In today’s hyper-connected world, cybersecurity has become a critical concern for individuals, businesses, and governments. With new threats and vulnerabilities emerging every day, it can take time to keep up with the ever-evolving landscape of cybercrime. Here are the latest cybersecurity news headlines of the week to keep you updated on latest data breaches to cutting-edge security solutions!
Galaxy Devices Now Equipped with Zero-Click Attack Protection by Samsung
Samsung has created a security system called Samsung Message Guard to safeguard Galaxy smartphone users from “zero-click” exploits that utilize harmful image files.
Zero-click exploits are sophisticated attacks that exploit vulnerabilities without requiring any input from the user. Typically, these attacks involve sending a message or file with malicious code to the target, triggering a vulnerability on their device, and granting the attacker access without the recipient even opening the message or file.
Samsung Message Guard is an isolated virtual space on the smartphone that temporarily hosts newly arrived image files in several formats, including PNG, JPG/JPEG, GIF, ICO, WEBP, BMP, and WBMP.
The system checks these files to detect any malicious code. If found, it locks them in quarantine mode, preventing them from accessing or interacting with the device’s underlying operating system. According to Samsung, “Samsung Message Guard automatically neutralizes any potential threat hiding in image files before they have a chance to do you any harm.” The new system runs silently in the background without requiring user intervention and complements Samsung’s existing protection layers.
Samsung Message Guard is now available for the recently released Galaxy S23 and will gradually roll out to other Galaxy devices running One UI 5.1 or higher later in 2023.
€38M Stolen by ‘CEO Fraud’ Gang, Busted by Europol
Europol, in conjunction with the French, Croatian, Hungarian, Portuguese, and Spanish police forces, has successfully dismantled a Franco-Israeli group specializing in BEC (Business Email Compromise) attacks.
The fraudsters, who impersonated CEOs, tricked employees in target organizations’ financial departments into making payments to accounts under their control. In one instance, the group managed to steal €38,000,000 ($40.3M) from a single enterprise in a couple of days, transferring the money across Europe and China before finally cashing out in Israel.
The law enforcement operation began in January 2022 and lasted five days until January 2023. During this time, the police executed eight house searches, seizing electronic equipment and cars and freezing bank accounts. They confiscated a total of €5,100,000 and €350,000 in digital assets. The operation led to the arrest of eight suspects, including the group’s leader based in Israel.
Six suspects were arrested in France, and two were arrested in Israel. The investigators uncovered the entire money laundering network used by the criminals and connected two cases of fraudulent activity with the help of Europol.
Cyberattack on Scandinavian Airlines Results in Leakage of Passenger Data
SAS (Scandinavian Airlines) has informed its passengers that the recent multi-hour outage of its website and mobile application resulted from a cyberattack that exposed customer data.
The online system malfunctioned due to this attack, making passenger data visible to other passengers, including their contact details, upcoming and previous flights, and the last four digits of their credit card numbers. SAS, which operates 131 aircraft and serves 168 destinations, has stated that the risk of exposure is minimal, as the financial information leaked is partial and not easily exploitable.
However, the airline has acknowledged that disclosing full names and contact information could enable threat actors and scammers to launch targeted phishing attacks if they access compromised data. The airline has clarified that no passport details were compromised during the attack. Furthermore, SAS has stated that it always cooperates with the National Civil Aviation Agency, police, and security police in all security matters, regardless of the nature of the issue.
As the flagship carrier of Sweden, Denmark, and Norway, SAS was targeted by hacktivists who sought to express their condemnation. SAS closely monitors the situation and assesses the attack’s consequences to take preventive measures.
Atlassian Data Leak Attributed to Compromised Employee Credentials
Atlassian, an Australian collaboration software enterprise, experienced a data leak caused by a group of hackers known as SiegedSec.
The hackers claimed to have stolen thousands of employee records, including names, phone numbers, and email addresses, two floor maps for Atlassian’s Sydney and San Francisco offices, and a JSON file containing information about employees. Experts say that the hackers did not directly attack Atlassian’s network but instead gained access to the data through a third-party provider named Envoy.
Atlassian confirmed that the compromised data was from Envoy, which they use for in-office functions. However, Envoy denied any breach and believed that an Atlassian employee’s credentials were stolen, giving the hackers access to the data inside the Envoy app. Atlassian later stated that an employee’s credentials were mistakenly published to a public repository, which allowed the hackers to steal the organization’s data within the Envoy app.
Atlassian has emphasized that the safety of its employees is its priority and that they are actively investigating the incident.
Russian Hacker Found Guilty of $90 Million Hack-to-Trade Offenses
Vladislav Klyushin, a Russian national and owner of M-13, a Moscow-based cybersecurity firm, was convicted of participating in a global scheme to hack into U.S. computer networks and steal confidential earnings reports from American organizations.
Klyushin and his co-conspirators illicitly profited from their scheme to $90,000,000. In December 2021, The United States brought Klyushin to their jurisdiction to answer charges of accessing the systems of two filing agents that U.S. companies employed to file earnings reports through the SEC system.
While Klyushin provided cybersecurity services, he was also found to have run a “hack-to-trade” operation. Shady investors provided him with funds that he used to trade securities of U.S. enterprises.
Klyushin then returned 40% of the profits to the investors. Among the companies that used the hacked agent systems were Capstead Mortgage Corp., Tesla, Inc., SS&C Technologies, Roku, and Snap Inc. The stolen financial reports provided crucial information about these significant corporations’ performance, which Klyushin used to engage in illegal trades in brokerage accounts held under him and others.
Klyushin has been found guilty of conspiring to gain unauthorized access to computers or commit wire fraud, aiding and abetting wire fraud, and securities fraud unauthorized system access.
Activision Acknowledges Data Breach Exposing Employee and Game Information
Activision confirmed that it experienced a data breach in December 2022 where hackers gained entry into its internal systems by using an SMS phishing text to trick an employee.
The organization has assured that the breach did not compromise player details or game source code. However, the security research group vx-underground claims that the threat actors managed to exfiltrate sensitive workplace documents and release schedules until November 17, 2023. Screenshots show that the hackers accessed an Activision employee’s Slack account and attempted to deceive other employees into clicking malicious links.
The publication “Insider Gaming” analyzed the entire leak, which includes full names, email addresses, phone numbers, salaries, work locations, and other employee details. The hack targeted an employee from the Human Resources department who had access to sensitive employee information.
“Insider Gaming” also listed all the game title-related content revealed by this breach, including upcoming content bundles for the Call of Duty Modern Warfare II franchise.
The game information shared online was based on marketing materials, and the breach did not impact the development environment.