--- title: "Cybersecurity Updates For The Week 5 of 2023 | Phish Protection" description: "Data security incidents are on the rise and are impacting organizations across various sectors, regardless of their size." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-5-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-5-of-2023/" --- Quick Answer Data security incidents are on the rise and are \*\*impacting organizations\*\* across various sectors, regardless of their size. With vast amounts of personal and sensitive information being \*\*stored online\*\*, the ramifications of a \[data breach\](/phishing/data-breaches-how-they-impact-small-businesses) can be detrimental to both individuals and businesses. Here are this week's headlines to keep you updated on the latest data breaches and security incidents highlighting the importance of \[phishing protection\](/). Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-5-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%205%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-5-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-5-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-5-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%205%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%205%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-5-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/01/spear-phishing-protection-4263.jpg) Data security incidents are on the rise and are **impacting organizations** across various sectors, regardless of their size. With vast amounts of personal and sensitive information being **stored online**, the ramifications of a [data breach](/phishing/data-breaches-how-they-impact-small-businesses) can be detrimental to both individuals and businesses. Here are this week’s headlines to keep you updated on the latest data breaches and security incidents highlighting the importance of [phishing protection](/). --- ### Researchers Discover Multiple Vulnerabilities IN Healthcare Software OpenEMR Security experts found three [vulnerabilities](https://www.geeksforgeeks.org/vulnerabilities-in-information-security/) in **OpenEMR**, the open-source software for medical practice management and electronic health records. Sonar clean code experts published an advisory about the **flaws** discovered by security researcher Dennis Brinkrolf. > Brinkrolf wrote, “During our research of popular web applications, we recently discovered several **code vulnerabilities** in OpenEMR.” These vulnerabilities allow **remote hackers** to execute arbitrary system commands on[OpenEMR servers](https://www.infosecurity-magazine.com/news/vulnerabilities-healthcare/?&web%5Fview=true)and steal sensitive patient data . In the worst-case scenario, they can compromise the **entire** critical infrastructure. The security expert added that Sonar’s \[static application security testing (SAST)\](.) engine found that two **combined** vulnerabilities can cause unauthenticated **remote code execution (RCE)**. ### Latest Database Injection Attacks Compromise WordPress Sites A massive campaign leveraged hacked **WordPress sites** and redirected victims to tech support scams, phishing, adult dating, or drive-by-downloads attacks. The cybercriminals ensured that their[malicious payloads](https://cyware.com/cyber-security-news-articles)remained **undetected** through multiple redirects and legitimate downloads. Sucuri researchers say that they noticed a rise in **WordPress infections** linked to the **malicious domain** violetlovelines\[.\]com. They added that the campaign has been active since December 26, 2022, impacting 5,600 websites . ![Spear phishing protection](https://media.mailhop.org/phishprotection/images/2023/01/spear-phishing-protection-4263.jpg) _The campaign evolved recently, and cybercriminals switched to **black hat ad** **networks** from fake CAPTCHA push notification scam pages._ The malicious ad networks redirect targets to legitimate, malicious, or shady websites and trick them into downloading [malware](/content/protection-against-malware/how-to-prevent-malware-attacks). Different attack levels: The campaign uses various stages for deploying a **Traffic Direction System (TDS)**, [script injections](https://www.itprotoday.com/development-techniques-and-management/script-injection-attacks), redirect chains, and ad networks. Threat actors use two common injection types, an obfuscated JavaScript injection or a simple script tag injection. Users get redirected to a script on other **attacker-operated subdomains**, further leading to the malicious ad network’s multiple domains. ### Cyberattacks Targeting German Airports’ Websites The German **airports’ websites**, financial sector organizations, and public administration bodies became the latest target of [cyberattacks](https://www.goodmorningamerica.com/news/video/cyberattacks-us-airports-believed-russian-hacker-91323869) initiated by a Russian “hacker group,” according to the authorities. A spokesman said that the **Federal Cyber Security Authority (BSI)** was aware of the DDoS attacks against targets in Germany. [Cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) design a DDoS (distributed denial-of-service) attack to overwhelm the victim with a deluge of **internet traffic**, preventing their system from functioning normally. > Threat actors **aimed** the attacks “in particular at the airports’ websites” and some “**financial sector** targets” and ”[federal and state administrations](https://www.securityweek.com/cyberattacks-target-websites-of-german-airports-admin/?web%5Fview=true)‘ websites,” the spokesman said. The BSI spokesman further added that the Russian hacker group **Killnet** had announced the attack. The group’s call was a response to Chancellor Olaf Scholz’s recent announcement that Germany will send **Leopard 2 tanks** to Ukraine to help it repel the Russian invasion, financial daily Handelsblatt quoted. However, the BSI spokesman said it was “particularly hard” to attribute Thursday’s attacks directly to the [hacker group](https://www.hackread.com/trickbot-hacking-group-sanctioned/). ### CVE-2023-23560 Vulnerability Exposes 100 Lexmark Printer Models to Hack Lexmark recently released a security firmware update for removing a remote code execution **vulnerability** (tracked as CVE-2023-23560) that impacted over 100 printer models . The CVE-2023-23560 vulnerability is a server-side request forgery (SSRF) in[Lexmark printers](https://securityaffairs.com/141428/hacking/lexmark-cve-2023-23560-rce.html?web%5Fview=true)‘ Web Services feature, which received a **CVSS score of 9.0**. [Threat actors](/blog/threat-actors-using-phishing-as-a-service-phaas/) can exploit the compromise of a vulnerable printer to gain unauthorized access to the target network. After compromising the printer, the hacker can access the **printer spooler**, obtain the credentials of the connected network or expose sensitive documents. However, users can rest **assured** that Lexmark did not discover any attacks in the wild where hackers exploited the CVE-2023-23560 vulnerability. To check if your device has the vulnerable [firmware](https://www.techopedia.com/definition/2137/firmware) version, go to “Settings” -> “Reports” ->” Menu Setting Page” from the operator panel. If the **firmware level** in the “Device Information” matches the “Affected Releases” reported in the advisory, you must upgrade to a **“Fixed Release.”** ### CISA: Hackers Use Legitimate Remote Desktop Tools to Hack Federal Agencies CISA, the NSA, and MS-ISAC issued a **joint advisory warning** that attackers are using legitimate [remote monitoring and management (RMM)](https://www.intel.in/content/www/in/en/business/enterprise-computers/resources/rmm.html) apps to fulfill their malicious purposes. CISA recently used the[EINSTEIN intrusion detection system](https://www.bleepingcomputer.com/news/security/cisa-federal-agencies-hacked-using-legitimate-remote-desktop-tools/?&web%5Fview=true)and discovered **malicious activity** within various federal civilian executive branch (FCEB) agencies’ networks. It acted after the Silent Push report released in mid-October 2022. The researchers linked the activity to a “**widespread** and financially motivated phishing campaign” that Silent Push reported. “The authoring organizations assessed that since June 2022, threat actors have sent **help** **desk-themed** [phishing](/resources/what-is-phishing) messages to the FCEB federal staff’s personal and official email addresses,” the advisory reads. “The emails either contained a link to a ‘first-stage’ malicious domain or prompted the recipients to call the cyber criminals, who tried to convince the victims to visit the first-stage malicious domain.” The [malicious actors](/phishing/malicious-actors-exploit-commenting-feature-in-google-docs-to-send-phishing-emails) used **portable** remote desktop software executables, allowing them to gain access to the victim’s system as an **admin** without a complete software installation or admin permissions. ### Ticketmaster Blames Bots for Taylor Swift ‘The Eras’ Tour Debacle When armies of Taylor Swift fans got locked out in November and could not purchase tickets for her “The Eras” tour, the “Swifties” demanded answers, and the Senate agreed. **Ticketmaster** parent Live Nation executives testified in[Senate Judiciary Committee](https://www.darkreading.com/attacks-breaches/ticketmaster-blames-bots-taylor-swift-eras-tour-debacle?&web%5Fview=true)hearings against criticism that its market position reduced its accountability to fans, leading to its **unpreparedness** for the anticipated demand. The Executives insisted that Ticketmaster’s live music market dominance did not cause the Swift **sales collapse** \- but it was a **cyberattack**. “There was an unprecedented demand for Taylor Swift’s event tickets,” according to the Ticketmaster’s opening testimony. _“We were aware that the bots would attack the on-sale and planned accordingly.”_ However, the testimony says that Ticketmaster experienced a **triple amount of bots**, with [bots](https://www.cybersecurity-insiders.com/bots-compromise-jersey-computers-to-use-them-for-cyber-attacks/) both attempting to compromise the ticket sales servers for access codes and **purchase tickets**. ![Office 365 email protection](https://media.mailhop.org/phishprotection/images/2023/01/office-365-email-protection-7563.jpg) “While the bots **could not acquire** any tickets or penetrate our systems, the attack pushed us to slow down and pause our sales,” the company said, further adding that the difference was that this time, instead of the bots attempting to buy the tickets, they were **attacking the system**. ### Hackers Impersonate Chinese Ministry in a QR Code-Based Phishing Attack FortiGuard Labs recently found a phishing campaign using[multiple QR codes](https://cyware.com/news/qr-code-based-phishing-attack-impersonates-chinese-ministry-e0613b60)to target Chinese users to steal their credentials. The email consists of an attached Word document, which spoofs the Chinese Ministry of Finance. The document presents some Chinese text and a large **QR code** in the center when the user opens the document. After scanning the code, the user gets redirected to a URL, which leads to a **hacker-controlled website**. The website is a [DingTalk](https://qz.com/1814937/what-is-dingtalk-the-alibaba-app-that-quarantined-kids-in-china-hate) instance (an enterprise communication platform) spoof that prompts users to key in their details to steal them. Why does the attack matter? _Threat actors consider user credentials valuable because they can gain direct access to a victim’s environment or applications._ An attacker can directly use the [credentials](https://thehackernews.com/2022/08/credential-theft-is-still-top-attack.html) or **sell them** to another group for their operations. The above phishing campaign highlights that attackers are leveraging **new ways** to target users and lure them into sharing confidential information. ### GTA 5 Players Warned ‘To Not Play At All’ as Hacks Worsen In the past few days,[GTA Online](https://insider-gaming.com/gta-online-hacks/?web%5Fview=true)‘s PC version was targeted by some of the most malicious **exploits** and hacks the platform has ever seen. GTA Online hacks were an ongoing and troublesome issue for past years, but the latest wave that’s reportedly driven by the 2022 GTA 5**source** **code leak** is on another level entirely. Players logging in **without a firewall** can face various issues. Their stats can be modified, data corrupted, accounts banned, and an aggressive **cheat engine** can impact their PC. When the news describing the **new wave** of hacks and exploits surfaced on Twitter, players immediately started advising gamers not to log into GTA Online. As the ‘[partial remote code execution](https://medium.com/@qazbnm456/cve-2020-8163-partial-remote-code-execution-c6f46bcdef2)‘ hacks circulate, mod menus are getting delivered, allowing hackers to manipulate **critical aspects of the game**. Last year, GTA 5 faced one of the most significant breaches in gaming history when [hackers](https://thehackernews.com/2023/02/hackers-create-malicious-dota-2-game.html) stole its source code and distributed it, along with 100 GB of content from Rockstar’s upcoming **GTA 6 project**. ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 5 of 2023","description":"Data security incidents are on the rise and are impacting organizations across various sectors, regardless of their size.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-5-of-2023/","datePublished":"2023-01-29T06:38:54.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-01-29T06:38:54.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-5-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1442,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/01/spear-phishing-protection-4263.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 5 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-5-of-2023/"}]} ```