--- title: "Cybersecurity Updates For The Week 16 of 2023 | Phish Protection" description: "In this week" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-16-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-16-of-2023/" --- Quick Answer In this week's \[cybersecurity\](/content/cybersecurity-in-a-nutshell) news picks, a leading bank exposed confidential client data, and ChatGPT remained a concern for security experts. Follow this article to learn more about the \*\*latest phishing\*\*-related news and be sure to take all necessary \[phishing protection\](/) measures in the future. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-16-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%2016%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-16-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-16-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-16-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%2016%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%2016%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-16-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/04/what-is-phishing-2.jpg) In this week’s [cybersecurity](/content/cybersecurity-in-a-nutshell) news picks, a leading bank exposed confidential client data, and ChatGPT remained a concern for security experts. Follow this article to learn more about the **latest phishing**\-related news and be sure to take all necessary [phishing protection](/) measures in the future. --- ### Google: Ukraine Becomes A Target Of 60% Russia-Backed Phishing Attacks In 2023 [Google’s Threat Analysis Group (TAG)](https://www.bleepingcomputer.com/news/security/google-ukraine-targeted-by-60-percent-of-russian-phishing-attacks-in-2023/?&web%5Fview=true)is monitoring and disrupting Russian **state-backed** actors targeting Ukraine’s critical infrastructure in 2023\. It reported that from January to March 2023, Ukraine became the most prominent target of Russia-backed [phishing attacks](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them), receiving roughly 60% of cyber attacks . In most cases, the campaign goals were operational disruptions, intelligence collection, and leaking sensitive information through **Telegram channels** focused on causing information damage to Ukraine. Google’s report also highlighted cases of **misinformation** on its platforms, [YouTube](https://thehackernews.com/2023/04/youtube-videos-distributing-aurora.html) and Blogger. > “In the first 2023 quarter, TAG observed a **coordinated campaign** from Internet Research Agency (IRA) linked actors creating content on Google products like YouTube. They were commenting and upvoting each other’s videos ,” the Google TAG report read. ### Multinational ICICI Bank Leaks Passports And Financial Data ICICI Bank, an Indian multinational valued at over $76 billion, recently leaked **millions of records** with sensitive data, including the bank’s clients’ [personal documents](http://www.uniindia.com/14-mln-personal-documents-stolen-from-aussie-financial-firm-in-cyber-attack/world/news/2941173.html) and financial information. A[misconfiguration](https://securityaffairs.com/145094/uncategorized/icici-bank-data-leak.html?web%5Fview=true)in the bank systems led to the exposure, including full names, birth dates, bank account details, bank statements, e-mails, personal identification documents, credit card numbers, home addresses, phone numbers, and **employees’ and candidates’** CVs. > “We estimate the impact of the discovered ICICI leak to be **severe**, as it leaked a significant volume of personal data,” said Cybernews researchers. “Such [sensitive information](/cybersecurity/sensitive-information-at-risk-as-a-security-breach-hits-us-marshals-service) can undermine ICICI bank’s reputation and uncover details of the **bank’s internal processes**. Furthermore, it can jeopardize the security and safety of its clients, employees, and their data.” ### Furniture Rental Startup RentoMojo Suffers A Data Breach, 1.5 Lakh Subscribers Impacted Online rental marketplace[Rentomojo](https://www.livemint.com/companies/start-ups/rentomojo-confirms-data-breach-1-5-lakh-subscribers-affected-11681961865740.html)recently discovered a data breach on its systems and reported it to the appropriate authorities. Founded in 2014, Rentomojo allows users in Mumbai, Delhi NCR, Bengaluru, and Pune to **rent** motorbikes, furniture, and utilities on a **subscription basis**. It said the data breach affected its 1.5 lakh subscribers. In an e-mail sent to its subscribers, RentoMojo says, “Recently, we identified a security breach that led to **unauthorized access** in one of our databases. It appears the hackers obtained unauthorized access to **customer data**, including PII, by exploiting a [cloud misconfiguration](https://www.computerweekly.com/news/252504909/Cloud-misconfiguration-a-growing-cause-of-security-incidents).” ![What is phishing](https://media.mailhop.org/phishprotection/images/2023/04/what-is-phishing-2.jpg) The firm also added that the breach **does not impact** any financial information like Debit cards, Credit cards, or UPI as it does not store them in the firm’s database. ### Singapore Privacy Watchdog Fines Real Estate Firm OrangeTee & Tie For Data Breach Involving 250,000 Employees And Customers Real estate agency OrangeTee & Tie received a S$37,000 fine from Singapore’s[privacy watchdog](https://www.channelnewsasia.com/singapore/orangetee-real-estate-personal-data-breach-pdpa-customers-employees-3425291?&web%5Fview=true)for compromising the **personal data** of over 250,000 customers and employees. Cybercriminals extracted names, property transaction amounts, bank account numbers, and identity card numbers from **outdated database servers** in 2021. The Personal Data Protection Commission (PDPC) released a written judgment on Monday (Apr 17), saying that it found **several lapses** in OrangeTee & Tie’s cybersecurity posture that led to the data breach. _It included the firm failing to conduct periodic security reviews before the incident in 2021 and using **“live” data** for development and testing without proper safeguards in place._ ### AI Tools Like ChatGPT Can Fuel BEC Attacks A recent report by[Armorblox](https://www.helpnetsecurity.com/2023/04/17/bec-attacks-language-attack-vector/?web%5Fview=true)mentions that of all BEC attacks in the past year, 57% had **language** as the primary attack vector to target unsuspecting employees. The report also includes other trends like [vendor fraud](https://betanews.com/2022/11/03/vendor-fraud-techniques-used-to-bypass-office-365-security/) and compromise are the rising attack vectors, and **graymail** wastes 27 hours for security teams each week. Attacks target technology organizations. The report mentions that **SMBs** are particularly vulnerable to [supply chain](https://www.securityweek.com/cascading-supply-chain-attack-3cx-hacked-after-employee-downloaded-trojanized-app/) and vendor fraud attacks, and 53% of vendor compromise attacks targeted technology organizations. Cybercriminals keep **infiltrating** legitimate business workflows to steal sensitive business information. The report mentions that hackers mostly compromised **business workflows** involving e-mail notifications, a significant uptick over 2021\. It adds that 52% of all attacks involved sensitive user data, like user login credentials. ### ChatGPT Account Takeover Bug Allows Cybercriminals To Gain User’s Online Account ![Zero day attack prevention](https://media.mailhop.org/phishprotection/images/2023/04/zero-day-attack-prevention-3653.jpg) An independent security analyst, Nagli (@naglinagli), recently discovered a critical security **vulnerability** in[ChatGPT](https://gbhackers.com/chatgpt-account-takeover-bug/?web%5Fview=true)that allows hackers to control any user’s account. Web Cache deception is an **attack vector** that Omer Gil introduced at the Las Vegas Blackhat USA conference in 2017. In this attack, the hacker can change a web server into storing a [web cache](https://www.pcmag.com/encyclopedia/term/web-cache) by entering a **non-existent URL** and a file type like JPG, CSS, or PNG. As per the tweet, hackers can use the below steps to replicate the issue. The hacker logs in to ChatGPT and visits the[URL](https://chat.openai.com/api/auth/session). He **changes the URL** to Victim.css and sends it to the User. The User visits the URL while logged into ChatGPT. The server will save the victim’s sensitive information on the URL as a cache. The [hacker](/phishing-awareness/latest-iran-aligned-hacker-phishing-campaign-targeting-middle-eastern-countries) visits the URL: , which has **sensitive information** about the User like Name, e-mail, etc., He can now use it to log in to ChatGPT. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 16 of 2023","description":"In this week's cybersecurity news picks, a leading bank exposed confidential client data, and ChatGPT remained a concern for security experts.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-16-of-2023/","datePublished":"2023-04-19T04:41:46.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-04-19T04:41:46.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-16-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":909,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/04/what-is-phishing-2.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 16 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-16-of-2023/"}]} ```