Security News > 2024 > March

A U.S. federal court has issued a $9,918,000 penalty and an injunction against an individual named Scott Rhodes for making thousands of "Spoofed" robocalls to consumers across the country. Robocalls are automated phone calls that use automated dialing software to deliver a pre-recorded message to many recipients.

Since Saturday, U.S. food chain giant Panera Bread has been experiencing a nationwide outage that has impacted its IT systems, including online ordering, POS systems, phones, and various internal systems. "Our team is still working on getting the systems online. Please look for resolution once this is fixed and follow up with us later in the week. Thanks," Panera Bread added earlier today.

OpenAI's ChatGPT is down for many people worldwide, with users facing multiple problems, including being unable to access their accounts, having their chat history come up empty, and the chat screens not loading properly. Others have told BleepingComputer that they cannot access GPT-4 as the site states that they do not have a ChatGPT Plus subscription, even though they do.

Plus: Alleged front sanctioned, UK blames PRC for Electoral Commission theft, and does America need a Cyber Force? The United States on Monday accused seven Chinese men of breaking into computer...

The U.S. Treasury Department's Office of Foreign Assets Control has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. The first, Bitpapa IC FZC LLC, is a peer-to-peer virtual currency exchange that caters to Russian nationals and has facilitated millions of dollars in transactions with two OFAC-designated Russian entities, Hydra Market and Garantex.

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection security vulnerabilities before shipping.In SQL injection attacks, threat actors "Inject" maliciously crafted SQL queries into input fields or parameters used in database queries, exploiting vulnerabilities in the application's security to execute unintended SQL commands, such as exfiltrating, manipulating, or deleting sensitive data stored in the database.

More than 170,000 users have been affected by an attack using fake Python infrastructure with "Successful exploitation of multiple victims." The attacker hinged on various supply chain attack techniques to distribute malware-infected Python PyPI packages.

The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. One of the more recent victims of the attacker is Top.gg, a popular search-and-discovery platform for Discord servers, bots, and other social tools geared towards gaming, boosting engagement, and improving functionality.

The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to deliver malware that steals sensitive information. One of the more recent victims of the attacker is Top.gg, a popular search-and-discovery platform for Discord servers, bots, and other social tools geared towards gaming, boosting engagement, and improving functionality.

Cybercriminals have been increasingly using a new phishing-as-a-service platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication protection. Tycoon 2FA attacks involve a multi-step process where the threat actor steals session cookies by using a reverse proxy server hosting the phishing web page, which intercepts the victim's input and relays them to the legitimate service.