--- title: "Cybersecurity Updates For The Week 8 of 2023 | Phish Protection" description: "Organizations across various industries and sizes are facing an uptick in cyber threats that can have severe consequences for both individuals and businesses." image: "https://phishprotection.com/og/blog/cybersecurity-updates-for-the-week-8-of-2023.png" canonical: "https://phishprotection.com/blog/cybersecurity-updates-for-the-week-8-of-2023/" --- Quick Answer Organizations across various industries and sizes are facing an uptick in \*\*cyber threats\*\* that can have severe consequences for both individuals and businesses due to the increasing amount of sensitive information stored online. Here are this week's Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-8-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%208%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-8-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-8-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-8-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%208%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%208%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fcybersecurity-updates-for-the-week-8-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-tips-3478.jpg) Organizations across various industries and sizes are facing an uptick in **cyber threats** that can have severe consequences for both individuals and businesses due to the increasing amount of sensitive information stored online. Here are this week’s top headlines to keep you informed of the latest security incidents and [data breaches](/phishing/data-breaches-and-phishing-attacks-how-third-party-vendors-jeopardize-organization). ### Cyberattack Cripples Ticket Sales at the Philadelphia Orchestra And Kimmel Center The threat actors targeted the **websites** of the Philadelphia Orchestra, including its home venue, which remained down days after they issued a notice saying they suffered a [cyberattack](https://www.cbsnews.com/news/us-marshals-office-cyber-attack-compromised-sensitive-data/). Recently, the Kimmel Center said **ticket sales** were affected by the cyberattack without providing further details. Philadelphia Orchestra’s spokesperson did not respond to requests for comment. > “As we work to resolve the issue, we assure patrons that all Campus \[at the Kimmel Center\] performances will **proceed as planned**, and our security personnel are working as intended to **safeguard** sensitive data,” the organizations wrote. The Orchestra created a **temporary portal** to facilitate ticket sales, and people confirmed that tickets were available in person. Arts venues like the[Kimmel Center](https://therecord.media/philadelphia-orchestra-kimmel-center-websites-down-after-cyberattack-cripples-ticket-sales/?web%5Fview=true)also hold the Philadelphia Ballet and the Broadway shows and are ripe targets for cybercriminals eager to hold critical systems like **ticketing hostage**. ### Chinese Hackers Target And Infiltrate South American Diplomatic Networks Microsoft’s security teams spotted DEV-0147 (a Chinese state-sponsored threat actor) targeting South American diplomatic entities with PoisonPlug, or the ShadowPad **remote access Trojan (RAT)**. Microsoft shared its findings on Twitter, saying the cybercriminals’ new campaign signifies a **notable expansion** in the group’s [data exfiltration](https://www.techopedia.com/definition/14682/data-exfiltration) operations. The DEV-0147 group previously targeted **think tanks** and government agencies in Asia and Europe. From a technical standpoint, Microsoft said it observed DEV-0147 deploy[ShadowPad](https://www.infosecurity-magazine.com/news/chinese-shadowpad-infiltrate-south/?&web%5Fview=true)(a RAT linked to other China-based actors) for **persistence** and QuasarLoader (a webpack loader) to download and execute additional **malware**. _“DEV-0147’s attacks on South American entities included **post-exploitation activity** involving the group abusing the on-premises identity infrastructure for lateral movement and recon_. [Threat actors](/phishing-awareness/threat-actors-breach-reddit-and-access-internal-documents-code-and-business-systems) also used Cobalt Strike for data exfiltration and command and control,” reads one of the Twitter posts. ![Phishing prevention tips](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-tips-3478.jpg) ### Tonga, The Latest Pacific Island Nation To Become A Ransomware Target On Monday, Tonga’s state-owned **telecommunications firm** warned its customers that it was hit with [ransomware](/content/protection-against-ransomware/what-is-ransomware). Tonga Communications Corporation (TCC) published a notice on Facebook stating the attack may **slow down** its administrative operations. > “We have confirmed a[ransomware attack](https://therecord.media/tonga-is-the-latest-pacific-island-nation-hit-with-ransomware/?web%5Fview=true)to **encrypt and lock** access to part of TCC’s system. _It does not affect the voice and internet service delivery to our customers._ Still, it can slow down the bills delivery process, connecting new customers, and managing customers’ inquiries,” the firm said. The Polynesian country comprises 171 islands with a 100,000 population. TCC has a majority (70%) market share of dial-up and broadband internet and controls all of the **country’s fixed telephone lines**. With over 300 employees, it offers the **UCall service** to manage most mobile phone services. In an advisory last year, the CISA had **warned** that Medusa group operates as a [Ransomware-as-a-Service (RaaS)](https://www.upguard.com/blog/what-is-ransomware-as-a-service) model and gives its affiliates **60% of ransoms** while keeping the rest. ### Over 500 Cricket Stars Hit in a Passport Breach, from Wasim Akram To Ian Bell Some all-time greats and current cricket superstars had their **passport information** exposed after a [cybersecurity](/content/cybersecurity-in-a-nutshell) expert said he discovered a batch of the[players’ personal data](https://www.forbes.com/sites/thomasbrewster/2023/02/14/wasim-akram-ian-bell-cricket-player-data-breach/?&web%5Fview=true&sh=1438ea564bbc)online. West Indies and Pakistan legends Chris Gayle and Wasim Akram were among the over **500 famous cricketers** affected by the breach. Other players included current stars like Pakistan captain Mohammad Babar Azam and the big-scoring England batsman Ian Bell. Etizaz Mohsin, a U.K.-based researcher, shared his findings with **Forbes** and said that the breach might affect Indian, New Zealand, and [Afghan](https://www.indiafantasy.com/cricket/cricket-news/afghan-cricketer-reveals-received-message-dhawans-hacked-twitter-account/) players also. _While most passports were valid at the time of discovery, some had expired._ Forbes **validated the integrity** of the data discovered by Mohsin after Eoin Morgan (representative for England international) and Rashid Khan (representative for Afghanistan) confirmed the \*\*legitimacy \*\*of passport images for the two players. _England stars Ian Bell and Henry Brookes’ managers also confirmed their passport details were correct._ The data appears to be linked to the teams involved in the Abu Dhabi **T10 competitions** and the Pakistan Super League. Often, cricketers provide their passports and other [personal data](https://www.indiatoday.in/technology/news/story/personal-data-of-6-lakh-indian-hacked-and-sold-on-bot-markets-for-rs-490-each-study-reveals-2307151-2022-12-09) to **event organizers** to get registered to play and access the grounds. ### The Latest Mirai Variant V3G4 Exploits IoT Devices to Carry Out DDoS Attacks The Palo Alto Networks’ Unit 42 identified the latest variant of the famous Mirai malware , previously responsible for several **large-scale DDoS attacks** on Dyn DNS in October 2016\. Dubbed V3G4 by IT security researchers, it is a malware type that **explicitly targets** Internet of Things (IoT) devices. Like the original[Mirai botnet](https://www.hackread.com/mirai-variant-v3g4-ddos-attacks/?web%5Fview=true), V3G4 exploits\*\* default data login credentials\*\* like usernames and passwords and infects IoT devices . In the campaign tracked by the researchers, exposed **IP cameras** were one of the prime targets of the **V3G4 malware**. The malware uses the exposed devices and servers to create a powerful botnet, which hackers use to launch DDoS attacks or perform other malicious activities, like stealing data or installing [malware](/content/protection-against-malware/what-is-malware). According to Unit 42’s report, experts observed that the V3G4 malware was **leveraging** several vulnerabilities to expand from July to December 2022\. Individuals and organizations must follow [phishing protection](/) best practices for securing **IoT devices** to protect against V3G4 and other similar IoT malware. _It includes changing default usernames and passwords,\*\* disabling unnecessary protocols\*\* and services, and updating the software with the latest security patches._ ### Fake Hogwarts Legacy Cracks Available for Download, Lead to Adware, Scams [Hogwarts Legacy](https://www.malwarebytes.com/blog/news/2023/02/fake-hogwarts-legacy-cracks-lead-to-adware-scams?&web%5Fview=true), the much-awaited Harry Potter video game, finally landed on major gaming platforms, and we saw websites peddling free**“cracked” versions** of the game since the game came with a **steep price tag**. Cracked games are games made playable via [tampering](https://www.mbaknol.com/information-systems-management/data-tampering-meaning-types-and-countermeasures/)\*\* or file modification\*\* and are generally available for free . They are pirated games, which are illegal in some states. Stefan Dasic, a Malware Intelligence Analyst, analyzed the websites claiming to share the game’s **cracked PC version**. One website, games-install\[.\]com, asked users to enter an [activation key](https://www.techopedia.com/definition/33257/activation-key) after downloading the “game.” The website asked them to **take a survey** and verify themselves to access the key. _The survey asks the user to enter their personal details, but the victim never gets to play the game!_ ### AI Image Editing Tool Cutout.pro Leaks User Images and Data Cybernews recently discovered the **web-based AI image editing tool**, Cutout.pro leaked 9GB worth of user data , including usernames and images. Researchers at[Cybernews](https://www.hackread.com/ai-image-editing-tool-cutout-data-leak/?web%5Fview=true)found an open ElasticSearch instance with 22 million log entries referencing usernames, including **business accounts** and individual users. However, the number of affected users is unclear since the log entries contained duplicates. The instance also included information on the number of user credits (a virtual in-game currency) and links to [Amazon S3 buckets](https://www.techtarget.com/searchaws/definition/AWS-bucket), which stored the generated images. The incident does not come as a surprise because **AI-powered tools** have become common due to [ChatGPT’s](/phishing-awareness/the-power-of-chatgpt-how-chatgpt-is-changing-the-phishing-game) massive success. Google has also jumped into the competition with its [Bard](https://www.theverge.com/23610427/chatbots-chatgpt-new-bing-google-bard-conversational-ai) AI tool. The Hong Kong-based **visual design platform** enables users to generate images or manipulate photos using an **AI-based API (application programming interface)**. The functionality allows for its integration into third-party apps . ![Phishing prevention best practices](https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-best-practices-3856.jpg) ### ‘Phishing’ Scam Costs An Ohio City $219,000, its Finance Director His Job [Phishing-scam](/phishing/microsoft-azure-phishing-scam-favorite-malicious-actors) training is today a commonplace **requirement** in workplaces, but not everyone is adhering to its importance. An accounting assistant working for the Columbus suburb of Hilliard, a small Ohio city, was hooked when emails from a **fake vendor** landed in the mailbox. The sender pretended to be an **existing vendor** and tricked the finance worker into changing [bank-routing information](https://gocardless.com/guides/posts/what-is-a-bank-routing-number-brn/) for him. A day later, $218,992.06 got deducted from the city’s account. City officials explained to The Columbus Dispatch, a[USA TODAY Network](https://www.usatoday.com/story/news/nation/2023/02/17/hilliard-ohio-fires-finance-director-phishing-scam/11282093002/?&web%5Fview=true)member, that such actions are part of an accounting assistant’s everyday work. Still, it required a **verification protocol** that was not followed. _City Manager Michelle Crandall said the city is committed to finding the perpetrator._ “We are thoroughly reviewing the [finance department’s](https://techcrunch.com/2022/12/13/california-finance-department-lockbit-ransomware/) accounts pay protocols, including determining why an employee did not follow the **required protocol** that could have **prevented** this scam.” The city’s human resources department is investigating the scam with the assistance of legal counsel . ### Protect Your Organization - [Learn how phishing attacks work and how to spot them](/learn-what-is-phishing/) - [See how Phish Protection blocks threats in real time](/anti-phishing-tools/) ## Topics [ Announcements ](/tags/announcements/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 5m Cybersecurity Updates For The Week 33 of 2022 Aug 22, 2022 ](/blog/cyber-security-news-update-week-33-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 5m Cybersecurity Updates For The Week 1 of 2021 Jan 1, 2021 ](/blog/cybersecurity-updates-for-the-week-1-of-2021/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2022 Jan 7, 2022 ](/blog/cybersecurity-updates-for-the-week-1-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 8 of 2023","description":"Organizations across various industries and sizes are facing an uptick in cyber threats that can have severe consequences for both individuals and businesses.","url":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-8-of-2023/","datePublished":"2023-02-20T08:25:20.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-02-20T08:25:20.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-8-of-2023/"},"articleSection":"intermediate","keywords":"Announcements","wordCount":1420,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/02/phishing-prevention-tips-3478.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 8 of 2023","item":"https://phishprotection.com/blog/cybersecurity-updates-for-the-week-8-of-2023/"}]} ```