---
title: "SEC Ransomware Complaint, Rhysida Alert Issued, Ethereum Theft Exploit, Cybersecurity News [November 13, 2023] | DuoCircle"
description: "Welcome to this week’s edition of the ‘Weekly Cybersecurity Bulletin’ where we slice through the complexity of the digital security landscape to bring you the."
image: "https://www.duocircle.com/images/og-default.png"
canonical: "https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/"
---

Quick Answer

Four items shaped the week of November 13, 2023\. The AlphV/BlackCat ransomware crew filed a complaint with the US SEC against MeridianLink, alleging the company failed to disclose a breach within four business days under the new SEC cyber-incident disclosure rule, an attempt to weaponize regulation as an extortion lever. The FBI and CISA issued a joint advisory on Rhysida ransomware, naming the group's tactics, techniques, and indicators of compromise after attacks on healthcare, education, manufacturing, and government targets. Roughly $60 million was stolen from cryptocurrency wallets through exploitation of a feature in Ethereum's create2 opcode that lets attackers spoof token approvals. International law enforcement dismantled BulletProftLink, a long-running phishing-as-a-service platform that supplied templates and infrastructure to thousands of criminal customers.

Share 

[ ](https://www.linkedin.com/sharing/share-offsite/?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-46-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=SEC%20Ransomware%20Complaint%2C%20Rhysida%20Alert%20Issued%2C%20Ethereum%20Theft%20Exploit%2C%20Cybersecurity%20News%20%5BNovember%2013%2C%202023%5D&url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-46-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-46-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-46-of-2023%2F&title=SEC%20Ransomware%20Complaint%2C%20Rhysida%20Alert%20Issued%2C%20Ethereum%20Theft%20Exploit%2C%20Cybersecurity%20News%20%5BNovember%2013%2C%202023%5D "Share on Reddit") [ ](mailto:?subject=SEC%20Ransomware%20Complaint%2C%20Rhysida%20Alert%20Issued%2C%20Ethereum%20Theft%20Exploit%2C%20Cybersecurity%20News%20%5BNovember%2013%2C%202023%5D&body=Check out this article: undefined%2Fblog%2Fannouncements%2Fcyber-security-news-update-week-46-of-2023%2F "Share via Email") 

![cybersecurity](https://media.mailhop.org/duocircle/images/2023/11/DMARC-generator.jpg) 

Welcome to this week’s edition of the ‘Weekly [Cybersecurity](/) Bulletin’ where we slice through the complexity of the digital security landscape to bring you the most pertinent news and updates making headlines **around the world**. From threat actors lodging SEC complaints to Phaas gangs getting arrested, this text has it all.

## Ransomware Group Lodges SEC Complaint Regarding Victim’s Unrevealed Breach

The ALPHV/BlackCat ransomware crew has taken things up a notch by **filing a complaint** with the U.S. Securities and Exchange Commission (SEC). They’re pointing fingers at one of their supposed victims for not spilling the beans within the four-day window about a [cyber hit](https://edition.cnn.com/2023/11/10/investing/icbc-ransomware-attack-hnk-intl/index.html).

Earlier today, these digital troublemakers put MeridianLink, a software enterprise, on blast in their [data leak](https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/). They **threatened** to spill the beans on allegedly pilfered data unless a fat ransom is coughed up in the next 24 hours. MeridianLink is a big player in the digital solutions game, serving up tech goodies for banks, credit unions, and mortgage lenders.

So, the story goes like this: The ALPHV ransomware gang [claims](https://www.databreaches.net/alphv-files-an-sec-complaint-against-meridianlink-for-not-disclosing-a-breach-to-the-sec/) they busted into MeridianLink’s network on November 7, snagged some company secrets, and didn’t even bother encrypting anything. Just to prove they mean business, ALPHV posted a screenshot on their site showing the **SEC complaint** they filed.

In their own words, the hackers told the SEC that MeridianLink had a “big breach” and **didn’t spill the beans**, as required in [Form 8-K](https://www.investopedia.com/terms/1/8-k.asp), under Item 1.05\. ALPHV also shared on their site the response they got from the SEC, just to show the complaint got through.

[![data leak](https://media.mailhop.org/duocircle/images/2023/11/email-smtp-service-6943.jpg)](https://media.mailhop.org/duocircle/images/2023/11/email-smtp-service-6943.jpg)

## FBI and CISA Issue Alert on Rhysida Ransomware’s Opportunistic Attacks

The FBI and CISA issued a [warning](https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-319a) about the Rhysida ransomware gang pulling sneak attacks on **various types of organizations**. Rhysida made headlines in May 2023 when it hacked the Chilean Army, [leaking their data online](https://tech.hindustantimes.com/tech/news/biggest-data-breach-in-india-aadhaar-card-details-of-81-5-crore-indians-leaked-online-71698735572051.html).

Recently, the US Department of Health and Human Services (HHS) jumped in, pointing fingers at Rhysida for hitting healthcare organizations. _The joint cybersecurity advisory dropped some useful info for defenders, things like indicators of compromise, detection tips, and the tactics Rhysida uses_.

They gathered all this from investigations up to September 2023\. The agencies spilled the beans, saying Rhysida ransomware likes to hit ‘targets of opportunity’ in education, healthcare, manufacturing, IT, and government. These guys work like a [ransomware-for-hire service](https://cnsight.io/2021/09/17/ransomware-for-hire/), [hitting up schools](https://www.infosecurity-magazine.com/news/it-systems-encrypted-uk-school-hit/), tech companies, and government offices. If a ransom gets paid, they **share the loot with their crew**.

The Rhysida troublemakers don’t play fair and **have been caught** breaking into third-party services, like VPNs, by using stolen credentials to get in and hang out in victims’ networks. These types of cyber incidents underscore the requirement for robust [ransomware protection](/resources/locky-ransomware) across all kinds of institutions. The adoption of these [phishing protection](/email/phishing-protection) measures is essential to safeguard against potential threats.

## Ethereum Feature Exploit Leads to $60 Million Theft from Victims

Anti-scam experts at ‘Scam Sniffer’ uncovered a concerning trend involving the **misuse** of Ethereum’s [‘Create2’ function](https://coinsbench.com/a-comprehensive-guide-to-the-create2-opcode-in-solidity-7c6d40e3f1af).

The researchers discovered that threat actors have been circumventing wallet security alerts, resulting in the misappropriation of approximately $60 million in cryptocurrency. They stole from 99,000 victims within a span of 6 months.

Ethereum’s ‘Create2’ function [facilitates](https://docs.cryptohandbook.org/ethereum/general/what-is-ethereum/solidity/create2-function) the creation of smart contracts on the blockchain. _Unlike its predecessor, ‘Create,’ it enables the **calculation of addresses** before contract deployment._ The report from Scam Sniffer shares how ‘Create2’ can be exploited to generate new contract addresses without a history of reported malicious transactions. This effectively **evades wallet security alerts**. So, whenever a victim approves a malicious transaction, the attacker deploys a contract at a pre-calculated address, resulting in an **irreversible transfer** of the victim’s assets. A highlighted case showed a victim losing [$927,000](https://arbiscan.io/tx/0x0b8d095c9ee0f27362240ed3f315afa12d6f88a6a0c15b99231bc14d4dd1fb96) worth of [GMX](https://academy.binance.com/en/articles/what-is-gmx) after unwittingly signing a transfer contract.

In August 2023, a Binance operator **mistakenly sent** $20 million to scammers employing [the ‘address poisoning’ strategy](https://hackernoon.com/everything-you-need-to-know-about-address-poisoning). However, the error was detected in time, and the recipient’s address was frozen.

[![address poisoning attacks](https://media.mailhop.org/duocircle/images/2023/11/DMARC-generator-1.jpg)](https://media.mailhop.org/duocircle/images/2023/11/DMARC-generator-1.jpg)

## Law Enforcement Dismantles BulletProftLink, a Large-Scale Phishing Provider

The Royal Malaysian Police **took down** the notorious BulletProftLink [phishing-as-a-service (PhaaS) platform](https://thehackernews.com/2023/05/new-phishing-as-service-platform-lets.html).

PhaaS platforms are a **huge threat** as they provide low-level and wannabe cybercriminals with tools for [phishing attacks](/email-security/meta-phish-facebook-phishing-campaign-stealing-login-credentials-and-pii-2/). These platforms provide **ready-to-use phishing kits**, customizable templates, page hosting, credential harvesting, reverse proxying tools, and more.

BulletProftLink came into existence in 2015 and gained attention, amassing thousands of subscribers. Malaysian police [apprehended 8 threat actors](https://www.nst.com.my/news/crime-courts/2023/11/976212/igp-police-arrest-eight-people-international-syndicate-which) on 6 November 2023, including a self-taught threat actor believed to be the leader of the gang. _They seized [cryptocurrency wallets](/email-security/tradertraitor-targeted-attack-on-blockchain-organizations/), servers, computers, jewelry, vehicles, and payment cards, amounting to about $213,000._ The threat actors also **had servers** that the police will now use to identify users of the seized platform.

Intel471 [reported](http://intel471.com/blog/malaysian-police-disrupt-the-phisherman) that BulletProftLink had 8,138 active subscribers with access to 327 [phishing page](/phishing-protection/new-phishing-technique-is-really-hard-to-detect/) templates as of April 2023\. This is a 403% increase since Microsoft’s 2021 [report](https://www.microsoft.com/en-us/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/).

## Topics

NewsSecurityUpdates 

![Brad Slavin](https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg) 

Brad Slavin 

General Manager

General Manager at DuoCircle. Product strategy and commercial lead across the email security portfolio.

## Secure your email infrastructure

Protect, authenticate, and deliver. Contact our team to find the right solution.

[Contact Sales](/contact/) [Explore Products](/products/) 

## Related Articles

[  News 3m  Alert: Fix SPF & DKIM Settings For Your Email Forwarding Set Up Through Microsoft o365 SMTP Server Or Your Emails May End Up In Spam  Jul 20, 2021 ](/blog/announcements/alert-fix-spf-dkim-settings-for-your-email-forwarding-set-up-through-microsoft-o365-smtp-server-or-your-emails-may-end-up-in-spam/)[  News 6m  Cyber Security News Update, Week 1 of 2022  Jan 7, 2022 ](/blog/announcements/cyber-security-news-update-week-1-of-2022/)[  News 7m  Cybersecurity News Update, Week 1 of 2023  Jan 1, 2023 ](/blog/announcements/cyber-security-news-update-week-1-of-2023/)[  News 5m  EasyPark Data Breach, Ohio Lottery Cyberattack, GTA 5 Leak, Cybersecurity News \[December 25, 2023\]  Jan 4, 2024 ](/blog/announcements/cyber-security-news-update-week-1-of-2024/)

```json
{"@context":"https://schema.org","@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}],"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://www.g2.com/products/phish-protection-by-duocircle/reviews","https://github.com/duocircle","https://www.crunchbase.com/organization/duocircle-llc"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://support.duocircle.com"},"knowsAbout":["Email Security","Email Authentication","SPF","DKIM","DMARC","Phishing Protection","Spam Filtering","SMTP Relay","Email Deliverability","Email Forwarding"]}
```

```json
{"@context":"https://schema.org","@type":"WebSite","name":"DuoCircle LLC","url":"https://www.duocircle.com","description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}
```

```json
[{"@context":"https://schema.org","@type":"BlogPosting","headline":"SEC Ransomware Complaint, Rhysida Alert Issued, Ethereum Theft Exploit, Cybersecurity News [November 13, 2023]","description":"Welcome to this week’s edition of the ‘Weekly Cybersecurity Bulletin’ where we slice through the complexity of the digital security landscape to bring you the.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/","datePublished":"2023-11-20T18:32:17.000Z","dateModified":"2025-05-14T15:18:30.000Z","dateCreated":"2023-11-20T18:32:17.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":805,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/11/DMARC-generator.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}},{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":2,"name":"News"},{"@type":"ListItem","position":3,"name":"SEC Ransomware Complaint, Rhysida Alert Issued, Ethereum Theft Exploit, Cybersecurity News [November 13, 2023]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/"}]}]
```

```json
{"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://www.duocircle.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://www.duocircle.com/blog/"},{"@type":"ListItem","position":3,"name":"News","item":"https://www.duocircle.comundefined"},{"@type":"ListItem","position":4,"name":"SEC Ransomware Complaint, Rhysida Alert Issued, Ethereum Theft Exploit, Cybersecurity News [November 13, 2023]","item":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/"}]}
```

```json
{"@context":"https://schema.org","@type":"BlogPosting","headline":"SEC Ransomware Complaint, Rhysida Alert Issued, Ethereum Theft Exploit, Cybersecurity News [November 13, 2023]","description":"Welcome to this week’s edition of the ‘Weekly Cybersecurity Bulletin’ where we slice through the complexity of the digital security landscape to bring you the.","url":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/","datePublished":"2023-11-20T18:32:17.000Z","dateModified":"2025-05-14T15:18:30.000Z","dateCreated":"2023-11-20T18:32:17.000Z","author":{"@type":"Person","@id":"https://www.duocircle.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://www.duocircle.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin runs DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. His focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/dmarcreport/images/team/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"DuoCircle LLC","url":"https://www.duocircle.com","logo":{"@type":"ImageObject","url":"https://www.duocircle.com/images/duocircle-logo.png"},"description":"DuoCircle is a portfolio of specialized email products covering protection, authentication, delivery, and routing. We deliver about 90% of category-leader capability at roughly half the price, backed by experts who own the outcome. Trusted by 50,000+ organizations since 2014.","subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://www.duocircle.com/blog/announcements/cyber-security-news-update-week-46-of-2023/"},"articleSection":"announcements","keywords":"News, Security, Updates","wordCount":805,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/duocircle/images/2023/11/DMARC-generator.jpg","caption":"cybersecurity","width":900,"height":600},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}}
```