The Week in Cyber Security News, May 4 - 10
01. The details of 44 million Pakistani mobile subscribers have been leaked online, just weeks after a hacker tried to sell a package containing 115 million Pakistani mobile user records for $2.1 million in bitcoin.
02. Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack, after the company received numerous reports that attackers were targeting a vulnerability patched last month.
03. Cyberattackers have bundled a version of the video-conferencing software Zoom alongside a backdoor - RevCode WebMonitor RAT.
04. Toll Group - Asia Pacific's leading provider of transportion and logistics services, with roughly 44,000 employees at 1,200 locations in more than 50 countries - has suffered its second ransomware cyberattack in three months, this one by the Nefilim Ransomware.
05. Software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.
06. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system.
07. Europe's largest private hospital operator and a major provider of dialysis products and services, which are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.
08. A hacker has discovered Spotify passwords, Gmail & Netflix session cookies, etc. on Tesla car parts sold on e-commerce giant eBay.
09. A website that seemingly offers images and icons for download has been proven to be a cover-up for a credit card skimming operation.
10. It's been discovered that a code obfuscation tool linked to Chinese-based hackers has been used in tandem with an implant that has been attributed a hacking faction broadly believed to have ties to the National Security Agency.
11. Samsung has released a security update to fix a critical vulnerability impacting all smartphones sold since 2014.
12. A New York City law firm that serves some of the world's biggest stars of stage and screen appears to have fallen victim to a REvil ransomware attack, and the attackers are threatening to expose nearly 1TB of celebrities' private data unless a Bitcoin ransom is paid.
13. A hacker group claims to have breached ten companies and is selling their respective user databases, totalling more than 73 million user records, for around $18,000 each on a dark web marketplace.
14. International rail vehicle construction company, Stadler, has revealed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.
. . .
If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.