Check out the latest cybersecurity news worldwide to keep yourself safe with our latest Weekly Cybersecurity Bulletin!
Spanish Authorities Dismantle Crime Ring Connected to Phishing Operation
Spain’s National Police arrested two threat actors and 15 members of a cybercriminal organization, and 23 individuals involved in illegal financial operations and bank scams.
The threat actors were engaged in an email and SMS-based phishing campaign and scammed nearly 300,000 individuals making away with €700,000 ($768,000).
The police investigated the campaign and all illegal activities of those arrested and found out that the members of the Trinitarios organization employed stolen credit cards to purchase crypto, which was exchanged with fiat currencies and sent to a standard box. These credit cards were stolen from the SMS phishing campaign victims via fake bank portal phishing pages.
Threat actors and organized cybercriminal gangs are moving to cybercrimes and phishing for new revenue streams, and individuals should stay on their guard, keeping away from phishing or suspicious emails.
Sysco, a Major Food Distributor, Issues Data Breach Warning Following Cyberattack
One of the leading food distribution organizations worldwide, Sysco, confirmed that it was the victim of a network breach with the threat actors making away with sensitive business, customer, and employee data.
Sysco sent data breach notification letters to some affected individuals outlining that Sysco identified the breach on 5 March 2023, but the threat actor gained access to its systems without authorization on 14 January 2023, meaning they had a ton of time to steal precious information.
The details of the breach were also shared in a 10-Q quarterly report filed to the US SEC (Securities and Exchange Commission), and the investigation into the cybersecurity incident is ongoing. The details of what data was stolen have not been revealed, but Sysco says that data stolen relates to business operations, customers, and employees.
The incident has not impacted any of Sysco’s business operations or services while Sysco investigates the breach.
Attackers Exploit Netfilter Vulnerability in Linux Kernel, Gaining Root Privileges
A new flaw was discovered in the Linux NetFilter kernel that allows unprivileged local users to escalate privileges to the root level, gaining access and control over a system.
Identified as CVE-2023-32233, the vulnerability has not received a security level but stems from the Netfilter nf_tables. These tables can accept invalid updates to configuration, allowing specific scenarios where invalid batch requests can corrupt the internal state of the subsystem.
The vulnerability was discovered by security researchers Patryk Sondej and Piotr Krysiuk, who shared it with the Linux kernel team, who are now collaborating to release a fix.
The exploit details will be published on 14 May 2023 to keep systems safe until a patch is released.
Five Eyes Neutralizes Russian Snake Malware Responsible for Data Theft Using Self-Destruct Command
The Five Eyes member nations took down the Snake gang’s cyber-espionage infrastructure operated by the Russian FSB (Federal Security Service).
The Snake malware was developed as “Uroburos” in 2003, and Russian state hackers used it in 2004 and beyond. The Justice Department and its international partner disrupted the global network of malware-infected systems that the Russian government has been using for the last two decades.
Five Eyes issued a joint advisory on how the malware was disabled via a self-destruct command and how organizations and individuals can detect and remove the Snake malware.
Affecting over 50 countries to gather intelligence and steal information, the Snake malware will terrorize organizations and individuals no more.
Beware of QR Codes Used in Fraudulent Parking Tickets and Surveys to Steal Your Money
With the rise in the usage of QR codes, threat actors are also using the technology for malicious purposes.
A Singapore-based woman lost $20,000 after she used a QR code at a bubble tea shop, and multiple individuals are becoming victims of fake car parking citations with malicious QR codes in the UK and the US.
The 60-year-old woman scanned a QR code outside a tea shop, with which individuals could get a free cup of milk tea. However, she was scammed as the bogus survey application she downloaded using the QR code stole $20,000 from her bank account the same night.
Image sourced from digitalinformationworld.com
Individuals should watch for the QR codes they scan and the applications they download, as they may become victims of such scams.
Advanced Cactus Ransomware Employs Self-Encryption to Evade Antivirus Detection
A new ransomware, the Cactus ransomware, was discovered that exploits VPN appliances to access networks of commercial organizations.
The Cactus ransomware has been active since March 2023 and looks for big payouts as the threat actor behind it is new and focuses on file encryption and data theft. However, researchers at Kroll corporate analyzed the latest ransomware and highlighted that Cactus sets itself apart from other operations as it uses encryption to protect the ransomware binary.
The malware removes the original ZIP, and the binary is deployed with a flag, allowing it to execute to prevent the detection of the encryptor.
Although the extensive details of the Cactus ransomware are unavailable, it’s important for both individuals and organizations to remain alert and implement effective phishing protection measures.