Cyber Blast: 2023.12.22!

December 23, 2023
1 min read

🚨 Cyber Alerts

  • Microsoft reports that the Iranian APT33 cyber-espionage group is using the newly discovered FalseFont backdoor malware to target individuals in the Defense Industrial Base sector worldwide.
  • UAC-0099, a threat actor linked to attacks against Ukraine, exploits a WinRAR flaw to deliver the LONEPAGE malware.
  • A malicious plugin injected into a WordPress/WooCommerce website creates a fake administrator user and injects a credit card skimming JavaScript into the website’s checkout page.
  • OpenAI has deployed a partial fix for a data leak flaw in ChatGPT discovered by a researcher. The flaw involves a technique to exfiltrate data from ChatGPT, potentially leaking conversation details to an external URL.
  • ESET has fixed a high-severity vulnerability in its Secure Traffic Scanning Feature that could have allowed attackers to make web browsers trust sites using certificates signed with outdated and insecure algorithms.

💥 Cyber Incidents

  • Ukrainian hacker group Blackjack allegedly targeted Russian water utility Rosvodokanal in a cyberattack, erasing over 50 terabytes of data.
  • First American Financial Corporation has fallen victim to a cyberattack, prompting the temporary shutdown of certain systems to contain the impact.
  • Australia’s largest not-for-profit health and aged care provider, St Vincent’s, has confirmed a cyberattack that resulted in the theft of some data.
  • The darkweb marketplace, BidenCash, known for trading stolen credit cards, has unleashed 1.9 million credit cards for free as a promotional strategy to lure cybercriminals.
  • A hospital near Kansas City, Missouri, faced significant disruptions after a cyberattack limited its computer systems.

📢 Cyber News

  • The FTC has unveiled proposed changes to the Children’s Online Privacy Protection Rule, introducing new measures to safeguard children’s personal information and limit companies’ ability to monetize such data.
  • The National Institute for Standards and Technology has highlighted the escalating privacy and security risks associated with the widespread use of genomic data.
  • Cisco plans to acquire Isovalent, an open-source cloud-native networking and security company, to enhance its secure networking capabilities and services.
  • Microsoft has announced the deprecation of Defender Application Guard for Edge for Business users.
  • Predator Spyware’s analysis reveals a reboot-persistent feature offered based on licensing options, allowing it to survive on infected Android systems.

Latest from Blog

MediSecure hacked with massive ransomware data breach

Summary of ‘MediSecure hit by large-scale ransomware data breach’ TLDR: MediSecure, an Australian prescriptions provider, was hit by a large-scale ransomware attack. The incident is believed to have originated from one of

Equalizing cybersecurity for all

TLDR: A discussion on how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection, and response solutions. Blumira is working to lower the barrier to entry in cybersecurity for

Big cyber-attacks cost less now

Summary of Unexpectedly, the cost of big cyber-attacks is falling TLDR: Cybercrime costs are expected to rise to $23 trillion by 2027, according to Anne Neuberger Data shows that the economic impact