Latest Cyber Security News 2023
September 18, 2023, 11 min read
Welcome to our weekly cyber security news roundup, where we bring you the latest developments and insights from the growing world of digital security. In an era dominated by technological advancements, staying informed about the constantly emerging threats and innovative defense strategies is paramount. Whether you’re an individual safeguarding personal data or a professional defending sensitive information, our weekly curated cyber security news keeps you updated. Join us to navigate threats, breaches, trends, and solutions, staying ahead in online security.
18.09.2023 – Cyber Security News
MGM Resorts (MGM) stock dropped due to a cybersecurity attack reported to the SEC. Moody’s warned of potential credit rating impact, as MGM relies heavily on technology. Company systems have been disrupted since Sunday, affecting email, bookings, and reservations. MGM is investigating with cybersecurity experts and law enforcement, while the FBI is also involved. MGM shares have fallen for three consecutive sessions, reaching their lowest point since June.
Industry consensus favors government-backed digital ID, seen as a way to enhance cybersecurity. NAB supports strong digital ID for secure verification without collecting excessive personal data. ANZ Banking Group agrees and suggests it would reduce the need for storing identity documents. The Australian Banking Association sees digital ID as crucial for cyber resilience. Deloitte highlights the need to move beyond knowledge-based authentication due to data breaches. EY emphasizes building public trust through security mechanisms and independent governance. AWS and Optus advocate for multi-factor authentication in a national solution, considering it a crucial protection against cyber threats.
A cyberattack on a Stockport company, which produces ID cards, has exposed personal details of police officers, including some from Greater Manchester Police (GMP). The breach poses a risk of publicizing thousands of officers’ names, raising concerns about undercover identities. GMP is aware of the ransomware attack and is working to address the issue, reassuring that financial information isn’t compromised. The Information Commissioner’s Office has been contacted, and a nationwide criminal investigation, led by the National Crime Agency, is underway.
African businesses face a rising wave of cyber threats, including ransomware, spyware, backdoors, and data breaches. A recent case involved Anonymous Sudan launching DDOS attacks on Kenyan and Nigerian organizations. Originating in Sudan, Anonymous Sudan employed digital activism to draw attention to political and economic issues, targeting governments and high-profile websites. These attacks have caused significant disruptions and damage, impacting services, revenue, productivity, costs, and reputation. To counter such threats, African businesses must adopt strategic measures for mitigation and damage control.
Researchers have discovered a new GitHub vulnerability that exposes a race condition in repository creation and username renaming processes. This vulnerability enables Repojacking attacks, potentially hijacking more than 4,000 code packages in languages like Go, PHP, and Swift, along with GitHub operations. Checkmarx has noted that this marks the fourth time a novel method has been found to potentially bypass GitHub’s “Popular repository namespace retirement” mechanism. Fortunately, the issue has been resolved and reported to GitHub.
11.09.2023 – Cyber Security News
A new report from UK cyber security consultancy Savanti highlights a growing problem: an increasing number of UK businesses struggle to combat cybercrime effectively, putting them at risk of costly cyberattacks. Global cyberattacks surged 38% in 2022 compared to the previous year, with 2.4 million cybercrime instances reported in the UK over the past year. These attacks can lead to massive financial losses, including multi-million-pound ransoms, litigation, and reputational damage. Despite the rising concern about cyber security among boards, many directors (59%) admit that their boards struggle to understand cyber risks. However, the report points out that large enterprises with cyber-engaged executive teams enjoy higher revenue growth and other benefits, such as improved client acquisition and investor confidence.
In recent times, there has been an increase in attacks using unofficial Telegram modifications. These attacks frequently involve substituting cryptocurrency wallet addresses in users’ messages or engaging in advertising fraud. However, the focus of this article is on a distinct category of spyware applications. These apps are specifically designed to target users in China and have the ability to steal the user’s entire chat history, personal information, and contact list. Remarkably, despite their malicious intent, these apps have code that closely resembles the original Telegram code, making it easier for them to bypass security checks on platforms like Google Play.
The much-anticipated Middle East and North Africa Information Security Conference 2023 on September 12-13 at Hilton Riyadh will explore AI-driven cybersecurity. This event draws professionals, innovators, and enthusiasts keen on the latest developments. Notable keynote speakers, including Karim Hejazi (Vigilocity founder), Ayman Al-Fadhel (Salam Telecommunications’ cybersecurity head), and Anton Ivanov (Kaspersky’s CTO), will offer valuable insights. It’s a must-attend for those in cybersecurity.
Large Language Models (LLMs) have made significant strides in emulating human text generation and offer promise in diverse applications, including planning and cybersecurity. The integration of decision-making capabilities with LLMs presents intriguing possibilities. Transformers, introduced in 2017, revolutionized the field of Natural Language Processing (NLP) with their self-attention mechanism, enabling parallel sequence processing and capturing word importance while preserving order. Though early LLMs faced challenges in reasoning, innovative approaches like Chain of Thought have improved their performance in logical tasks. Moreover, LLMs contribute to enhanced cybersecurity by analyzing text for social engineering attack detection, such as phishing, baiting, and tailgating, through the identification of unusual communication patterns that may signify potential threats.
In Singapore, a growing number of people (43% in 2022, up from 32% in 2020) fear falling victim to online scams. Despite this increased awareness, many individuals are not implementing essential cybersecurity measures. Data from the Cyber Security Agency (CSA) of Singapore reveals that while eight out of 10 Singaporeans have utility apps like banking and commerce on their phones, only half have cybersecurity apps. Additionally, only 35% enable two-factor authentication (2FA) for messaging accounts, emails, and social media. Most IoT device users are also unsure about securing their devices, with less than one in five knowing the necessary steps. However, there has been some improvement in cybersecurity practices compared to 2020, though it still lags behind the growing concern about cyber threats and scams.
A recent phishing campaign exploits Microsoft Teams messages to deliver the DarkGate Loader malware. It began in August 2023 with phishing messages from compromised Office 365 accounts. These messages contained a deceptive ZIP file named “Changes to the vacation schedule,” which, when opened, triggered the download of malicious content from a SharePoint URL. Researchers at Truesec found that this campaign includes malicious VBScript leading to the DarkGate Loader infection. To evade detection, it uses Windows cURL to fetch the malware files. The script arrived pre-compiled and concealed its malicious code within the file, starting with identifiable “magic bytes” used in AutoIT scripts.
Apple issued urgent security updates for iPhone, Mac, and Apple Watch devices to address vulnerabilities exploited by Pegasus spyware. The Citizen Lab at the University of Toronto had recently discovered an exploit on a Washington-based civil society group employee’s phone. Apple’s accelerated response reflects its increased commitment to patching and threat detection. The Citizen Lab has been actively tracking Pegasus infections and collaborating more closely with Apple in recent years, pressuring NSO Group to develop new techniques as a result.
Trustwave has released a detailed report highlighting cybersecurity challenges unique to the hospitality sector. Titled “2023 Hospitality Sector Threat Landscape,” Trustwave’s research explores specific threats facing the industry, providing practical defenses. Trustwave SpiderLabs documents threat groups’ tactics, including brute force attacks, exploiting vulnerabilities, and targeting open ports, posing significant risks. Despite a lower average breach cost than other industries ($3.4 million vs. $4.4 million), nearly 31% of hospitality organizations have reported data breaches, harming their reputation and competitiveness.
04.09.2023 – Cyber Security News
Identity services provider Okta has warned about social engineering attacks that have targeted IT service desk personnel in the U.S. Threat actors have sought to convince these personnel to reset multi-factor authentication (MFA) factors for highly privileged users. The attackers impersonated users within the compromised organizations after gaining access to the Okta Super Administrator accounts. The campaign took place between July 29 and August 19, 2023. Okta has not disclosed the identity of the threat actor but noted that the attacks used a commercial phishing kit called 0ktapus, which includes pre-made templates for creating fake authentication portals and harvesting credentials and MFA codes. It also features a built-in command-and-control channel via Telegram. Okta recommends various countermeasures to its customers to mitigate the risks associated with these attacks.
SANS Institute is boosting cyber resilience in Qatar with SANS Doha September 2023. This event, from September 16-21, will equip participants with essential skills for addressing security challenges and opportunities in cloud ecosystems and Industrial Control Systems (ICS) networks. Qatar aims to strengthen its cybersecurity workforce as part of National Vision 2030. SANS Doha offers practical courses led by experts, focusing on cloud security and ICS cybersecurity. The program includes a community night session; participants can choose virtual or in-person attendance. This initiative supports Qatar’s commitment to cybersecurity amid increasing digitalization.
For the second time, Orange Jordan will sponsor the AIDTSEC 2023 conference, a leading artificial intelligence event in defense technology and cybersecurity. The conference will be held on September 4–5 at the King Hussein Bin Talal Convention Center in the Dead Sea. This partnership underscores Orange Jordan’s commitment to technological advancement and global topics such as cybersecurity and artificial intelligence. SOFEX Jordan, the organizer, values the long-standing partnership with Orange Jordan and looks forward to continued success.
Malwarebytes, a cybersecurity firm in the US, has initiated a new round of layoffs, affecting 100-110 employees. The company plans to split its business, focusing on consumer tools like identity protection and VPN in one segment and enterprise-facing software such as managed and endpoint detection in the other. SecureWorks, another cybersecurity company, is also laying off 15% of its workforce, leading to approximately $14.2 million in expenses. These layoffs follow the recent departures of key executives at SecureWorks and come almost a year after Malwarebytes cut 14% of its global workforce.
A leading English secondary school, Church of England Debenham High School, has temporarily shut down its IT systems due to a cyber-attack just before the start of the new academic year. The school assured parents that no personal information had been compromised. Cybersecurity experts emphasize the importance of incident response plans, preventive measures, password security, and phishing awareness in educational institutions. The education sector has been a frequent target for cyberattacks in 2023, often due to inadequate IT infrastructure and outdated cybersecurity tools. Recent research also highlights a lack of email security measures in top-performing UK academic institutions.
Clothing retailer Forever 21 has reported a data breach affecting over half a million individuals, specifically current and former employees. The breach occurred over three months, starting in early January 2023, during which unauthorized individuals accessed the company’s files. This incident only affects employees, not customers.
28.08.2023 – Cyber Security News
Colorado’s Attorney General, Phil Weiser, is directing $500,000 from an Equifax settlement towards expanding Metropolitan State University Denver’s cybersecurity program. This funding responds to the increasing threat of cybercrime and aims to cultivate a robust defense against such attacks. The university’s cybersecurity center, where students like Monica Ball develop their passion for the field, plays a crucial role. The grant also supports Project Pisces, a nonprofit providing free cybersecurity to small public organizations in Colorado. This initiative, essential for protecting both residents and infrastructure, aligns with the state’s commitment to a secure digital future.
Canada’s national intelligence agency, the Communications Security Establishment (CSE), has warned that organized cybercrime from havens like Russia and Iran could threaten Canada’s national security and economy in the next two years. Ransomware attacks, particularly on critical infrastructure, are highlighted for their profitability and disruptive potential. The CSE emphasizes that ransomware is a pervasive threat that severely impacts organizational functionality. Chris Lynam, director general of Canada’s National Cybercrime Coordination Centre, urges all sectors to prioritize cybersecurity.
Polish intelligence is probing a cyberattack on the nation’s railways, where hackers disrupted traffic in the north-west by infiltrating railway frequencies. The attack, marked by Russia’s national anthem and a speech by President Vladimir Putin, occurred near the city of Szczecin. Although about 20 trains were temporarily halted, services were quickly restored. Polish officials, including Stanislaw Zaryn, have suggested possible involvement from Russia and Belarus, citing ongoing attempts to destabilize Poland. As cyber concerns escalate amidst the Ukraine conflict, experts speculate Russia’s motives may include testing hacking tools.
Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC), responsible for defending against cyberattacks, has suffered a significant breach lasting up to nine months, with Chinese state-backed hackers believed to be behind the infiltration. The attack, discovered in June but ongoing since autumn, has raised concerns due to the sensitivity of the compromised data. The incident coincides with Japan’s efforts to strengthen military cooperation with the US and allies, potentially sharing confidential data. US and UK cybersecurity experts have doubts about Japan’s data handling capabilities. China denies involvement, suggesting the US may be responsible.
According to Cloudflare research, most Australian organizations conceal cyber attacks, despite 76% experiencing attacks in the past year, with only 27% reporting them to authorities. The Australian Information Commissioner requires disclosure of eligible data breaches, but compliance is lacking. Around 37% of organizations faced over ten security breaches in the last year, with only 43% feeling well-prepared to counter an attack. Concealing breaches arise from worries about reputation harm, internal consequences, insurance alterations, financial impacts surpassing $1.5 million, and fines of up to $50 million or 30% of turnover.
The language learning platform Duolingo is being scrutinized after a hacker’s forum post offered access to 2.6 million customer accounts for $1,500. The post included sensitive customer data such as emails, phone numbers, courses taken, and usage-related information. Duolingo claims that the data was obtained through data scraping of public profile information, denying a data breach or hack. The company is actively investigating the situation to determine if further actions are needed to protect users. The incident highlights the widespread issue of web scraping and data exposure faced by tech companies globally.