake “Mac Fixes” Trick Users into Installing Shamos Infostealer
A new macOS info-stealing malware dubbed “Shamos” is being distributed via fake “fixes” in ClickFix attacks. Victims are lured using seemingly legitimate troubleshooting guides or malvertising, tricked into running shell commands that download and deploy the malware. Shamos targets web browser data, Keychain items, Apple Notes, and crypto wallets.
Read more here.
Security Flaws in Carmaker Portal Let Hacker Unlock Cars Remotely
A widely known automaker’s dealer portal contained critical vulnerabilities that allowed a security researcher to create a “national admin” account without authentication. This enabled remote access to customer data, vehicle pairing, real-time control features like unlocking and tracking, and mobile account reassignment. The issue has since been fixed, and no indications of prior abuse were found.
Read more here.
Medical Data Breach Exposes 90,000 Individuals
Florida-based CPAP Medical Supplies experienced a data breach originating in December 2024. Attackers had unauthorized access for more than a week and may have stolen highly sensitive files, including Social Security numbers and protected health information—affecting approximately 90,000 individuals, including U.S. military members and families.
Read more here.
How Triad InfoSec Can Assist Your Business:
Navigating the complexities of cybersecurity compliance can be challenging. Triad InfoSec is dedicated to helping businesses prepare for CMMC audits, ensuring compliance, and optimizing cybersecurity strategies. Our services include:
- CMMC Audit Preparation: Guiding your organization through the necessary steps to achieve CMMC certification.
- MSP Partnerships: Collaborating with Managed Service Providers to ensure your business remains compliant while reducing cyber insurance premiums.
- Comprehensive Cybersecurity Solutions: Offering a range of services tailored to meet all your cybersecurity needs.
Partner with Triad InfoSec to secure your business’s future.
