This Week’s Top 5 Cybersecurity News Stories March 2024 | 02

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. LockBit Ransomware Hacker Ordered to Pay $860,000 After Guilty Plea in Canada

Mikhail Vasiliev, a 34-year-old Russian-Canadian, has been sentenced to nearly four years in Canadian jail for participating in the LockBit ransomware operation. Arrested in November 2022, Vasiliev faced charges for damaging protected computers and ransomware activities. Seized evidence included a victim list and LockBit ransomware tools. Vasiliev pleaded guilty to cyber extortion and other charges, ordered to pay $860,000 in restitution. This case coincides with significant law enforcement actions against the LockBit group and the conviction of others involved in related cybercrimes, including the operation of Bitcoin Fog, a notorious cryptocurrency laundering service. For more about this story click here


2. Alert: Cybercriminals Deploying VCURMS and STRRAT Trojans via AWS and GitHub

A recent phishing campaign uses a malicious Java-based downloader to distribute remote access trojans like VCURMS and STRRAT, leveraging public services like Amazon Web Services and GitHub for malware storage. The campaign starts with phishing emails tricking users into downloading a harmful JAR file. VCURMS, using a Proton Mail address for control commands, steals sensitive data and system information, while STRRAT, a versatile Java RAT, extracts credentials and acts as a keylogger. This operation reflects a growing trend in sophisticated cyber phishing techniques. For more about this story click here


3. Sweden’s Klarna fined $733,000 over insufficient GDPR information

The Swedish Court of Appeal has fined Klarna, a payments group, 7.5 million crowns ($733,324) for violating the EU’s General Data Protection Regulation (GDPR). The court found that Klarna did not adequately inform users about the storage and handling of their personal data. This decision, which raises the penalty from a previous 6 million crown fine, stems from a 2020 audit by the Swedish Data Protection Agency, focusing on the clarity and accessibility of privacy information provided to clients. Klarna has updated its privacy notes since the period under scrutiny. For more about this story click here


4. Major CPU, Software Vendors Impacted by New GhostRace Attack

The GhostRace attack, identified by researchers, exploits speculative race conditions (SRCs) in CPUs, potentially enabling threat actors to access sensitive data like passwords. This complex attack necessitates physical or privileged access to the target device. It involves speculative execution, a known CPU vulnerability, combined with race conditions in synchronization primitives. The researchers used a technique called Inter-Process Interrupt Storming to demonstrate data leakage in the Linux kernel. While the focus was on x86 and Linux, all major hardware architectures are susceptible. Intel, AMD, Arm, and IBM, aware of the issue, have issued advisories, with some vendors implementing preventive measures. The vulnerability, assigned CVE identifiers CVE-2024-2193 and CVE-2024-26602, has prompted the release of a proof-of-concept exploit and related tools.n against Poland. For more about this story click here


5. Italy opens up probe into OpenAI’s Sora

The Italian Data Protection Authority is investigating OpenAI’s AI model, Sora, which generates videos from text and existing media. Concerned about personal data processing in the EU, particularly Italy, the Authority seeks clarifications from OpenAI on Sora’s training, including the type of data used, whether personal data is involved, and the source of this data. OpenAI has 20 days to respond. Sora, known for creating realistic videos, was trained on publicly available and licensed data, as confirmed by OpenAI’s CTO. For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!