--- title: "Russian Hackers Target French Senate, DVR Camera Hacking Attempts, Fake ChatGPT Exploit – Cybersecurity News | Phish Protection" description: "This week" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-18-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2023/" --- Quick Answer This week's \[cybersecurity\](/content/cybersecurity-in-a-nutshell) news updates discuss why patching security vulnerabilities can be a significant step toward a safer network. Read on to know more about how threat actors continued to exploit \*\*unpatched vulnerabilities\*\* and compromise information systems recently. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Russian%20Hackers%20Target%20French%20Senate%2C%20DVR%20Camera%20Hacking%20Attempts%2C%20Fake%20ChatGPT%20Exploit%20%26%238211%3B%20Cybersecurity%20News&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2023%2F&title=Russian%20Hackers%20Target%20French%20Senate%2C%20DVR%20Camera%20Hacking%20Attempts%2C%20Fake%20ChatGPT%20Exploit%20%26%238211%3B%20Cybersecurity%20News "Share on Reddit") [ ](mailto:?subject=Russian%20Hackers%20Target%20French%20Senate%2C%20DVR%20Camera%20Hacking%20Attempts%2C%20Fake%20ChatGPT%20Exploit%20%26%238211%3B%20Cybersecurity%20News&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-18-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/05/what-is-spear-phishing-7123.jpg) This week’s [cybersecurity](/content/cybersecurity-in-a-nutshell) news updates discuss why patching security vulnerabilities can be a significant step toward a safer network. Read on to know more about how threat actors continued to exploit **unpatched vulnerabilities** and compromise information systems recently. --- ### Pro-Russian Hackers Claim They Targeted French Senate Website The French Senate’s website went offline on Friday after pro-Russian attackers claimed they had **taken it down**. The upper house of Parliament posted on Twitter, “Access to the website has been disrupted since this morning,” further adding that a team was busy fixing the problem. A group that goes by the tag[NoName](https://www.securityweek.com/pro-russian-hackers-claim-downing-of-french-senate-website/?web%5Fview=true)on Telegram claimed responsibility for the attack, saying it took the step because “France is **helping Ukraine** on a new ‘aid’ package includes weapons.” It is the same [cybercriminal group](https://www.crn.com/news/security/cybercriminal-groups-now-selling-malware-kits-to-amateur-hackers-for-less-than-10-hp-report) that had taken responsibility for downing the website of France’s lower-house National Assembly in March. The group had also **claimed responsibilit**y for disrupting the Canadian government websites last month during the visit of Ukrainian Prime Minister Denys Shmyhal to Canada. However, Canadian Prime Minister Justin Trudeau **shrugged off** the attack, saying that knocking a webpage offline would not prevent Canada from supporting Ukraine. ### Researchers Observe Attack Attempts On TBK DVR Camera Devices Researchers at Fortinet’s FortiGuard Labs recently noticed that hackers were exploiting a **bypass flaw** in[TBK DVR video recording devices](https://cyware.com/news/researchers-observe-a-spike-in-attacks-against-tbk-dvr-camera-devices-2530267c)and increasing hacking attempts on this device worldwide. _The vulnerability is a five-year-old authentication bypass flaw that remains unpatched in these devices._ TBK Vision’s website mentions that organizations across government, banking, and retail sectors are using its devices, significantly **increasing** the impact surface. The researchers tracked the vulnerability as CVE-2018-9995, a critical [authentication bypass](https://www.automox.com/blog/vulnerability-definition-authentication-bypass) issue that remote attackers can exploit to access the impacted network. Furthermore, a remote attacker can **exploit the flaw** to bypass authentication and receive administrative privileges through which they can access camera video feeds . Besides, the Fortinet team noticed that the company did not release any [security patches](https://emteria.com/learn/security-patches) for the five-year-old flaw. Highlighting the attack’s widespread nature, researchers observed over 50,000 attack attempts on video recording devices with unique IPS detections last month. ![What is spear phishing](https://media.mailhop.org/phishprotection/images/2023/05/what-is-spear-phishing-7123.jpg) ### Hackers Use Fake Websites That Look Like ChatGPT To Exploit Sensitive Information Check Point Research recently noticed an uptick in [cyberattacks](https://www.techradar.com/news/cyberattacks-on-governments-saw-a-huge-increase-in-the-first-few-months-of-2023) leveraging websites linked to [ChatGPT](/phishing-awareness/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game), which hackers are using in phishing attempts and distributing malware through websites that appear similar to ChatGPT. These campaigns trick users into revealing confidential information or downloading harmful files. The security experts discovered that 1 out of 25 new[ChatGPT-related domains](https://cyware.com/news/fake-websites-and-chatgpt-recipe-for-high-risk-6a234297)was **malicious** since the beginning of 2023\. Furthermore, they have noticed a steady increase in the frequency of these attack attempts over the past few months. After clicking on these [malicious links](https://securityintelligence.com/news/phishing-attackers-use-docusign-malicious-links/), victims get redirected to websites that can subject them to additional attacks. Researchers identified the following websites **mimicking** ChatGPT: chat-gpt-pc\[.\]online chat-gpt-online-pc\[.\]com chat-gpt-ai-pc\[.\]info Chat-gpt-for-windows\[.\]com ### Attackers Abuse AT&T E-mail Accounts To Steal Cryptocurrency Cybercriminals are breaking into victims’[cryptocurrency exchange accounts](https://cyware.com/news/att-email-accounts-abused-to-steal-cryptocurrency-756bc306)using their AT&T e-mail addresses and stealing their **crypto assets**. The following domain names are impacted: sbcglobal\[.\]net, bellsouth\[.\]net, and att\[.\]net. The researchers believe that the cybercriminals accessed a part of AT&T’s internal network that creates **mail keys** for any user. AT&T e-mail users use these unique mail keys to login into their accounts through apps like Outlook or Thunderbird without requiring a password. If the attackers obtain the primary key of a target, they can log in to their accounts through any e-mail app. Consequently, they **reset passwords** and use the id for other malicious actions like breaking into [cryptocurrency exchanges](https://www.securityweek.com/us-ukraine-shut-down-cryptocurrency-exchanges-used-by-cybercriminals/). A hacker group claimed on Telegram that they had accessed an entire AT&T **employee database**, which allows them access to information regarding OPUS, an AT&T employees portal. ### Promising Jobs at the U.S.P.S, ‘US Job Services’ Leaks Customer Data A Georgia-based online company that has made thousands of dollars purporting to sell access to the United States Postal Service (USPS) jobs recently exposed its **internal IT database** of nearly 900,000 customers . The [leaked records](https://www.securitymagazine.com/articles/91412-more-than-60-of-all-leaked-records-exposed-by-financial-services-firms) indicate that the company’s chief technology officer in Pakistan was hacked over the past year. Patrick Barry, chief information officer at Charlotte, an NC-based Security firm, alerted[KrebsOnSecurity](https://krebsonsecurity.com/2023/05/promising-jobs-at-the-u-s-postal-service-us-job-services-leaks-customer-data/?&web%5Fview=true)about the data exposure. He said that US Job Services had been leaking its customer payment records since 2016\. Furthermore, the company revealed a **2019 log file** containing the site administrator’s contact information and back end-database credentials. Sharing screenshots of the back-end database, Barry said the administrator of US Job Services operates with the e-mail address [tab.webcoder@gmail.com](mailto:tab.webcoder@gmail.com)., which experts traced to **Karachi-based developer** Muhammed Tabish Mirza. ![What is spear phishing](https://media.mailhop.org/phishprotection/images/2023/05/what-is-spear-phishing-7124.jpg) ### Even After Two Security Audits, Level Finance Crypto Exchange Hacked [Hackers](/phishing/hackers-now-going-after-software-tools-which-help-workers-collaborate) recently exploited a Level Finance smart contract **vulnerability** and drained[214,000 LVL tokens](https://www.bleepingcomputer.com/news/security/level-finance-crypto-exchange-hacked-after-two-security-audits/?&web%5Fview=true)from the DEX (decentralized exchange), further swapping them for 3,345 BNB, worth $1,100,000. Downplaying the attack, Level Finance said the attack did not impact its liquidity pool or the DAO treasury. However, after the attack was discovered, the LVL token **lost roughly 50% of its value**. Although Level Finance took adequate [phishing protection](/) measures to protect its assets by ordering two audits from independent firms, the cybercriminals still found a way to exploit the code. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Russian Hackers Target French Senate, DVR Camera Hacking Attempts, Fake ChatGPT Exploit – Cybersecurity News","description":"This week's cybersecurity news updates discuss why patching security vulnerabilities can be a significant step toward a safer network.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2023/","datePublished":"2023-05-01T07:55:10.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-05-01T07:55:10.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":888,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/05/what-is-spear-phishing-7123.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Russian Hackers Target French Senate, DVR Camera Hacking Attempts, Fake ChatGPT Exploit – Cybersecurity News","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-18-of-2023/"}]} ```