Open main menu
Blog HomeSupport
Join Ofofo

Cybersecurity news for the first Week of May 2023

Cybersecurity news for the first week of May. In this article, we cover latest Cybersecurity threats and advances.

Cyberthreats
Table of Contents
    Cybersecurity news for the first Week of May 2023
    videoDuration
    Do not index
    Do not index
    Thumbnail
    image 5.png
    Category
    Cyberthreats
    video
    Summary: Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles, Apple Releases 1st-Ever Rapid Security Response Update, and many more.
     
    Video preview
    Cybersecurity news for the last Week of April 2023
    1. Meta Takes Down Malware Campaign That Used ChatGPT as a Lure to Steal Accounts
    Meta said it took steps to take down more than 1,000 malicious URLs from being shared across its services that were found to leverage OpenAI's ChatGPT as a lure to propagate about 10 malware families since March 2023.
    1. Microsoft Patches Serious Azure Cloud Security Flaws
    Three vulnerabilities in the platform's API Management Service could allow hackers access sensitive data, mount further attacks, and even hijack developer portals.
     
    1. Researchers Uncover New Exploit for PaperCut Vulnerability That Can Bypass Detection
    Cybersecurity researchers have found a way to exploit a recently disclosed critical flaw in PaperCut servers in a manner that bypasses all current detections.
    Microsoft says Iranian state-backed hackers have joined the ongoing assault targeting vulnerable PaperCut MF/NG print management servers.
     
    1. Ransomware gang hijacks Bluefield university alert system to issue threats
    The Avos ransomware gang hijacked Bluefield University's emergency broadcast system, "RamAlert," to send students and staff SMS texts and email alerts that their data was stolen and would soon be released.
    Bluefield University is a small private university in Bluefield, Virginia, with roughly 900 students.
     
    1. Google Launches Cybersecurity Career Certificate Program
    Google's new program aims to offer accessible training to fill 750K open cybersecurity jobs with diverse array of talent.
     
    1. New Fleckpe Android malware was installed 600K times on Google Play
    Kaspersky reveals that Fleckpe is the newest addition to the realm of malware that generates unauthorized charges by subscribing users to premium services, joining the ranks of other malicious Android malware, such as Jocker and Harly.
     
    1. Packagist Repository Hacked: Over a Dozen PHP Packages with 500 Million installations Compromised
    PHP software package repository Packagist revealed that an "attacker" gained access to four inactive accounts on the platform to hijack over a dozen packages with over 500 million installs to date.
    1. A bug in WordPress custom field plugin exposes over 1M sites to XSS attacks
    Security researchers warn that the 'Advanced Custom Fields' and 'Advanced Custom Fields Pro' WordPress plugins, with millions of installs, are vulnerable to cross-site scripting attacks (XSS)
     
    1. Apple Patches Bluetooth Flaw in AirPods, Beats
    Users can check for the updated firmware version of their wireless headphones in the Bluetooth settings of their iPhone, iPad, or Mac devices.
     
    1. Judge Spares Jail Time for Former Uber CISO Joseph’s over 2016 breach charges
    Tell other CISO's "you got a break," judge says in handing down a three-year probation sentence to Joseph Sullivan.
     
    1. Twitter says 'security incident' exposed private Circle tweets
    Twitter disclosed that a 'security incident' caused private tweets sent to Twitter Circles to show publicly to users outside of the Circle.
     
    1. Microsoft enforces number matching technique to fight MFA fatigue attacks
    Microsoft has started enforcing number matching in Microsoft Authenticator push notifications to fend off multi-factor authentication (MFA) fatigue attacks.
     
    1. Private Code Signing Keys from MSI Data Breach were Leaked on the Dark Web :
    The threat actors behind the ransomware attack on Taiwanese PC maker MSI last month have leaked the company's private code signing keys on their dark website. Intel is investigating the leak of alleged private keys used by the Intel BootGuard security feature, potentially impacting its ability to block the installation of malicious UEFI firmware.
     
    1. Apple Releases 1st-Ever Rapid Security Response Update
    This is new. For the very first time, Apple has released a Rapid Security Response (RSR) update to iPhone users, with a corresponding RSR for the Mac. It represents a change in how Apple will launch smaller updates.
     
    That's all for the week. Register on https://ofofo.io to get the updates to your inbox.

    Ready to secure your business?

    Join other 2000+ Subscribers now!

    Subscribe

    Written by

    Mohan Gandhi Ponnaganti
    Mohan Gandhi Ponnaganti

    Co-founder and CEO, Ofofo.io

    Related posts

    Year 2022: State of Cybersecurity — A Brief
    Cybersecurity Market Research

    Year 2022: State of Cybersecurity — A Brief

    The year 2021 was a groundbreaking year for cybersecurity, as the size and scope of cybercrime continued to grow. This blog explores recent threats, new trends in the domain and provides alternatives to traditional approaches to cyber resiliency.

    Cybersecurity news for the second Week of June 2023
    Cyberthreats

    Cybersecurity news for the second Week of June 2023

    Cybersecurity news for the first second week of June. In this article, we cover latest Cybersecurity threats and advances.