"Fake ransomware gang targets U.S. orgs with empty data leak threats."

Views expressed in this cybersecurity, cybercrime update are those of the reportes and correspondents.  Accessed on 02 April 2023, 1340 UTC.  Content supplied by ""

Source: (Latest cybersecurity, cybercrime news from "").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts

Fake ransomware gang targets U.S. orgs with empty data leak threats

  • Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid.

  • Dish Network

DISH slapped with multiple lawsuits after ransomware cyber attack

  • Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "network outage." The legal actions aim to recover losses faced by DISH investors who were adversely affected by what has been dubbed a "securities fraud." 

  • Twitter

Twitter open-sources recommendation algorithm code

  • Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline.

  • Hacker smiley

15 million public-facing services vulnerable to CISA KEV flaws

  • Over 15 million publicly facing services are susceptible to at least one of the 896 vulnerabilities listed in CISA's KEV (known exploitable vulnerabilities) catalog.

  • WordPress

Hackers exploit bug in Elementor Pro WordPress plugin with 11M installs

  • Hackers are actively exploiting a high-severity vulnerability in the popular Elementor Pro WordPress plugin used by over eleven million websites.

  • Windows

10-year-old Windows bug with 'opt-in' fix exploited in 3CX attack

  • A 10-year-old Windows vulnerability is still being exploited in attacks to make it appear that executables are legitimately signed, with the fix from Microsoft still "opt-in" after all these years. Even worse, the fix is removed after upgrading to Windows 11.

  • Consumer lender TMX discloses data breach impacting 4.8 million people

Consumer lender TMX discloses data breach impacting 4.8 million people

  • TMX Finance and its subsidiaries TitleMax, TitleBucks, and InstaLoan have collectively disclosed a data breach that exposed the personal data of 4,822,580 customers.

  • Hacker

Winter Vivern hackers exploit Zimbra flaw to steal NATO emails

  • A Russian hacking group tracked as TA473, aka 'Winter Vivern,' has been actively exploiting vulnerabilities in unpatched Zimbra endpoints since February 2023 to steal the emails of NATO officials, governments, military personnel, and diplomats.

  • Microsoft OneNote

Microsoft OneNote will block 120 dangerous file extensions

  • Microsoft has shared more information on what types of malicious embedded files OneNote will soon block to defend users against ongoing phishing attacks pushing malware.

  • Arrested handcuffs

Ukrainian cyberpolice busts fraud gang that stole $4.3 million

  • Ukraine's cyberpolice has arrested members of a fraud gang that stole roughly $4,300,000 from over a thousand victims across the EU.

  • CISA

CISA orders agencies to patch bugs exploited to drop spyware

  • The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies today to patch a set of security vulnerabilities exploited as zero-days in recent attacks to install commercial spyware on mobile devices.

  • Robot Hacker

Realtek and Cacti flaws now actively exploited by malware botnets

  • Multiple malware botnets actively target Cacti and Realtek vulnerabilities in campaigns detected between January and March 2023, spreading ShellBot and Moobot malware.

  • Windows 11 HDR

Microsoft testing adaptive brightness on more Windows 11 devices

  • Microsoft says the new Windows 11 preview build rolling out today will allow Insiders to test the company's adaptive brightness feature on more systems.

  • Bing Chat

Bing search results hijacked via misconfigured Microsoft app

  • A misconfigured Microsoft application allowed anyone to log in and modify search results in real-time, as well as inject XSS attacks to potentially breach the accounts of Office 365 users.

  • purplefox

New AlienFox toolkit steals credentials for 18 cloud services

  • A new modular toolkit called 'AlienFox' allows threat actors to scan for misconfigured servers to steal authentication secrets and credentials for cloud-based email services.



Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.