Hello Cybersecuriters! 🍩

This week, the cybersecurity landscape witnessed several notable events. Meduza Stealer, a new cyber threat, has emerged, targeting passwords and crypto wallets, emphasizing the importance of robust security measures.

Taiwan Semiconductor refused to pay a $70 million ransom demanded by an attacker gang, reflecting a shift in response to ransomware attacks. An international policing operation successfully busted a phone scam gang, demonstrating ongoing efforts to combat fraudulent schemes.

SEO poisoning attacks have been on the rise in the health sector, exploiting vulnerabilities in search engine optimization.

Japan's largest port, Yokohama, temporarily halted operations due to a ransomware attack targeting its administrative network. The attack prompted a shutdown of the port's computer network, causing disruptions in various functions. Investigations are underway with the involvement of external experts and law enforcement. Although the attack did not affect operational systems, it highlights the increasing risk of ransomware targeting critical infrastructure.

Additionally, a critical security vulnerability in the Ultimate Member WordPress plugin compromised thousands of websites, emphasizing the need for constant vigilance and proactive security measures.

💻 Malware and Vulnerabilities

• MITRE Unveils 25 Most Dangerous Software Weaknesses Of 2023

• Microsoft Teams bug allows malware delivery from external accounts

• An actively exploited vulnerability in the Contec SolarView solar power monitoring product can expose hundreds of energy organizations to attacks.

• Mozilla has released Firefox 115 to the stable channel with patches for two high-severity use-after-free vulnerabilities

📈 Breaches and Incidents

• Personal information belonging to over 8,000 applicants seeking pilot positions at American and Southwest Airlines has been stolen.

• India’s Largest Tech Retailer, Poorvika, Suffered Data Breach, With Employee and Customer Data

• Russian railway site owned by RZD allegedly taken down by the Ukrainian hacktivist group IT Army 

• The Port of Nagoya, the largest and busiest port in Japan, has been targeted in a ransomware attack that currently impacts the operation of container terminals.

🚨 Threat Intel & Info Sharing

• Super Mario Game Got Trojanized: Used As Vehicle For Crypto Miners And Malware

📊 Trends, Reports, Analysis ​

• Swedish Data Protection Authority Warns Companies Against Google Analytics Use

• 75% of consumers prepared to ditch brands hit by ransomware and  40% of consumers harbor skepticism regarding organizations’ data protection capabilities

⚖️ Laws, Policy, Regulations

• An in-depth assessment of major AI foundation model providers exposed that they currently lack compliance with draft requirements in the EU AI Act.

• Now Apple takes a bite out of encryption-bypassing 'spy clause' in UK internet law and calling on British lawmakers to revise the nation's Online Safety Bill

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮If you want to sponsor our next edition or advertise on our site, drop us an email.

If you liked our content, be a part of our Cybersecurity journey, then you can get updates on our The Cybersecurity Club site, and why not consider joining our Discord Community or our LinkedIn Group.

Signing off! Stay safe, and we’ll see you soon.