Security News > 2023 > April

Fake extortionists are piggybacking on data breaches and ransomware incidents, threatening U.S. companies with publishing or selling allegedly stolen data unless they get paid. They have also impersonated some ransomware and data extortion gangs in emails and claimed to be the authors of the intrusion, stealing hundreds of gigabytes of important data.

Dish Network has been slapped with multiple class action lawsuits after it suffered a ransomware incident that was behind the company's multi-day "Network outage." DISH is facing at least five lawsuits seeking to recover losses for Dish shareholders who were adversely affected by the alleged "Securities fraud" from February 22, 2021 to February 27, 2023.

Microsoft has patched a misconfiguration issue impacting the Azure Active Directory identity and access management service that exposed several "High-impact" applications to unauthorized access. "One of these apps is a content management system that powers Bing.com and allowed us to not only modify search results, but also launch high-impact XSS attacks on Bing users," cloud security firm Wiz said in a report.

Ukrainian cops have arrested two suspects and detained 10 others for their alleged roles in a cybercrime gang that used phishing scams and phony online marketplaces to steal more than $4.3 million from over 1,000 victims across Europe. Police say the victims come from several European countries including the Czech Republic, Poland, France, Spain, Portugal.

Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems. CVE-2022-46169 relates to a critical authentication bypass and command injection flaw in Cacti servers that allows an unauthenticated user to execute arbitrary code.

Unknown threat actors are actively exploiting a recently patched security vulnerability in the Elementor Pro website builder plugin for WordPress. The premium plugin is estimated to be used on over 12 million sites.