--- title: "Cybersecurity Updates For The Week 6 of 2023 | Phish Protection" description: "Cybersecurity Updates For The Week 6 of 2023: Threat actors are not leaving any industry behind when it comes to stealing users" image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-6-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2023/" --- Quick Answer Threat actors are not leaving any industry behind when it comes to stealing users' \*\*digital assets\*\*. Here are this week's \[phishing\](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them) and breach-related stories to keep you updated on the latest cyber developments. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%206%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-6-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-8635.jpg) Threat actors are not leaving any industry behind when it comes to stealing users’ **digital assets**. Here are this week’s [phishing](/resources/7-most-common-phishing-attacks-and-learning-to-protect-against-them) and breach-related stories to keep you updated on the latest cyber developments. --- ### Zurich University Targeted in a ‘Professional’ Cyberattack The university said it is battling to keep cyber criminals out of critical zones by **isolating** its IT system’s parts. While the university’s move has restricted access to its systems, it has **prevented** attackers from extracting or encrypting data. The university alerted the Swiss authorities, students, and employees, advising them to change their passwords . > “The perpetrators are acting in a **very professional** manner, and the attack appears to be a part of a wider accumulation of attacks targeting **educational and health** institutions,” the[University of Zurich](https://www.swissinfo.ch/eng/sci-tech/hackers-target-zurich-university-with--professional--cyberattack/48256306?&web%5Fview=true)stated. ![Phishing prevention](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-8635.jpg) “Hackers have recently carried out **several attacks** on universities in German-speaking countries, leading to suspension of their IT services for extended periods.” Last year, attackers used malicious software to hack the University of Neuchâtel in a [cyberattack](https://abcnews.go.com/Business/wireStory/feds-cyberattack-caused-suicide-helplines-outage-96887591), forcing a temporary shutdown of its IT systems. Other **global educational establishments** targeted by cybercriminals in recent years include Universities in Germany and Austria. In 2021, cybercriminals hacked the Swiss town of Rolle, resulting in **data** getting posted on the [Darknet](https://www.bleepingcomputer.com/news/security/darknet-drug-markets-move-to-custom-android-apps-for-increased-privacy/). The ‘Vice Society’ group claimed responsibility, threatening to target other hospitals and municipalities. It is unclear who is behind the attack on the University of Zurich. ### India’s One of The Largest Truck Brokerage Company Leaks 140GB Data India’s largest freight delivery and truck brokerage company, FR8, recently faced a severe **data leak** problem. According to [phishing protection](/) researcher Anurag Sen who works with Italian cyber security firm FlashStart, FR8 exposed over 140 gigabytes of data , which anyone can access without a password or security authentication. According to a post on[Hackread.com](https://www.hackread.com/india-truck-brokerage-company-data-leak/?web%5Fview=true), the leaked data contains **sensitive information** like customer records, payment details, and invoices across India. It also includes other personal data like employees’ and customers’ names, addresses, and contact numbers. FR8 claims that it is “India’s **largest** truck and transport service company” and operates in more than 60 cities. On January 30, 2023, Anurag discovered the server on Shodan while searching for **misconfigured** [cloud databases](https://www.ibm.com/cloud/learn/what-is-cloud-database). The security researchers informed FR8 regarding the leak but received no response. FR8’s only e-mail address available to the public is **bouncing back** with every e-mail. The leaked data contains: Full name Mobile number Internal document Delivery Full address Bank payment details Delivery Vehicle Details Internal employee details ### PixPirate: Latest Android Banking Trojan Targets Brazilian Financial Institutions A new **Android banking trojan** is leveraging the PIX payments platform and is targeting Brazilian financial institutions for committing fraud. Italian cybersecurity firm Cleafy discovered the malware between 2022 end and 2023 beginning and is tracking it under the name[PixPirate](https://thehackernews.com/2023/02/pixpirate-new-android-banking-trojan.html?&web%5Fview=true). > “PixPirate is part of the **latest generation** of Android banking trojan, and it can perform [ATS (Automatic Transfer System)](https://www.malwaretech.com/2016/08/automatic-transfer-systems-ats-for-beginners.html). It enables cybercriminals to automate the insertion of malicious money transfers over the **Instant Payment** platform Pix. Multiple Brazilian banks have adopted the Pix payment platform,” researchers Alessandro Strino and Francesco Iubatti said. The trojan is the latest addition in a long Android banking [malware](/content/protection-against-malware/types-of-malware) list to abuse the system’s accessibility services **API** and carry out its nefarious functions. _These include intercepting SMS messages, disabling Google Play Protect, serving rogue ads through push notifications, and preventing uninstallation._ ### Crypto Hacks Led by North Korean Groups Stole a Record $3.8 Billion In 2022 Last year set a new record for **cryptocurrency** heists, with attackers stealing over $3.8 billion . The heists were led by attackers linked to North Korea, who grabbed more than ever before, says a report by U.S.-based [blockchain analytics](https://originstamp.com/blog/what-is-blockchain-analytics-and-how-does-it-work/). The report by[Chainalysis](https://www.reuters.com/technology/crypto-hacks-stole-record-38-billion-2022-led-by-north-korea-groups-report-2023-02-01/?&web%5Fview=true)found a malicious activity that **“ebbed and flowed”** around the year, with “large spikes” in March and October. The report said October saw the most cryptocurrency **hacking**, experiencing 32 separate attacks and $775.7 million worth of stolen cryptocurrency. With diminishing risk appetite and various crypto firms **collapsing**, the crypto market floundered in 2022\. Regulators stepped up calls for greater **consumer protection**, and investors experienced considerable losses. At the time, Chainalysis and other firms confirmed that North Korean-related accounts lost millions of dollars in value. But it did not deter the [threat actors](/phishing-awareness/threat-actors-using-malicious-onenote-attachments-to-spread-malware-via-phishing-emails). The report added that North Korea-linked attackers like those in the [cybercriminal](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) syndicate Lazarus Group had become the most prolific cryptocurrency hackers, stealing over $1.7 billion worth of cryptocurrency in **multiple attacks** last year. _According to an expert panel monitoring United Nations sanctions, North Korea is increasingly relying on hacking to fund its missile and nuclear weapons programs, specifically as publicly declared trade collapsed under sanctions and COVID-19 lockdowns._ ### CISA Alert: Exploitable Vulnerabilities in Oracle E-Business Suite and SugarCRM The US CISA (Cybersecurity and Infrastructure Security Agency) added two security flaws to its **KEV (Known Exploited Vulnerabilities)** Catalog, citing evidence of active exploitation. [CVE-2022-21587](https://www.rapid7.com/blog/post/2023/02/07/etr-cve-2022-21587-rapid7-observed-exploitation-of-oracle-e-business-suite-vulnerability/#:~:text=Metasploit-,CVE%2D2022%2D21587%3A%20Rapid7%20Observed%20Exploitation%20of,Oracle%20E%2DBusiness%20Suite%20Vulnerability) (CVSS score: 9.8) is the first of the[two vulnerabilities](https://thehackernews.com/2023/02/cisa-alert-oracle-e-business-suite-and.html?&web%5Fview=true). It is a critical issue that impacts versions 12.2.3 to 12.2.11 of **Oracle** Web Applications Desktop Integrator. CISA said, “Oracle **E-Business Suite** has an unspecified vulnerability that enables an unauthenticated [hacker](https://thehackernews.com/2023/02/russian-hacker-pleads-guilty-to-money.html) with **network access** through HTTP to compromise Oracle Web Applications Desktop Integrator.” Oracle addressed the issue in October 2022 as part of its Critical Patch Update. There is little knowledge regarding the nature of attacks that exploit the vulnerability. Still, the development comes after the [cybersecurity](/content/cybersecurity-in-a-nutshell) firm Viettel published a proof-of-concept (PoC) on January 16, 2023. The second [security flaw](https://thehackernews.com/2023/01/critical-security-flaw-found-in.html) is **CVE-2023-22952** (CVSS score: 8.8), relating to a missing input validation in SugarCRM which could lead to the injection of arbitrary **PHP code**. SugarCRM versions 11.0.5 and 12.0.2 have fixed the bug. ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-tips-7426.jpg) ### Updated Variants of Prilex Can Block Contactless NFC Transactions Researchers recently identified three **new variants** of Prilex, the advanced [Point-of-Sales (PoS) malware](https://www.makeuseof.com/pos-malware-explained/). The latest variants block contactless NFC (Near-Field Communication) transactions, forcing customers to insert the card into the compromised device physically. First sighted in 2014, the Prilex malware has evolved from **ATM-focused** malware to full-fledged PoS malware. Variants And Capabilities: Kaspersky researchers link the[Prilex malware](https://cyware.com/news/new-variants-of-prilex-blocks-contactless-nfc-transactions-584015db)to Brazilian threat actors who have **updated** their malware with new capabilities. 06.03.8080, 06.03.8070, and 06.03.8072 are the three new Prilex versions. These latest Prilex variants can restrict [contactless payment](https://squareup.com/us/en/townsquare/what-is-a-contactless-payment) transactions. Another feature added to the recent Prilex update is the ability to **filter credit cards** based on their segment and create separate rules for them. For example, an attacker can configure the Prilex malware to capture card data only if it detects a Black/Infinite or Corporate card. ### EV Charging Management System Flaws Allow Disruption, Energy Theft _Researchers warn that there are vulnerabilities in many electric vehicles (EV) charging management systems that could allow hackers to steal energy, cause disruption, or obtain driver information._ Researchers working for an Israel-based company SaiFlow discovered the **vulnerabilities**. SaiFlow specializes in protecting distributed energy resources and EV charging infrastructure. The security holes are linked to the communications between the EV charge point (CP) and charging system management service (CSMS), specifically the usage of the[Open Charge Port Protocol](https://www.securityweek.com/ev-charging-management-system-vulnerabilities-allow-disruption-energy-theft/?web%5Fview=true)(OCPP). The researchers confirmed that the flaws impact the CSMS offered by multiple vendors. According to SaiFlow, a cybercriminal can exploit the weaknesses and launch a [distributed denial-of-service (DDoS) attack](https://www.techtarget.com/searchsecurity/definition/distributed-denial-of-service-attack), disrupting the electric vehicle supply equipment (EVSE) **network**. Additionally, if the attacker manages to connect to the CSMS, they can obtain **drivers’ personal information** like payment card data and other sensitive data like server credentials. ### **Pro-Russian Hackers Target Dutch and European Hospitals** Dutch cyber authorities said that several hospital websites in Europe and the Netherlands likely became targets of a[pro-Kremlin hacking group](https://www.securityweek.com/dutch-european-hospitals-hit-by-pro-russian-hackers/?web%5Fview=true)because their countries supported Ukraine . The UMCG hospital located in Groningen, the northern Dutch city, is one of the largest in the country, and hackers **crashed its website** in a cyberattack on Saturday. The Dutch National Cyber Security Centre (NCSC) said, “European hospitals, including the ones in the Netherlands, have most likely been **targeted** by the pro-Russian hacking group Killnet.” The group announced DDoS attacks on hospitals (in countries) helping Ukraine in the **Russia-Ukraine conflict**.” A distributed denial-of-service (DDoS) attack overwhelms the target with a deluge of [internet traffic](https://en.wikipedia.org/wiki/Internet%5Ftraffic), **disrupting** the system’s normal functioning . Although reports say Killnet threatened to target 31 hospitals throughout the Netherlands, only the UMCG got affected so far. The NCSC said, “Currently, we successfully **mitigated** the DDoS attacks, and its impact is limited.” ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 6 of 2023","description":"Cybersecurity Updates For The Week 6 of 2023: Threat actors are not leaving any industry behind when it comes to stealing users' digital assets . Here are.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2023/","datePublished":"2023-02-06T08:46:15.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-02-06T08:46:15.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1451,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-8635.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 6 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-6-of-2023/"}]} ```