Cyber Security Headlines:  GDPR turns 5, GitLab patches vulnerability, Russian industrial malware

GDPR is 5 years old, and over 1 million people have asked to be forgotten

On the 5th birthday of GDPR, a new study from Surfshark shows that between 2015 to 2021, over 1 million “right to be forgotten” requests to delist certain search results were submitted to Google and Microsoft Bing, from 32 countries. Points from the study show France is in first place with over 255,000 requests; when the Covid-19 pandemic started, “right to be forgotten” cases rose nearly 30%; Estonia had the most requests per 10,000 people, more than 2.5 times higher than average, and 1 in 10 “right to be forgotten” web page delisting requests are crime-related.


GitLab security update patches critical vulnerability

GitLab this week resolved a critical-severity vulnerability impacting both GitLab Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2023-2825 and leading to arbitrary file reads, the newly addressed security defect has the maximum CVSS score of 10. According to GitLab, the issue was introduced in GitLab CE/EE version 16.0.0 and was resolved on Tuesday with the release of version 16.0.1 of the platform. The flaw was reported by a researcher named ‘pwnie’ via GitLab’s HackerOne-hosted bug bounty program.

(Security Week)

Mysterious malware designed to cripple industrial systems linked to Russia

A rare form of malicious software designed to infiltrate and disrupt critical systems that run industrial facilities such as power plants has been uncovered and linked to a Russian telecom firm, according to a report released Thursday from the cybersecurity firm Mandiant. The discovery of the malware dubbed “CosmicEnergy” is somewhat unusual since it was uploaded to VirusTotal — a service that Google owns that scans URLs and files for malware — in December 2021 by a user with a Russian IP address and was found through threat hunting and not following an attack on a critical infrastructure system. CosmicEnergy joins a highly specialized group of malware such as Stuxnet, Industroyer and Trisis that are purpose built for industrial systems. 


Chinese hackers that triggered US alarm hit defense targets

A group of Chinese hackers who recently triggered a multi-nation alert have been conducting a cyberespionage campaign against military and government targets in the United States, researchers said on Thursday. The group – dubbed “Volt Typhoon” by Microsoft – was the subject of an alert issued by cybersecurity and intelligence agencies in the United States, Britain, and their close allies. That warning said Volt Typhoon was developing capabilities “that could disrupt critical communications infrastructure between the United States and Asia region during future crises.” The group has targeted critical infrastructure organizations in the U.S. Pacific territory of Guam, Microsoft said.


Thanks to this week’s episode sponsor, Sonrai Security

Did you know that 81% of breaches are due to compromised identities? It’s a sobering statistic and one that enterprise organizations cannot afford to ignore. Sonrai Security has made a name for itself by securing enterprise clouds from the inside out, securing every identity, access, and permission in the cloud. Download Sonrai Security’s new CIEM Buyer’s Guide to learn more about fortifying your cloud from the inside out at

Zyxel Issues critical security patches for firewall and VPN products

Zyxel has released software updates to address two critical security flaws affecting select firewall and VPN products that could be abused by remote attackers to achieve code execution. Both the flaws – CVE-2023-33009 and CVE-2023-33010 – are buffer overflow vulnerabilities and are rated 9.8 out of 10 on the CVSS scoring system. Security researchers from TRAPA Security and STAR Labs SG have been credited with discovering and reporting the flaws. The advisory comes less than a month after Zyxel shipped fixes for another critical security flaw in its firewall devices that could be exploited to achieve remote code execution on affected systems.

(The Hacker News)

North Korea-linked APT Lazarus Group targeting vulnerable Microsoft IIS servers 

Researchers from AhnLab Security Emergency Response Center have researchers reported that the Lazarus APT Group is targeting vulnerable versions of Microsoft IIS servers in a recent wave of malware-based attacks. The attackers leverage the DLL side-loading (T1574.002) technique to execute a malicious DLL (msvcr100.dll) that they have placed in the same folder path as a normal application (Wordconv.exe). Then the library is executed via the Windows IIS web server process. The researchers note a similarity between this DLL technique and another previously used by the Lazarus actors.

(Security Affairs)

Ransomware gang pulls Philadelphia Inquirer listing after victim questions documents

The Cuba ransomware group removed its listing of The Philadelphia Inquirer on its darknet extortion site on Wednesday after the paper cast doubts on the authenticity of documents the criminals provided for download. Cuba claimed to have posted a trove of files stolen from the Inquirer, including “financial documents, correspondence with bank employees, account movements, balance sheets, tax documents, compensation, source code,” but the publisher said that the company had seen no evidence that the information was actually related to the newspaper.

(The Record)

Dark Frost botnet launches devastating DDoS Attacks on gaming i ndustry

A new botnet called Dark Frost has been observed launching (DDoS) attacks against the gaming industry. Modeled after Gafgyt, QBot, Mirai, and other malware strains, it has expanded to encompass hundreds of compromised devices,” Akamai security researcher Allen West said in a new technical analysis. Targets include gaming companies, game server hosting providers, online streamers, and even other gaming community members with whom the threat actor has interacted directly.

(The Hacker News)