Security News

The Week in Cyber Security News, May 4 - 10

01. The details of 44 million Pakistani mobile subscribers have been leaked online, just weeks after a hacker tried to sell a package containing 115 million Pakistani mobile user records for $2.1 million in bitcoin.

02. Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack, after the company received numerous reports that attackers were targeting a vulnerability patched last month.

03. Cyberattackers have bundled a version of the video-conferencing software Zoom alongside a backdoor - RevCode WebMonitor RAT.

04. Toll Group - Asia Pacific's leading provider of transportion and logistics services, with roughly 44,000 employees at 1,200 locations in more than 50 countries - has suffered its second ransomware cyberattack in three months, this one by the Nefilim Ransomware.

05. Software giant Citrix has privately been rolling out a critical software update to its enterprise customers that patches multiple security vulnerabilities affecting Citrix ShareFile content collaboration platform.

06. The North Korea-linked cyberthreat group known as Lazarus Group has added a new variant of the Dacls remote-access trojan (RAT) to its arsenal of spy gear, designed specifically for the Mac operating system.

07. Europe's largest private hospital operator and a major provider of dialysis products and services, which are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems.

08. A hacker has discovered Spotify passwords, Gmail & Netflix session cookies, etc. on Tesla car parts sold on e-commerce giant eBay.

09. A website that seemingly offers images and icons for download has been proven to be a cover-up for a credit card skimming operation.

10. It's been discovered that a code obfuscation tool linked to Chinese-based hackers has been used in tandem with an implant that has been attributed a hacking faction broadly believed to have ties to the National Security Agency.

11. Samsung has released a security update to fix a critical vulnerability impacting all smartphones sold since 2014.

12. A New York City law firm that serves some of the world's biggest stars of stage and screen appears to have fallen victim to a REvil ransomware attack, and the attackers are threatening to expose nearly 1TB of celebrities' private data unless a Bitcoin ransom is paid.

13. A hacker group claims to have breached ten companies and is selling their respective user databases, totalling more than 73 million user records, for around $18,000 each on a dark web marketplace.

14. International rail vehicle construction company, Stadler, has revealed that it was the victim of a cyberattack which might have also allowed the attackers to steal company and employee data.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Get weekly security news and vulnerability alerts

Join over 1,000 others receiving a free weekly report with a round-up of vulnerabilities and security news customised to your software stack. See an example email

Example email for SecAlerts

Earlier: