---
title: "Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024] | DuoCircle"
description: "Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/"
---

Quick Answer

Cybersecurity stories from the week of December 30, 2024: enabling automatic OS updates on iPhone and Android remained the single highest-leverage check most users skip. A six-step data-breach recovery framework circulated for affected consumers: change passwords, enable MFA, freeze credit, monitor financial accounts, file an FTC report, and rotate exposed credentials across reused logins. The US Treasury Department disclosed a cybersecurity incident attributed to a Chinese state-sponsored actor that gained access through compromised BeyondTrust remote-support software. President-elect Donald Trump signaled tougher enforcement against cybercriminals. And Thomas Cook India reported a cyberattack disrupting employee email systems while customer-facing systems stayed online.

Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News \[December 30, 2024\]

Your browser does not support the audio element.

[ Download episode](https://media.mailhop.org/duocircle/images/2025/01/Essential-Check-Secures-Prevention-Beats-Recovery-Treasury-Cyber-Breach-Cybersecurity-News-December-30-2024.mp3) 

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-2-of-2025%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Essential%20Check%20Secures%2C%20Prevention%20Beats%20Recovery%2C%20Treasury%20Cyber%20Breach-%20Cybersecurity%20News%20%5BDecember%2030%2C%202024%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-2-of-2025%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-2-of-2025%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-2-of-2025%2F&title=Essential%20Check%20Secures%2C%20Prevention%20Beats%20Recovery%2C%20Treasury%20Cyber%20Breach-%20Cybersecurity%20News%20%5BDecember%2030%2C%202024%5D "Share on Reddit") [ ](mailto:?subject=Essential%20Check%20Secures%2C%20Prevention%20Beats%20Recovery%2C%20Treasury%20Cyber%20Breach-%20Cybersecurity%20News%20%5BDecember%2030%2C%202024%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-2-of-2025%2F "Share via Email") 

![cybersecurity news](https://media.mailhop.org/duocircle/images/2025/01/phishing-protection-2.jpg) 

The New Year is the time for resolutions. Individuals and organizations must focus on [cybersecurity](/) and resolve to take proactive steps to prevent cybercrime. Data breaches have become increasingly frequent. With people increasingly using smartphones to access the internet, securing these instruments should be paramount. In the face of rising cyber threats, ensuring robust [email security](/content/email-security-services) on your devices, such as conducting security checks on **Android and iPhones**, is a vital step to safeguarding your personal and organizational data from breaches and attacks. 

We start this week’s bulletin with a recommended mandatory check that every Android or iPhone user should ensure. This week’s second news item features the precautionary steps one can take during a [data breach](https://thehackernews.com/2024/07/at-confirms-data-breach-affecting.html). Cybercriminals do not recognize any boundaries. We shall discuss the latest attack on the US Treasury Department and **President-elect Donald Trump’s response**. We round off with the latest cyberattack on Thomas Cook (India), which disrupted its online services recently. 

[![data breach](https://media.mailhop.org/duocircle/images/2025/01/spf-permerror-7751.jpg)](https://media.mailhop.org/duocircle/images/2025/01/spf-permerror-7751.jpg)

## One Mandatory Check Can Secure Your Android And iPhones

The new year has arrived, so everyone can expect a deluge of **New Year wishes and messages** in their inboxes. Since most people use their Android and iPhones to check their [emails](https://www.forbes.com/sites/daveywinder/2024/12/25/new-warning-for-25-billion-gmail-users-as-ai-attacks-incoming/), these devices have become more vulnerable to [cyberattacks](https://www.forbes.com/sites/daveywinder/2024/12/18/new-gmail-and-google-calendar-security-alert-how-to-stay-safe/). However, [one simple but effective check](https://www.forbes.com/sites/daveywinder/2024/12/31/android-and-iphone-security-warnings-run-this-1-check-right-now/?ss=cybersecurity) can secure these instruments and safeguard your data. 

1. Android smartphone users must use [Google’s account security checkup tool](https://myaccount.google.com/security-checkup/2?hl=en) for all-around Google account protection. This simple resource ensures better security, including account recovery options, **safe internet browsing**, sensitive settings, and recent security activity. _Google prompts users to conduct these checks at frequent intervals_.
2. Similarly, [iPhone](https://www.forbes.com/sites/daveywinder/2024/12/26/ios-more-exposed-to-attack-than-android-220-million-devices-analyzed/) users must run the [iPhone safety check](https://support.apple.com/en-gb/guide/personal-safety/ips2aad835e1/web), which allows a quick review, updating, and restricting information sharing with individuals and apps. This safety check offers two distinct options: an emergency reset and a management option to review sharing information. Please enable the stolen device protection facility to secure your device.

A little care can bring peace of mind and **save your hard-earned money**. Start the new year with this resolution.

## Prevention is better than cure, This 6-Step Data Breach Recovery Plan

Data breaches have become as common as pickpockets. Despite all the precautions you take, they can happen unannounced. So, one of the crucial New Year resolutions should include adopting this [6-step data breach recovery plan](https://www.forbes.com/sites/alexvakulov/2024/12/30/what-to-do-if-your-info-leaks-in-a-data-breach-a-6-step-recovery-plan/?ss=cybersecurity).

1. Use tools like [“Have I Been Pwned”](https://haveibeenpwned.com/) to check whether your data has been exposed to malicious actors. This will help you determine the extent of the [breach](https://www.ftc.gov/data-breach-resources) and ensure you act swiftly.
2. **Secure your accounts** using robust passwords. If you find them difficult to remember, use password managers like Bitwarden or 1Password. Enabling MFA makes it more challenging for cybercriminals.
3. Increase self-awareness by updating your knowledge on distinguishing legitimate data breach notifications from malicious [phishing attempts](https://www.forbes.com/sites/alexvakulov/2024/10/25/new-phishing-schemes-to-watch-out-for/). Be careful of [SIM swap](https://www.forbes.com/sites/alexvakulov/2024/09/20/8-simple-steps-to-prevent-sim-swap-fraud/) threats.
4. Use paid **identity theft protection services**. Filing a report with [IdentityTheft.gov](https://www.identitytheft.gov/) helps protect your identity.
5. Review your online presence consistently and beware of interacting with people you do not know.
6. Know the law and understand that legal and financial recourse is available. Check websites like [ClassAction.org](https://www.classaction.org/) for more information about filing lawsuits and compensation claims.

## US Treasury Department Data Breach Reported Cybersecurity Incident

_The US Treasury Department has reported a significant cybersecurity incident purportedly by international hackers. “Beyond Trust,” a cloud-based service provider, offers technical support for US Treasury Department Office end users_. It reported to lawmakers that malicious actors gained access to a key, enabling them to override their security and remotely access US Treasury Department user workstations and certain unclassified documents. Aditi Hardikar, **Assistant Secretary for Management** (US Treasury Department), has attributed the cybersecurity incident to an international state-sponsored APT actor.

She has not divulged any further details. However, the US Treasury Department engaged [CISA](https://www.cisa.gov/news-events/news/joint-statement-fbi-and-cisa-peoples-republic-china-prc-targeting-commercial-telecommunications) immediately and reported the matter to other governing bodies. Besides, they have taken the [compromised service offline](https://legacy.www.documentcloud.org/documents/25472740-letter-to-chairman-brown-and-ranking-member-scott) because they do not know whether the [threat actors](/email-security/what-threat-actor-can-do-with-your-emails-without-password/) still have access to the department’s information. Beyond Trust had [previously released patches](https://www.beyondtrust.com/remote-support-saas-service-security-investigation) for a critical-severity vulnerability in its **Privileged Remote Access** and Remote Support products.

[![Cybersecurity](https://media.mailhop.org/duocircle/images/2025/01/smtp-service-5560.jpg)](https://media.mailhop.org/duocircle/images/2025/01/smtp-service-5560.jpg)

## President-elect Donald Trump Promises To Come Hard On Cybercriminals.

Donald Trump has always been known as a hard taskmaster when it comes to ensuring **US national security**. He has taken the attack on the [US Treasury Department](https://en.wikipedia.org/wiki/United%5FStates%5FDepartment%5Fof%5Fthe%5FTreasury) workstations seriously and vows to punish the perpetrators of the attack, regardless of their nationality. Karoline Leavitt, spokeswoman of the Trump administration-in-transit, has stated that they are committed to imposing [severe costs](https://www.foxnews.com/politics/top-republican-demands-costs-china-after-hacked-treasury-dept-year-marked-ccp-espionage?msockid=0c12b88e045a6fc30ba9acb905f36e6f) on private and [state-sponsored actors](https://www.bloomberg.com/news/articles/2024-12-30/us-treasury-says-it-was-hacked-by-chinese-state-sponsored-actor) who continue to attack US infrastructure and steal data. Though Trump has not named the Chinese specific targets, Beijing has rejected the US’s claims against China without any factual basis.

_The Chinese Embassy in Washington has issued a strong statement cautioning the US to stop spreading misinformation about the Chinese and using cybersecurity to slander China_. Before this latest incursion, the **White House** had announced that a state-sponsored [Chinese hacking group](https://www.cbsnews.com/news/us-investigating-hack-major-telecom-companies-by-china/), [Salt Typhoon,](https://www.livemint.com/news/us-news/chinese-cyberattack-targets-us-treasury-hackers-access-unclassified-documents-key-things-to-know-11735609744196.html) had breached nine telecommunication firms in the US. 

## Thomas Cook (India) Falls Victim To A Cyberattack.

Thomas Cook (India), a primary [travel services provider](https://cybersecuritynews.com/thomas-cook-hit-by-cyber-attack/), has reported falling victim to a cyberattack, causing significant disruptions in its [IT operations](https://www.ibm.com/think/topics/it-operations). The company immediately shut down its affected systems and initiated a **comprehensive investigation**. Besides, they have reported this cyber incident to the Bombay Stock Exchange in their latest regulatory filing without specifying the precise timeline of the attack.

This attack has severely impacted the company’s online customer bookings and services. The website continuously displayed Error 503, which indicates temporary online service unavailability. _They have sought the services of cybersecurity experts to support the investigation process, help identify the extent of the damage, and take remedial action_. They have informed their customers that they have taken **adequate steps** to contain the breach, secure their systems, and restore normalcy as soon as possible.

## Topics

cyber securityemail securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 4m  Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News \[March 09, 2026\]  Mar 16, 2026 ](/blog/announcements/cyber-security-news-update-week-11-of-2026/)[  News 6m  Lazarus Infects NPM, MassJacker Steals Crypto, CISA Alerts Ivanti, Cybersecurity News \[March 10, 2025\]  Mar 17, 2025 ](/blog/announcements/cyber-security-news-update-week-12-of-2025/)[  News 6m  RedCurl Ransomware Targets, CS2 Steam Phishing, Fake Converter Cyberattacks , Cybersecurity News \[March 24, 2025\]  Apr 1, 2025 ](/blog/announcements/cyber-security-news-update-week-14-of-2025/)[  News 6m  Ransomware EDR Bypass, Apache Parquet Exposure, CISA Oil Threats, Cybersecurity News \[May 05, 2025\]  May 13, 2025 ](/blog/announcements/cyber-security-news-update-week-20-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024]","description":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/","datePublished":"2025-01-06T18:46:56.000Z","dateModified":"2025-04-23T13:47:01.000Z","dateCreated":"2025-01-06T18:46:56.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/"},"articleSection":"announcements","keywords":"cyber security, email security, News, Security, Updates","wordCount":987,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/01/phishing-protection-2.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30, 2024]","description":"Essential Check Secures, Prevention Beats Recovery, Treasury Cyber Breach- Cybersecurity News [December 30.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/","datePublished":"2025-01-06T18:46:56.000Z","dateModified":"2025-04-23T13:47:01.000Z","dateCreated":"2025-01-06T18:46:56.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-2-of-2025/"},"articleSection":"announcements","keywords":"cyber security, email security, News, Security, Updates","wordCount":987,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2025/01/phishing-protection-2.jpg","caption":"cybersecurity news","width":900,"height":506},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```