News – March 2023


  • Millions of Australians Caught Up in Cyber Attacks

    March 29, 2023

    One of Australia’s biggest property companies said Wednesday it had been hit by cybercriminals who may have stolen data about staff and guests. Staff members at Meriton, a large Australian property business, were warned Wednesday that cybercriminals may have accessed details of their bank accounts and details of their salaries, disciplinary history and performance appraisals. Read more… Source: ...

  • WiFi protocol flaw allows attackers to hijack network traffic

    March 28, 2023

    Cybersecurity researchers have discovered a fundamental security flaw in the design of the IEEE 802.11 WiFi protocol standard, allowing attackers to trick access points into leaking network frames in plaintext form. WiFi frames are data containers consisting of a header, data payload, and trailer, which include information such as the source and destination MAC address, control, ...

  • Copy-paste heist or clipboard-injector attacks on cryptousers

    March 28, 2023

    It is often the case that something new is just a reincarnation of something old. Kaspersky reasearchers have come across a series of clipboard injection attacks on cryptocurrency users, which emerged starting from September 2022. Although they have written about a similar malware attack in 2017 in one of our blogposts, the technique is still ...

  • To pay or not to pay – that’s the question as ransomware attacks rise

    March 28, 2023

    There is rarely a day that goes by when there isn’t a major local, national or international story about a well know organisation being hit by a cyber attack that has huge potential to disrupt the business and damage their brand. In the past few weeks alone we’ve seen Eurovision fans in a panic after Booking.com ...

  • APT43: North Korean Group Uses Cybercrime to Fund Espionage Operations

    March 28, 2023

    Mandiant researchers released a report on APT43, a prolific threat actor operating on behalf of the North Korean regime that they have observed engaging in cybercrime as a way to fund their espionage operations. According to Mandiant they track tons of activity throughout the year, but don’t always have enough evidence to attribute it to a ...

  • Crown Resorts confirms ransom demand after GoAnywhere breach

    March 28, 2023

    Crown Resorts, Australia’s largest gambling and entertainment company, has confirmed that it suffered a data breach after its GoAnywhere secure file-sharing server was breached using a zero-day vulnerability. The Blackstone-owned company has an annual revenue that surpasses $8 billion and operates complexes in Melbourne, Perth, Sydney, Macau, and London. Read more… Source: Bleeping Computer  

  • Apple Releases Security Updates for Multiple Products

    March 28, 2023

    Apple has released security updates to address vulnerabilities in multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected device. CISA encourages users and administrators to review the following advisories and apply the necessary updates. Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency  

  • The criminal use of ChatGPT – a cautionary tale about large language models

    March 27, 2023

    Their insights are compiled in Europol’s first Tech Watch Flash report published today. Entitled ‘ChatGPT – the impact of Large Language Models on Law Enforcement’, this document provides an overview on the potential misuse of ChatGPT, and offers an outlook on what may still be to come. Read more… Source: Europol  

  • Gone in 120 seconds: Tesla Model 3 child’s play for hackers

    March 27, 2023

    A team of hackers from French security shop Synacktiv have won $100,000 and a Tesla Model 3 after subverting the Muskmobile’s entertainment system, and from there opening up the car’s core management systems. The prize was awarded at the annual Pwn2Own competition in Vancouver and it wasn’t Synacktiv’s only win. The team walked away from the ...

  • Earth Preta’s Cyberespionage Campaign Hits Over 200

    March 27, 2023

    Through extensive analysis and as of this writing, we discovered over 200 victims, leading to a wider intelligence analysis of the groups’ goals, different operation groups, and tactics, techniques, and procedures (TTPs). Our study aimed at understanding the different phases and facets involved in this operation, shedding light on the motives and techniques used by ...

  • How scammers employ IPFS for email phishing

    March 27, 2023

    The idea of creating Web 3.0 has been around since the end of 2000s. The new version of the world wide web should repair the weak points of Web 2.0., some of which are: featureless content, prevalence of proprietary solutions, and lack of safety in a centralized user data storage environment, where a massive leak ...

  • Emotet malware distributed as fake W-9 tax forms from the IRS

    March 26, 2023

    A new Emotet phishing campaign is targeting U.S. taxpayers by impersonating W-9 tax forms allegedly sent by the Internal Revenue Service and companies you work with. Emotet is a notorious malware infection distributed through phishing emails that in the past contained Microsoft Word and Excel documents with malicious macros that install the malware. Read more… Source: Bleeping Computer  

  • White House ‘very in favor’ of bill thought to target TikTok

    March 26, 2023

    One of the authors of a Senate bill that would enable the US commerce department to ban technologies with links to foreign governments has said the Biden White House is “very in favor” of the measure, but stopped short of saying whether the administration has discussed possibly prohibiting the Chinese-owned platform TikTok in particular. Appearing on ...

  • Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors

    March 24, 2023

    The FBI warns the public of criminal actors using Business Email Compromise (BEC) schemes to facilitate the acquisition of a wide range of commodities. BEC is one of the most financially damaging online crimes. It exploits the fact that so many of us rely on email to conduct business—both personal and professional. In many BEC scams, ...

  • 8th Edition Connected Banking Summit Southern Africa – Formerly Africa Digital Banking Summit-Innovation and Excellence Awards

    March 24, 2023

    Accelerating Digital Inclusion and Sustainable Transformation The 8th Edition of the Connected Banking Summit Southern Africa is set to take place on May 24, 2023, in Johannesburg, South Africa, bringing together top executives, experts, and leaders from the banking and financial services industry. The summit, organized by the International Center for Strategic Alliances (ICSA), is a ...