Dole discloses data breach after February ransomware attack
Last month, the food multinational Dole Food Company announced that it has suffered a ransomware attack that impacted its operations. It has now confirmed that threat actors behind the attack had access to the information of an undisclosed number of employees. Despite the company denying a huge impact on its operations, it was forced to shut down production plants and shipments for a short period.
New Android banking trojan targets financial apps
Already adopted by threat actors to target 450 financial applications, Nexus provides all the main features to perform ATO attacks (Account Takeover) against banking portals and cryptocurrency services, such as credentials stealing and SMS interception. It appears to be in its early stages of development, and is advertised as a subscription service a monthly fee of $3,000. Details of the malware were first documented by Cyble earlier this month, and the majority of the Nexus infections thus far have been reported in Turkey.
Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked
On the first day of Pwn2Own Vancouver 2023, security researchers successfully demoed Tesla Model 3, Windows 11, and macOS zero-day exploits and exploit chains to win $375,000 and a Tesla Model 3. Adobe Reader, Microsoft’s SharePoint team collaboration platform, and Oracle VirtualBox were also taken down. After zero-day vulnerabilities are demoed and disclosed during Pwn2Own, vendors have 90 days to create and release security fixes for all reported flaws before Trend Micro’s Zero Day Initiative publicly discloses them.
Bogus ChatGPT extension steals Facebook cookies
Google has removed a ChatGPT extension from the Chrome store that steals Facebook session cookies – but not before more than 9,000 users had installed it. The malicious extension – Chat GPT For Google (note the erroneous space in the name of the chatbot) – is very similar in name and code to the real ChatGPT For Google extension. In fact, the phony extension is based on the same open source project used by the actual ChatGPT For Google tool – all the fraudsters had to do was add a few lines of cookie-stealing code. The cookie thieves push the fake add-on through malicious, sponsored Google Search results for “Chat GPT 4,” the researchers said, thus capitalizing on users who want to try out the latest version of the chatbot.
Thanks to this week’s episode sponsor, Conveyor
Stealthy hacks show advancements in China’s cyberespionage operations, researchers say
A string of recently discovered digital intrusions appears to indicate that hackers linked to China are increasingly savvy when it comes to evading detection once they infiltrate a victim’s network. This conclusion comes from researchers at Sentinel Labs and the German IT services company QGroup who studied several cyber intrusions into unnamed Middle Eastern telecoms. Those attacks indicated that a years-long Chinese-aligned cyberespionage operation has been actively updating its abilities using a series of modifications to a widely used credential theft software package, researchers said in a joint analysis published Thursday.
UK government sets out vision for NHS cybersecurity
The UK government has published a new strategy designed to boost cyber-resilience in the health and social care sector by 2030 with the goal of helping the sector’s disparate organizations improve cyber-risk management, data protection and incident response and recovery. Although the details will not be ready until summer, the government shared the five pillars of the new strategy, designed to minimize cyber risk and improve incident response. They are:
• Identify where disruption will cause the greatest harm to patients, such as disruption to critical services
• Unite the sector to take advantage of scale, tap national resources and expertise, and accelerate response
• Ensure leaders are engaged, employees know the cyber basics and more security specialists are recruited
• Embed security into emerging technology to better protect it from cyber-threats
• Support every health and care organization to minimize the impact of incidents and recovery time
Hackers inject credit card stealers into payment processing modules
North Korean APT group ‘Kimsuky’ targeting experts with new spearphishing campaign
German and South Korean government agencies this week warned about a new spearphishing campaign from a notorious North Korean group targeting experts on the peninsula. The campaign gains access to victims’ Google accounts through the infection of Android phones through a malicious app on Google Play and the use of a malicious Chromium web browser extension. The hacking attack is mainly targeting experts on the Korean Peninsula and North Korea, but since the technology exploited in this attack can be used universally, it can be used by foreign affairs and security think tanks around the world as well as unspecified people.