--- title: "Cybersecurity Updates For The Week 2 of 2023 | Phish Protection" description: "Cybersecurity Updates For The Week 2 of 2023: The phishing threat landscape is constantly evolving, with threat actors likely to continue their actions in." image: "https://phishprotection.com/og/blog/weekly-cyber-news-updates-week-2-of-2023.png" canonical: "https://phishprotection.com/blog/weekly-cyber-news-updates-week-2-of-2023/" --- Quick Answer The phishing threat landscape is constantly evolving, with \[threat actors\](/blog/threat-actors-using-phishing-as-a-service-phaas/) likely to continue their actions in 2023\. Here are this week's headlines to inform you of the \*\*latest tactics\*\* being adopted by threat actors to dupe individuals and organizations alike. Share [ ](https://www.linkedin.com/sharing/share-offsite/?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-2-of-2023%2F "Share on LinkedIn") [ ](https://twitter.com/intent/tweet?text=Cybersecurity%20Updates%20For%20The%20Week%202%20of%202023&url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-2-of-2023%2F "Share on X/Twitter") [ ](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-2-of-2023%2F "Share on Facebook") [ ](https://reddit.com/submit?url=https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-2-of-2023%2F&title=Cybersecurity%20Updates%20For%20The%20Week%202%20of%202023 "Share on Reddit") [ ](mailto:?subject=Cybersecurity%20Updates%20For%20The%20Week%202%20of%202023&body=Check out this article: https%3A%2F%2Fphishprotection.com%2Fblog%2Fweekly-cyber-news-updates-week-2-of-2023%2F "Share via Email") ![Phish Protection blog post image](https://media.mailhop.org/phishprotection/images/2023/01/anti-phishing-software-9944.jpg) The phishing threat landscape is constantly evolving, with [threat actors](/blog/threat-actors-using-phishing-as-a-service-phaas/) likely to continue their actions in 2023\. Here are this week’s headlines to inform you of the **latest tactics** being adopted by threat actors to dupe individuals and organizations alike. --- ### Hackers Hold Database of Romanian Hospital for Ransom Botoşani (northeastern Romania) based Saint Gheorghe Recovery Hospital became the latest target of a **ransomware** attack, impacting its medical activity. [Cybercriminals](/blog/cybercriminals-are-duping-millions-of-accounts-in-the-latest-facebook-phishing-campaign/) demanded 3 Bitcoin to decrypt the **servers’ data**. The attack resembles the one that occurred in 2019 summer when four Romanian hospitals became the target. The attackers accessed a **remote connection** used by one of the maintenance companies to break into the network. They entered the network and encrypted the December database. Afterward, they left a message in English, asking the hospital authorities for a **3 Bitcoin ransom**. The recent attack was complex, and computer scientists from [DIICOT](https://en.wikipedia.org/wiki/Directorate%5Ffor%5FInvestigating%5FOrganized%5FCrime%5Fand%5FTerrorism) and **BitDefender** (a Romanian antivirus company) could not decrypt the files. > The manager of the Recovery Hospital, doctor Cătălin Dascălescu said, “We have notified **DIICOT** and the[National Directorate of Cyber Security](https://www.romania-insider.com/database-romanian-hospital-held-ransom-hackers-jan-2023?&web%5Fview=true). An investigation is underway, and we are **waiting** for its findings. I cannot offer further details at the moment. We hope we will have medical activity at normal capacity from Monday.” ### US Burger Chain Five Guys Notify A Data Breach ![Anti phishing software](https://media.mailhop.org/phishprotection/images/2023/01/anti-phishing-software-9944.jpg) Five Guys, a US burger chain, recently disclosed a **data breach** targeting job applicants, and the company can face a **lawsuit** for the [cybersecurity](/content/cybersecurity-in-a-nutshell/) incident. Five Guys started informing customers on December 29 and notified state authorities about the incident. _It is common for businesses to disclose cybersecurity incidents near significant holidays to avoid media coverage._ However, a law firm specializing in cybersecurity incidents,[Turke & Strauss](https://www.securityweek.com/burger-chain-five-guys-discloses-data-breach-impacting-job-applicants?&web%5Fview=true), noticed Five Guys’ data breach notification. The law firm urged the impacted individuals to get in touch with them and discuss potential **legal recourse** against the fast food chain. It also revealed that the **sensitive information** includes customers’ names, driver’s licenses, and Social Security numbers. It’s unclear if the [data breach](/blog/data-breaches-how-they-impact-small-businesses/) was part of a ransomware attack or if an attacker stumbled upon the **unprotected cloud storage**. _Affected individuals were offered free identity protection and credit monitoring services._ ### SpyNote Strikes Again: Financial Institutions Become the Android Spyware’s Target Financial institutions became the latest targets of an **Android malware’s** new version called[SpyNote](https://thehackernews.com/2023/01/spynote-strikes-again-android-spyware.html?&web%5Fview=true)in October 2022 . It combines both banking trojan and spyware characteristics. “The reason behind an increase in the number of SpyNote attacks is that the developer, previously selling it to other actors, made its **source code** public,” according to ThreatFabric. “It helped other cybercriminals develop and distribute the malware and target banking institutions.” Some notable institutions impersonated by the [malware](/content/protection-against-malware/what-is-malware/) include Kotak Mahindra Bank, Deutsche Bank, HSBC UK, and Nubank. SpyNote or **SpyMax** is feature-rich spyware with various capabilities like installing malicious apps, gathering calls, videos, SMS messages, and audio recordings, tracking GPS locations, and hindering efforts to uninstall the app. It also masquerades as an official **Google Play Store service** and other applications in productivity, wallpapers, and gaming categories. Following is a list of a few SpyNote artifacts, mainly delivered through **smishing** attacks: Bank of America Confirmation (yps.eton.application) BurlaNubank (com.appser.verapp) Conversations\_ (com.appser.verapp ) Current activity (com.willme.topactivity) Deutsche Bank Mobile (com.reporting.efficiency) HSBC UK Mobile Banking (com.employ.mb) Kotak Bank (splash.app.main) Virtual SimCard (cobi0jbpm.apvy8vjjvpser.verapchvvhbjbjq) ### Massive Leaked Archive Containing 235 million Twitter Users’ Information Available Online. A [data leak](https://portswigger.net/daily-swig/wago-fixes-config-export-flaw-threatening-data-leak-from-industrial-devices) with email addresses of 235 million Twitter users was recently published on a popular hacker **forum**. Experts immediately analyzed it, confirming the authenticity of the entries in the massive leaked archive. In July end, a cybercriminal leaked 5.4 million Twitter users’ data, obtained by exploiting Twitter’s now-fixed **vulnerability**. In January, a report claimed the discovery of a vulnerability hackers could exploit to find a **Twitter account** through their associated phone number/email. Multiple **threat actors** exploited the[vulnerability](https://securityaffairs.com/140352/data-breach/twitter-data-leak-235m-users.html?web%5Fview=true)to scrape Twitter user profiles with private (email addresses and phone numbers) and public data. Then, they offered the **scraped data** on various online cybercrime marketplaces. _In August, Twitter said that they patched the zero-day flaw discovered by researcher zhirinovskiy through the bug bounty platform HackerOne, which paid him a $5,040 bounty ._ ### Ransomware Attack Shuts Down Massachusetts School District Superintendent John Robidoux said that Swansea Public Schools **canceled classes** recently due to a [ransomware](/content/protection-against-ransomware/what-is-ransomware/) attack shutting down the district’s network. According to the superintendent, no student or staff’s personally identifiable information was compromised in the attack. Robidoux issued a[news release](https://www.boston.com/news/schools/2023/01/04/swansea-schools-ransomware-cyberattack-shut-down/?&web%5Fview=true)saying that Hub Technology, the district’s cybersecurity company, shut down the network and isolated the cyberattack within minutes of the attack. > Robidoux said, “After a preliminary investigation, we determined that no personal staff or student information got compromised, and no **cloud-based** information or files got affected by the attack.” “We believe this attack occurred because of an **encrypted download** run by someone within the district, but it is not [malicious](https://www.bleepingcomputer.com/news/security/malicious-lolip0p-pypi-packages-install-info-stealing-malware/).” Robidoux added, “I am thankful our district enforces robust **security measures** around our network that prevented a bigger issue from occurring.” ### Critical Flaws Discovered In Ferrari, Porsche, Mercedes, BMW, And Other Carmakers ![Anti phishing solutions](https://media.mailhop.org/phishprotection/images/2023/01/anti-phishing-solutions-2249.jpg) BMW, Mercedes, Toyota, Ford, and other famous carmakers utilize vulnerable [APIs](https://www.redhat.com/en/topics/api/what-are-application-programming-interfaces) that can allow attackers to perform malicious activities. Cybersecurity researcher Sam Curry discovered numerous **vulnerabilities** in the vehicles manufactured by various **carmakers** and the services offered by vehicle solutions providers. _Cybercriminals can exploit the vulnerabilities to perform various malicious activities, like unlocking cars and tracking them._ The flaws discovered by the experts impacted[popular brands](https://securityaffairs.com/140328/hacking/bmw-mercedes-toyota-other-carmakers-flaws.html?web%5Fview=true), including Rolls Royce, Ferrari, Ford, Porsche, Kia, Honda, Infiniti, Mercedes-Benz, Genesis, BMW, Nissan, Acura, Toyota, Jaguar, and Land Rover. Furthermore, the research team **discovered** vulnerabilities in the services offered by Reviver, SiriusXM, and Spireon. Exploiting these flaws gave the researchers access to various Mercedes **mission-critical internal applications** through improperly configured [SSO](https://www.carrentalgateway.com/glossary/single-sign-on/). A cybercriminal could have exploited them for remote code execution on multiple systems. Furthermore, the flaws allowed threat actors to access the content of the systems’ memory, leading to the exposure of Mercedes’ customer and **employee PII**. For BMW and Rolls Royce, experts found **SSO vulnerabilities** allowing them to access any employee application. The experts entered [VINs](https://www.autocheck.com/vehiclehistory/vin-basics), gained access to internal dealer portals, and retrieved sales **documents**. ### Toyota Discloses a Data Breach That Exposed Customers’ Personal Information [Toyota Motor](https://www.business-standard.com/article/automobile/toyota-motor-to-roll-out-products-based-on-multiple-clean-technologies-123011500137%5F1.html) Corporation recently revealed a data breach that compromised its customers’ personal information through an access key available to the public on **GitHub** for close to five years. Toyota India reported the data breach at Toyota Kirloskar Motor (a joint venture between Toyota and Indian giant Kirloskar Group) to the appropriate Indian authorities. Toyota **Accidentally** published a portion of the T-connect site source code on GitHub. The carmaker recently discovered that it accidentally published the [source code](https://www.techopedia.com/definition/547/source-code) for its T-Connect website on GitHub. The report said that the incident might have compromised around **296,000 customer records**. The company designed the[T-Connect app](https://gbhackers.com/toyota-discloses-data-breach/?web%5Fview=true), giving car owners access to their vehicle’s **infotainment system** and allowing them to **monitor** who has access to it. The source code also included the data server **access key** with client data like email addresses and management numbers. _The motor giant said that a developer subcontractor exposed the source code._ A notice by the company says, “In December 2017, a “T-Connect” website development **subcontractor** unintentionally uploaded a portion of the source code on [GitHub](https://www.wired.com/story/github-code-signing-sigstore/), exposing it to the public, violating the handling rules.” According to Toyota, “The website development subcontractor’s **inappropriate handling** of the source code caused the incident. We will proceed accordingly.” ### Singapore-Based Crypto Firm Targeted by a Hack, Users Lose More Than $10 Million A cybercriminal manipulated files of a Singapore-based[crypto wallet provider](https://www.straitstimes.com/singapore/singapore-based-crypto-firm-hit-by-boxing-day-hack-more-than-10-million-lost?&web%5Fview=true), enabling victims to download the wallets on their phones and stealing over US$8 million (S$10 million). _Many users reported that their funds got stolen from their BitKeep wallets, although it is unclear how many Singaporean users got affected._ According to PeckShield, a [blockchain security](https://www.simplilearn.com/what-is-blockchain-security-and-its-examples-article#:~:text=Blockchain%20security%20is%20a%20complete,of%20fraud%20and%20cyber%2Dattacks.) and data **analytics** firm, the cryptocurrencies stolen included Binance’s BNB Coin, Ether, and stablecoins Tether and Dai. A BitKeep spokesman, responding to queries from The Straits Times, said it adopted[phishing protection](/) techniques to safeguard its users from further losses, including **freezing** some of the stolen funds and tracing the addresses used in the hack. He further added that they lodged a police report at the end of December, and the police set up a task force in collaboration with cybersecurity **experts**. ## Topics [ Announcements ](/tags/announcements/)[ Phishing ](/tags/phishing/) ![Brad Slavin](https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg) [ Brad Slavin ](/authors/brad-slavin/) General Manager Founder and General Manager of DuoCircle. Product strategy and commercial lead across DuoCircle's 2,000+ customer base. [LinkedIn Profile →](https://www.linkedin.com/in/bradslavin) ## Protect your inbox from phishing attacks Real-time email security with 60-day free trial. No credit card required. [Start Free Trial](https://portal.duocircle.com/cart.php?a=add&pid=101&brand=phishprotection) [View Pricing](/pricing/) ## Related Articles [ Intermediate 6m Cybersecurity Updates For The Week 41 of 2022 Oct 21, 2022 ](/blog/cybersecurity-news-21-oct-2022/)[ Intermediate 6m Cybersecurity Updates For The Week 12 of 2023 Mar 20, 2023 ](/blog/cybersecurity-updates-for-the-week-12-of-2023/)[ Intermediate 6m Cybersecurity Updates For The Week 1 of 2023 Jan 1, 2023 ](/blog/weekly-cyber-news-updates-week-1-of-2023/)[ Intermediate 6m Cybersecurity Updates For The Week 44 of 2022 Nov 11, 2022 ](/blog/weekly-cyber-news-updates-week-44-of-2022/) ```json {"@context":"https://schema.org","@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]} ``` ```json {"@context":"https://schema.org","@type":"WebSite","name":"Phish Protection","url":"https://phishprotection.com","description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]}}} ``` ```json {"@context":"https://schema.org","@type":"BlogPosting","headline":"Cybersecurity Updates For The Week 2 of 2023","description":"Cybersecurity Updates For The Week 2 of 2023: The phishing threat landscape is constantly evolving, with threat actors likely to continue their actions in.","url":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-2-of-2023/","datePublished":"2023-01-08T08:05:29.000Z","dateModified":"2026-04-17T15:43:10.000Z","dateCreated":"2023-01-08T08:05:29.000Z","author":{"@type":"Person","@id":"https://phishprotection.com/authors/brad-slavin/#person","name":"Brad Slavin","url":"https://phishprotection.com/authors/brad-slavin/","jobTitle":"General Manager","description":"Brad Slavin is the founder and General Manager of DuoCircle, the company behind DMARC Report, AutoSPF, Phish Protection, and Mailhop. He founded DuoCircle in 2014 and has led the company's growth to 2,000+ customers across its email security product family. Brad's focus is product strategy, customer relationships, and the commercial and compliance side of email authentication (DPAs, SLAs, enterprise procurement).","image":"https://media.mailhop.org/phishprotection/images/authors/brad-slavin.jpg","knowsAbout":["Email Security Strategy","SaaS Product Management","Enterprise Compliance","Customer Success","Email Deliverability Business"],"worksFor":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com"},"sameAs":["https://www.linkedin.com/in/bradslavin"]},"publisher":{"@type":"Organization","name":"Phish Protection","url":"https://phishprotection.com","logo":{"@type":"ImageObject","url":"https://phishprotection.com/images/phishprotection-logo.png"},"description":"Advanced phishing protection and email security for businesses. Real-time threat defense, time-of-click protection, and seamless Office 365 integration.","parentOrganization":{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138883901","name":"DuoCircle LLC","url":"https://www.duocircle.com","sameAs":["https://www.wikidata.org/wiki/Q138883901","https://www.crunchbase.com/organization/duocircle-llc","https://www.linkedin.com/company/duocircle","https://github.com/duocircle"],"subOrganization":[{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138898167","name":"DMARC Report","url":"https://dmarcreport.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897474","name":"AutoSPF","url":"https://autospf.com"},{"@type":"Organization","@id":"https://www.wikidata.org/wiki/Q138897912","name":"Phish Protection","url":"https://www.phishprotection.com"}]},"sameAs":["https://www.linkedin.com/company/duocircle","https://x.com/duocirclellc","https://www.facebook.com/duocirclellc","https://github.com/duocircle"],"contactPoint":{"@type":"ContactPoint","contactType":"customer support","url":"https://phishprotection.com/contact/"},"knowsAbout":["Phishing Protection","Email Security","Anti-Phishing","Business Email Compromise","Ransomware Protection","Time of Click Protection","Office 365 Email Security","Advanced Threat Defense"]},"mainEntityOfPage":{"@type":"WebPage","@id":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-2-of-2023/"},"articleSection":"intermediate","keywords":"Announcements, Phishing","wordCount":1448,"image":{"@type":"ImageObject","url":"https://media.mailhop.org/phishprotection/images/2023/01/anti-phishing-software-9944.jpg","caption":"Phish Protection blog post image","width":1200,"height":630},"speakable":{"@type":"SpeakableSpecification","cssSelector":[".answer-block","h1"]}} ``` ```json {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https://phishprotection.com/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https://phishprotection.com/blog/"},{"@type":"ListItem","position":3,"name":"Intermediate","item":"https://phishprotection.com/intermediate/"},{"@type":"ListItem","position":4,"name":"Cybersecurity Updates For The Week 2 of 2023","item":"https://phishprotection.com/blog/weekly-cyber-news-updates-week-2-of-2023/"}]} ```