Cybersecurity Updates For The Week 2 of 2023

Cybersecurity Updates For The Week 2 of 2023

The phishing threat landscape is constantly evolving, with threat actors likely to continue their actions in 2023. Here are this week’s headlines to inform you of the latest tactics being adopted by threat actors to dupe individuals and organizations alike.


Hackers Hold Database of Romanian Hospital for Ransom

Botoşani (northeastern Romania) based Saint Gheorghe Recovery Hospital became the latest target of a ransomware attack, impacting its medical activity. Cybercriminals demanded 3 Bitcoin to decrypt the servers’ data.

The attack resembles the one that occurred in 2019 summer when four Romanian hospitals became the target. The attackers accessed a remote connection used by one of the maintenance companies to break into the network. They entered the network and encrypted the December database. Afterward, they left a message in English, asking the hospital authorities for a 3 Bitcoin ransom.

The recent attack was complex, and computer scientists from DIICOT and BitDefender (a Romanian antivirus company) could not decrypt the files.

The manager of the Recovery Hospital, doctor Cătălin Dascălescu said, “We have notified DIICOT and the National Directorate of Cyber Security. An investigation is underway, and we are waiting for its findings. I cannot offer further details at the moment. We hope we will have medical activity at normal capacity from Monday.”


US Burger Chain Five Guys Notify A Data Breach

Five Guys, a US burger chain, recently disclosed a data breach targeting job applicants, and the company can face a lawsuit for the cybersecurity incident. Five Guys started informing customers on December 29 and notified state authorities about the incident.

It is common for businesses to disclose cybersecurity incidents near significant holidays to avoid media coverage. However, a law firm specializing in cybersecurity incidents, Turke & Strauss, noticed Five Guys’ data breach notification.


Burger Chain Data Breach


The law firm urged the impacted individuals to get in touch with them and discuss potential legal recourse against the fast food chain. It also revealed that the sensitive information includes customers’ names, driver’s licenses, and Social Security numbers.

It’s unclear if the data breach was part of a ransomware attack or if an attacker stumbled upon the unprotected cloud storage. Affected individuals were offered free identity protection and credit monitoring services.


SpyNote Strikes Again: Financial Institutions Become the Android Spyware’s Target

Financial institutions became the latest targets of an Android malware’s new version called SpyNote in October 2022. It combines both banking trojan and spyware characteristics. “The reason behind an increase in the number of SpyNote attacks is that the developer, previously selling it to other actors, made its source code public,” according to ThreatFabric. “It helped other cybercriminals develop and distribute the malware and target banking institutions.”

Some notable institutions impersonated by the malware include Kotak Mahindra Bank, Deutsche Bank, HSBC UK, and Nubank. SpyNote or SpyMax is feature-rich spyware with various capabilities like installing malicious apps, gathering calls, videos, SMS messages, and audio recordings, tracking GPS locations, and hindering efforts to uninstall the app. It also masquerades as an official Google Play Store service and other applications in productivity, wallpapers, and gaming categories. Following is a list of a few SpyNote artifacts, mainly delivered through smishing attacks:

  •   Bank of America Confirmation (yps.eton.application)
  •   BurlaNubank (com.appser.verapp)
  •   Conversations_ (com.appser.verapp )
  •   Current activity (com.willme.topactivity)
  •   Deutsche Bank Mobile (com.reporting.efficiency)
  •   HSBC UK Mobile Banking (com.employ.mb)
  •   Kotak Bank (
  •   Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq)


Massive Leaked Archive Containing 235 million Twitter Users’ Information Available Online.

A data leak with email addresses of 235 million Twitter users was recently published on a popular hacker forum. Experts immediately analyzed it, confirming the authenticity of the entries in the massive leaked archive. In July end, a cybercriminal leaked 5.4 million Twitter users’ data, obtained by exploiting Twitter’s now-fixed vulnerability.


Twitter vulnerability


In January, a report claimed the discovery of a vulnerability hackers could exploit to find a Twitter account through their associated phone number/email.

Multiple threat actors exploited the vulnerability to scrape Twitter user profiles with private (email addresses and phone numbers) and public data. Then, they offered the scraped data on various online cybercrime marketplaces. In August, Twitter said that they patched the zero-day flaw discovered by researcher zhirinovskiy through the bug bounty platform HackerOne, which paid him a $5,040 bounty.


Ransomware Attack Shuts Down Massachusetts School District

Superintendent John Robidoux said that Swansea Public Schools canceled classes recently due to a ransomware attack shutting down the district’s network. According to the superintendent, no student or staff’s personally identifiable information was compromised in the attack.

Robidoux issued a news release saying that Hub Technology, the district’s cybersecurity company, shut down the network and isolated the cyberattack within minutes of the attack.

Robidoux said, “After a preliminary investigation, we determined that no personal staff or student information got compromised, and no cloud-based information or files got affected by the attack.”

“We believe this attack occurred because of an encrypted download run by someone within the district, but it is not malicious.” Robidoux added, “I am thankful our district enforces robust security measures around our network that prevented a bigger issue from occurring.”


Critical Flaws Discovered In Ferrari, Porsche, Mercedes, BMW, And Other Carmakers

BMW, Mercedes, Toyota, Ford, and other famous carmakers utilize vulnerable APIs that can allow attackers to perform malicious activities. Cybersecurity researcher Sam Curry discovered numerous vulnerabilities in the vehicles manufactured by various carmakers and the services offered by vehicle solutions providers.


Critical Flaws on cars


Cybercriminals can exploit the vulnerabilities to perform various malicious activities, like unlocking cars and tracking them. The flaws discovered by the experts impacted popular brands, including Rolls Royce, Ferrari, Ford, Porsche, Kia, Honda, Infiniti, Mercedes-Benz, Genesis, BMW, Nissan, Acura, Toyota, Jaguar, and Land Rover. Furthermore, the research team discovered vulnerabilities in the services offered by Reviver, SiriusXM, and Spireon.

Exploiting these flaws gave the researchers access to various Mercedes mission-critical internal applications through improperly configured SSO. A cybercriminal could have exploited them for remote code execution on multiple systems. Furthermore, the flaws allowed threat actors to access the content of the systems’ memory, leading to the exposure of Mercedes’ customer and employee PII.

For BMW and Rolls Royce, experts found SSO vulnerabilities allowing them to access any employee application. The experts entered VINs, gained access to internal dealer portals, and retrieved sales documents.


Toyota Discloses a Data Breach That Exposed Customers’ Personal Information

Toyota Motor Corporation recently revealed a data breach that compromised its customers’ personal information through an access key available to the public on GitHub for close to five years. Toyota India reported the data breach at Toyota Kirloskar Motor (a joint venture between Toyota and Indian giant Kirloskar Group) to the appropriate Indian authorities.

Toyota Accidentally published a portion of the T-connect site source code on GitHub.


source code Data Breach


The carmaker recently discovered that it accidentally published the source code for its T-Connect website on GitHub. The report said that the incident might have compromised around 296,000 customer records.

The company designed the T-Connect app, giving car owners access to their vehicle’s infotainment system and allowing them to monitor who has access to it.

The source code also included the data server access key with client data like email addresses and management numbers. The motor giant said that a developer subcontractor exposed the source code.

A notice by the company says, “In December 2017, a “T-Connect” website development subcontractor unintentionally uploaded a portion of the source code on GitHub, exposing it to the public, violating the handling rules.” According to Toyota, “The website development subcontractor’s inappropriate handling of the source code caused the incident. We will proceed accordingly.”


Singapore-Based Crypto Firm Targeted by a Hack, Users Lose More Than $10 Million

A cybercriminal manipulated files of a Singapore-based crypto wallet provider, enabling victims to download the wallets on their phones and stealing over US$8 million (S$10 million). Many users reported that their funds got stolen from their BitKeep wallets, although it is unclear how many Singaporean users got affected.

According to PeckShield, a blockchain security and data analytics firm, the cryptocurrencies stolen included Binance’s BNB Coin, Ether, and stablecoins Tether and Dai.


protection from phishing


A BitKeep spokesman, responding to queries from The Straits Times, said it adopted phishing protection techniques to safeguard its users from further losses, including freezing some of the stolen funds and tracing the addresses used in the hack. He further added that they lodged a police report at the end of December, and the police set up a task force in collaboration with cybersecurity experts.

Cybersecurity Updates For The Week 50 of 2022

Cybersecurity Updates For The Week 45 of 2022

You may hardly find an industry today that is not impacted by phishing attacks. Threat actors don’t spare anyone, be it a typical internet user or an organization with thousands of employees. This is why it is crucial to keep yourself updated about how these attacks happen to ensure you or your organization does not end up being a victim of such cyber threats. Here are threat week headlines that cover how threat actors exploit vulnerabilities and target your information assets.


Cybersecurity Updates For The Week 51 of 2022

Cybersecurity Updates For The Week 44 of 2022

Threat actors continue to target organizations worldwide to get access to their information assets. It may be challenging to anticipate a phishing attack, but one can surely learn from the attacks that have taken place to understand how these malicious actors operate and adopt anti-phishing measures accordingly. To that end, here are the phishing and breach-related updates for the week.


Cybersecurity Updates For The Week 43 of 2022

Cybersecurity Updates For The Week 43 of 2022

Traditional cybersecurity measures cannot protect organizations against today’s phishing attacks as they are getting increasingly sophisticated. Thus, enterprises must take a layered approach to prevent cyber-attacks and lessen their impact when they occur. Additionally, they can learn from the latest trends in the cyber threat landscape. Here are this week’s phishing and data breach-related headlines.


Weekly Cyber News Updates – week 39 of 2022

Weekly Cyber News Updates – week 39 of 2022

Not a day goes by when one does not read a headline about an organization suffering a data breach, putting the business, customers, and partners at risk. To keep your business out of the news, you must stay updated about the latest data breaches. Here is a summary of the latest phishing and breach-related news this week.


Cybersecurity Updates For The Week 50 of 2022

Weekly Cyber News Updates – week 38 of 2022

Governments, Businesses, and individuals can experience huge complications if they suffer a data breach. A small vulnerability can expose sensitive information if they don’t pay attention to detail. Following is a summary of the latest breach-related news of this week.


Cybersecurity Updates For The Week 2 of 2023

Weekly Cyber News Updates – week 37 of 2022

The potential for a data breach is a key emerging threat that organizations must carefully consider when they plan a post-pandemic operating environment. Staying updated about the latest phishing-related news is their first step towards ensuring a cyber-safe environment. Here are the latest data breach and phishing-related updates of this week.


Weekly Cyber News Updates – week 36 of 2022

Weekly Cyber News Updates – week 36 of 2022

Today, our personal lives, work lives, and finances are gravitating towards the world of electronic media, mobile computing, and the internet. However, the widespread phenomenon poses a greater risk of fraud, malicious attacks, and privacy invasions. Hence staying abreast of the latest phishing and breach-related news is the first step toward ensuring a strong cybersecurity posture. Here are this week’s updates.


Cybersecurity Updates For The Week 51 of 2022

Cybersecurity Updates For The Week 35 of 2022

The interplay between victim and attacker is like a cat-and-mouse game in which both perpetually learn and adapt, leveraging knowledge and creativity of the other’s motives to develop new effective defensive postures and offensive tactics. Individuals and organizations can create a dynamic, intelligence-driven approach to cybersecurity by following the latest trends in the threat landscape. Here are this week’s phishing and data breach updates.


Cybersecurity Updates For The Week 41 of 2022

Cybersecurity Updates For The Week 34 of 2022

Staying updated on cybersecurity news means not just knowing about the latest data breaches. It also requires understanding the steps organizations take to minimize the effects of a data breach. Furthermore, it helps security managers and CISOs ensure their teams are aware and well-informed of emerging threats. Following are the latest trends in the cybersecurity threat landscape covering phishing, data breaches and other cyber threats.