Latest Cybersecurity News and Articles

---

Yes, it’s crazy to have TikTok on official phones. But it’s not good for any of us | John Naughton

Fears for data security lie behind recent government bans on the Chinese-owned app, but zombie scrolling has health dangers tooAs of this moment, government officials in 11 countries are forbidden to run TikTok on their government-issued phones. The countries include the US, Canada, Denmark, Belgium, the UK, New Zealand, Norway, France, the Netherlands and Poland. In addition, European Commission and European parliament staff were required to delete the app. This raises two questions.First, why were politicians and senior officials in democracies scrolling like zombies through dance crazes, daft pet videos, feeling “bonita” and things you can do with smudged lipstick? Continue reading...

---

Cyberattack hits Spanish pharmaceutical company Alliance Healthcare

The cyber incident began on March 17 and has led to a complete shutdown of the company’s website, billing systems, and ordering processes. During the first few days of the attack, the company remained at a standstill.

---

Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data

The package in question, named onyxproxy, was uploaded to PyPI on March 15, 2023, and comes with capabilities to harvest and exfiltrate credentials and other valuable data. It has since been taken down, but not before attracting 183 downloads.

---

TikTok banned on London City Hall devices over security concerns

Move by Greater London authority comes after Chinese-owned app was blocked on UK parliamentary devicesLondon City Hall staff will no longer have TikTok on their devices in the latest ban imposed on the Chinese-owned social media app over security concerns.The Greater London authority (GLA) said the rule was implemented as it takes information security “extremely seriously”. Continue reading...

---

Critical flaw in AI testing framework MLflow can lead to server and data compromise

The vulnerability found by Dan McInerney is tracked as CVE-2023-1177 and is rated 10 (critical) on the CVSS scale. It is described as a local and remote file inclusion (LFI/RFI) via the API.

---

Cork-based Dope Security lands $16m investment

The Series A funding round was led by Google Ventures (GV), with participation from existing investors Boldstart Ventures and Preface. The company plans to use some of the funding to expand its engineering team in Cork.

---

New Instagram scam uses fake SHEIN gift cards as lure

This social media scam begins with a comment from a random account on a user’s post, which congratulates the victim saying they’re one of the 2023 lucky ones selected to receive a SHEIN gift card.

---

U.K. National Crime Agency Sets Up Fake DDoS-For-Hire Sites to Catch Cybercriminals

In what's a case of setting a thief to catch a thief, the U.K. National Crime Agency (NCA) revealed that it has created a network of fake DDoS-for-hire websites to infiltrate the online criminal underground. "All of the NCA-run sites, which have so far been accessed by around several thousand people, have been created to look like they offer the tools and services that enable cyber criminals to

---

TikTok CEO got grilled by lawmakers from both parties on whether the Chinese-owned app can protect American privacy

TikTok CEO Shou Zi Chew’s testimony did not seem to quell many concerns that lawmakers had about the company’s connections to China or the adequacy of its risk-mitigation plan, Project Texas.

---

Kroger Postal Prescription Services Files Notice of Data Breach Impacting 82,466 Consumers

Upon discovering that sensitive consumer data was made available to an unauthorized party, Kroger Postal Prescription Services began to review the affected files to determine what information was compromised and which consumers were impacted.

---

Britive, which helps secure public clouds, lands $20.5M investment

Led by Pelion Venture Partners with participation from Liberty Global Ventures, Crosslink Capital and One Way Ventures, the new brings Britive’s total raised to $36 million.

---

Pwn2Own Vancouver 2023 Day 2: Microsoft Teams, Oracle VirtualBox, and Tesla hacked

On the second day of Pwn2Own Vancouver 2023, the bug hunters demonstrated zero-day attacks against the Oracle VirtualBox virtualization platform, Microsoft Teams, Tesla Model 3, and the Ubuntu Desktop OS.

---

Microsoft Warns of Stealthy Outlook Vulnerability Exploited by Russian Hackers

Microsoft on Friday shared guidance to help customers discover indicators of compromise (IoCs) associated with a recently patched Outlook vulnerability. Tracked as CVE-2023-23397 (CVSS score: 9.8), the critical flaw relates to a case of privilege escalation that could be exploited to steal NT Lan Manager (NTLM) hashes and stage a relay attack without requiring any user interaction. "External

---

Pwn2Own Vancouver 2023 Day 1: Windows 11 and Tesla hacked

The Pwn2Own Vancouver 2023 has begun, this hacking competition has 19 entries targeting nine different targets – including two Tesla attempts. On the first day, it awarded $375,000 (and a Tesla Model 3) for 12 zero-day vulnerabilities discovered.

---

OpenAI Reveals Redis Bug Behind ChatGPT User Data Exposure Incident

OpenAI on Friday disclosed that a bug in the Redis open source library was responsible for the exposure of other users' personal information and chat titles in the upstart's ChatGPT service earlier this week. The glitch, which came to light on March 20, 2023, enabled certain users to view brief descriptions of other users' conversations from the chat history sidebar, prompting the company to

---

CISA Gets Proactive With New Pre-Ransomware Alerts

By taking immediate action when receiving an early warning, organizations can reduce potential data loss, avoid impact on operations, and reduce financial impact and other detrimental consequences.

---

Ransomware cases saw a 26% year-over-year decline

New research reveals a year of turbulence within the threat actor community due to international conflicts and enhanced attack methods.

---

Philadelphia warns citizens against tax-based phishing attacks

In response to the IRS warning against tax-based phishing attempts, the city of Philadelphia released cybersecurity recommendations to protect data.

---

Malicious JavaScript Injection Campaign Infects 51,000 Websites

Unit 42 researchers have been tracking a widespread malicious JavaScript (JS) injection campaign that redirects victims to malicious content such as adware and scam pages.

---

Researchers Uncover Chinese Nation State Hackers' Deceptive Attack Strategies

Attack chains mounted by the group commence with a spear-phishing email to deploy a wide range of tools for backdoor access, command-and-control (C2), and data exfiltration.