---
title: "Cybersecurity News Update, Week 4 of 2023 | DuoCircle"
description: "Threat actors continue to target both individuals and large corporations alike."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/"
---

Quick Answer

Week 4 of 2023 covered six incidents. Ireland's Data Protection Commission fined WhatsApp 5.95 million euros for forcing users to accept updated terms in order to keep using the service, ruling the practice violated GDPR transparency requirements. Cisco warned that end-of-life Small Business RV routers were exposed to remote code execution with no patch planned, and recommended migration. Riot Games disclosed a social-engineering breach that gave attackers access to source code for League of Legends and Teamfight Tactics, delaying content releases. A new Android banking trojan named Hook, evolved from ERMAC, gave operators full remote control of infected devices. Researchers found vulnerabilities in Samsung's Galaxy App Store that allowed silent installation of arbitrary apps and JavaScript execution. Vice Society leaked data from the University of Duisburg-Essen after the school refused to pay ransom following a November attack.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-4-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20News%20Update%2C%20Week%204%20of%202023&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-4-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-4-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-4-of-2023%2F&title=Cybersecurity%20News%20Update%2C%20Week%204%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20News%20Update%2C%20Week%204%20of%202023&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-4-of-2023%2F "Share via Email") 

![cybersecurity update](https://media.mailhop.org/duocircle/images/2023/01/windows-smtp-service.jpg) 

Threat actors continue to target both individuals and large corporations alike. From WhatsApp’s **GDPR violation**, Cisco’s vulnerable routers, the Riot games security **breach**, the new Hook Android malware, and vulnerabilities in the Galaxy App Store, here are the top [cybersecurity](/) news of this week.

## GDPR Violation by WhatsApp leads to a $5.96 million Fine

The Irish DPC (Data Protection Commission) has [fined](https://www.dataprotection.ie/en/news-media/data-protection-commission-announces-conclusion-inquiry-whatsapp) messaging giant WhatsApp $5.96 million for **violating the GDPR** (General Data Protection Regulation).

The DPC ordered WhatsApp to alter its data processing operations **within six months** to comply with the GDPR or face another fine. The DPC initiated an inquiry in 2018 regarding a **potential violation** when a German citizen complained. _WhatsApp prompted all EU-based users to accept new changes and update its Terms of Service the same day if they wanted to keep accessing the application._

The DPC complaint outlined that WhatsApp **forced** its users to accept its updated policy to continue using its application, an approach that included a clause that the users had to consent to the processing of their data at the app launch. WhatsApp thus violated GDPR’s [Article 7 recital 32](https://www.privacy-regulation.eu/en/r32.htm), which requires users to give their content freely and on any specific, informed, unambiguous basis, **without pressure**, influence, or elements introducing imbalance. The DPC has reached the following conclusion following its investigation:

- WhatsApp Ireland failed to specify the legal basis or justification for processing user data, contravening **Articles 12 and 13 of GDPR**.
- However, it didn’t breach **Article 7** regarding forced consent since its service wasn’t based on [user consent](https://securiti.ai/blog/user-consent/#:~:text=Can%20Securiti%20Help%3F-,What%20is%20User%20Consent%3F,for%20advertising%20and%20marketing%20purposes.) or using it as a lawful reason for processing personal data.

_DPC has plans to launch a new investigation on WhatsApp’s operations to determine if it violates Article 9 of the GDPR, whereas WhatsApp plans to appeal the decision._

## Cisco Routers Exposed to RCE Attacks

Cisco’s end-of-life **VPN routers** numbering over 19,000, are now exposed to [remote command execution](https://www.crowdstrike.com/cybersecurity-101/remote-code-execution-rce/) attacks. Threat actors can now **bypass** authentication leveraging the CVE-2023-20025 and execute arbitrary commands using the CVE-2023-2002 on Cisco’s small business routers.

Threat actors can **exploit** the VPN (Virtual Private Network) routers RV016, RV042, RV042G, and RV082 to bypass severity auth using specially crafted HTTP (Hyper Text Transfer Protocol) requests to the **web management interface** of these routers. Cisco has outlined that the [CVE-2023-20025](https://nvd.nist.gov/vuln/detail/CVE-2023-20025) is **critical**, but there is no evidence to suggest that the exploit chain is being abused yet.

Censys, on the other hand, has [revealed](https://censys.wpengine.com/cve-2023-20025/) that nearly 20,000 of these routers are online, with the RV042 dominating the count with over 12,000 hosts, all of which are **exposed** on the Internet.

Cisco says there are no workarounds, but disabling the web management interface and **blocking access to ports** can reduce the threat actor’s exploitation attempts. You can [block ports 443 and 60443](https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5#workarounds:~:text=Block%20Access%20to%20Ports%20443%20and%2060443) and **uncheck** the Remote Management box by navigating to Firewall > General to implement these.

[![Security Breach](https://media.mailhop.org/duocircle/images/2023/01/DMARC-report-service-2425.jpg)](https://media.mailhop.org/duocircle/images/2023/01/DMARC-report-service-2425.jpg)

## Security Breach at Riot Games, Organization Unable to Release Content

The video game developer and publisher of global hit titles like League of Legends and Valorant, Riot Games, has been hacked, rendering the organization unable to release game **patches and updates**.

Riot games initiated a [Twitter thread](https://twitter.com/riotgames/status/1616548651823935488) describing to its users how their development environment was **compromised** due to a [social engineering](/phishing-protection/social-engineering-is-a-growing-threat/) attack. The organization does not know the details of the attack, but the cyberattack has affected the ability of the organization to **publish patches** for its games.

Riot Games revealed that the [threat actors](/email-security/threat-actors-are-using-google-ads-to-launch-sophisticated-phishing-campaigns/) obtained no personal information or data during the attack, and **Patch 13.2** for League of Legends has been **delayed**. The organization shared the news, outlining that no new features in the patch will be canceled, and the studio will release it later.

Riot games are investigating the attack and will update its customers accordingly. This is not the first attack as **2K games** were also hacked when its customers got malware, and a month following the attack; their **personal data** was put up for [sale](https://www.bleepingcomputer.com/news/security/2k-games-warns-users-their-stolen-data-is-now-up-for-sale-online/) by the threat actors.

## Novel Hook Android Malware letting Hackers Take Control of Mobile Devices

A new Android [malware](/resources/malware-and-its-defense-mechanism), named Hook, has hit the digital space, and it is sold by cybercriminals who are boasting that it can be used to take over **mobile devices**.

The creator of Ermac, an infamous Android banking **trojan**, is promoting this [Hook Android malware](https://www.threatfabric.com/blogs/hook-a-new-ermac-fork-with-rat-capabilities.html#appendix), claiming the malware has been written from scratch but contains much of **Ermac’s code**. Hook has an extensive set of capabilities and allows threat actors to

- **Start/stop RAT**
- Perform a specific swipe gesture
- Take a screenshot
- Simulate clicking a specific text item
- Simulate a key press (HOME/BACK/RECENTS/LOCK/POWERDIALOG)
- **Unlock the device**
- Scroll up/down
- Simulate a long press event
- Simulate clicking at a specific coordinate
- Simulate clicking on a [UI element](https://www.usability.gov/how-to-and-tools/methods/user-interface-elements.html) with a specific text value
- Set a UI element value to a specific text

Hook is more dangerous and capable than Ermac as it includes a VNC (Virtual Network Computing) module enabling threat actors to **interact** with the infected device’s UI in **real-time**.

Hook is a **global Android threat** impacting multiple individuals in the US, Australia, Poland, Spain, Portugal, Italy, France, Turkey, and the UK. _It would be best to stick to Google Play apps and steer clear of third-party applications since the malware is distributed under **Google Chrome APKs**._

## Galaxy App Store Vulnerabilities allowing Hackers to Install Apps without Knowledge

Samsung’s official repository, the Galaxy App Store, has two [vulnerabilities](https://thehackernews.com/2023/02/new-high-severity-vulnerabilities.html) that could allow threat actors to install **any application** on victim devices **without their knowledge** or direct them to malicious URLs (Uniform Resource Locators).

The NCC group [discovered](https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/) the two flaws last year, and Samsung released the patches for the two on 1 Jan 2023 via the Galaxy App Store update 4.5.49.8\. The first flaw, CVE-2023-21433, was an **improper access control** that allowed threat actors to install malicious applications on the Galaxy App Store as the store did not handle incoming intents adequately, allowing applications to send app **installation requests** arbitrarily.

On the other hand, the second vulnerability, **CVE-2023-21434**, was an improper input validation that allowed threat actors to execute [JavaScript](https://www.hostinger.com/tutorials/what-is-javascript) on the target devices, as the web views in the Galaxy App Store contained filters with a limit on the number of domains shown, which could be **bypassed** to force it to access malicious domains.

The vulnerabilities were severe and could allow threat actors to install and launch malicious applications, leading to data or privacy **breaches**. The latest update is a fix for individuals, keeping them safe. _However, older devices remain **attackable** since much older models are not supported by Samsung and do not receive updates._

[![Ransomware Leaks](https://media.mailhop.org/duocircle/images/2023/01/DMARC-reporting-service-2627.jpg)](https://media.mailhop.org/duocircle/images/2023/01/DMARC-reporting-service-2627.jpg)

## Vice Society Ransomware Leaks University of Duisburg-Essen’s Data

The Vice Society [ransomware](/email-security/ransomware-report-2022-the-top-5-ransomware-and-malware-groups-making-strides-this-year/) gang recently claimed responsibility for the November 2022 cyber incident on the UDE (University of Duisburg-Essen) that forced the **reconstruction** of the university’s IT infrastructure.

The threat actors **leaked files** they claim they stole from the university during the **breach**, exposing sensitive details about the university’s students, operations, and personnel.

_UDE confirmed they knew the cybercriminals published the stolen data and refused to pay the ransom._ “After targeting the University of Duisburg-Essen (UDE) with a cyber in November end, the criminal group now **published** data on the [Darknet](https://www.bleepingcomputer.com/news/security/darknet-drug-markets-move-to-custom-android-apps-for-increased-privacy/),” reads the UDE statement.

BleepingComputer [reviewed](https://www.bleepingcomputer.com/news/security/vice-society-ransomware-leaks-university-of-duisburg-essen-s-data/?&web%5Fview=true) some leaked files, including backup archives, student spreadsheets, financial documents, and research papers. While they **look genuine**, there is no way to confirm their **authenticity**.

## Topics

email securityNewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 7m  Cybersecurity News Update, Week 10 of 2023  Mar 6, 2023 ](/blog/announcements/cyber-security-news-update-week-10-of-2023/)[  News 4m  Cambodia Targets Cybercriminals, Traditional Security Insufficient, AI Against Phishing, Cybersecurity News \[March 09, 2026\]  Mar 16, 2026 ](/blog/announcements/cyber-security-news-update-week-11-of-2026/)[  News 6m  Lazarus Infects NPM, MassJacker Steals Crypto, CISA Alerts Ivanti, Cybersecurity News \[March 10, 2025\]  Mar 17, 2025 ](/blog/announcements/cyber-security-news-update-week-12-of-2025/)[  News 6m  RedCurl Ransomware Targets, CS2 Steam Phishing, Fake Converter Cyberattacks , Cybersecurity News \[March 24, 2025\]  Apr 1, 2025 ](/blog/announcements/cyber-security-news-update-week-14-of-2025/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 4 of 2023","description":"Threat actors continue to target both individuals and large corporations alike.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/","datePublished":"2023-01-22T16:18:44.000Z","dateModified":"2025-04-29T11:36:10.000Z","dateCreated":"2023-01-22T16:18:44.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1226,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/01/windows-smtp-service.jpg","caption":"cybersecurity update","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"Cybersecurity News Update, Week 4 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"Cybersecurity News Update, Week 4 of 2023","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity News Update, Week 4 of 2023","description":"Threat actors continue to target both individuals and large corporations alike.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/","datePublished":"2023-01-22T16:18:44.000Z","dateModified":"2025-04-29T11:36:10.000Z","dateCreated":"2023-01-22T16:18:44.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-4-of-2023/"},"articleSection":"announcements","keywords":"email security, News, Security, Updates","wordCount":1226,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/01/windows-smtp-service.jpg","caption":"cybersecurity update","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```