Summary: Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles, Apple Releases 1st-Ever Rapid Security Response Update, and many more.
Cybersecurity news for the last Week of April 2023
Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023.
Microsoft Patches Serious Azure Cloud Security Flaws
Three vulnerabilities in the platform's API Management Service could allow hackers access sensitive data, mount further attacks, and even hijack developer portals.
Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections.
Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
Ransomware gang hijacks Bluefielduniversity alert system to issue threats
The Avos ransomware gang hijacked Bluefield University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email alerts that their data was stolen and would soon be released.
Bluefield University is a small private university in Bluefield, Virginia, with roughly 900 students.
Google Launches Cybersecurity Career Certificate Program
Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent.
New Fleckpe Android malware was installed 600K times on Google Play
Kaspersky reveals that Fleckpe is the newest addition to the realm of malware that generates unauthorized charges by subscribing users to premium services, joining the ranks of other malicious Android malware, such as Jocker and Harly.
Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million installations Compromised
PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.
A bug in WordPress custom field plugin exposes over 1M sites to XSS attacks
Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS)
Apple Patches Bluetooth Flaw in AirPods, Beats
Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.
Judge Spares Jail Time for Former Uber CISO Joseph’s over 2016 breach charges
Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.
Twitter says 'security incident' exposed private Circle tweets
Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle.
Microsoft enforces number matching technique to fight MFA fatigue attacks
Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks.
Private Code Signing Keys from MSI Data Breach were Leaked on the Dark Web :
The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware.
Apple Releases 1st-Ever Rapid Security Response Update
This is new. For the very first time, Apple has released a Rapid Security Response (RSR) update to iPhone users, with a corresponding RSR for the Mac. It represents a change in how Apple will launch smaller updates.
That's all for the week. Register on https://ofofo.io to get the updates to your inbox.