The Top Cybersecurity News Stories This Month: April 2023

Apr 28

Google Chrome got a security update, a global security alliance was formed, and Apple Devices are being targeted, there was no shortage of cybersecurity-related headlines in April.

Here are the top 5 cybersecurity stories that emerged this month:

1. Google urgently fixes 0-day vulnerability in Chrome

Source: Security Parrot

In order to address a zero-day vulnerability targeted by an exploit that is already in circulation online and could enable the execution of malicious code, Google has urgently released a security update for Chrome.

Users were urged by Google to update to Chrome 112.0.5615.121 as soon as possible. The patched version fixes the issue, which is identified in the US National Vulnerability Database as CVE-2023-2033 and affects systems running Windows, Mac, and Linux.

"Google has released a new update for Chrome browser, fixing its second zero-day vulnerability identified by Google's Threat Analysis Group. The CVE-2023-2136 could lead to arbitrary code execution and access to the system if exploited. Read more at https://t.co/cwwzSs1to0"
— Security Parrot (@security_parr0t) April 19, 2023

2. Seven countries unite to push for secure-by-design development

Source: CSO Online

An alliance of ten security agencies from seven different countries formed to create a guide for software developer organizations to ensure that their products are both secure by design and by default. The collaborating agencies are The Australian Cyber Security Centre, The Canadian Centre for Cyber Security, Germany’s Federal Office for Information Security, Netherlands’ National Cyber Security Centre , New Zealand’s Computer Emergency Response Team New Zealand and National Cyber Security Centre, The United Kingdom’s National Cyber Security Centre, The US’s Cybersecurity and Infrastructure Security Agency, Federal Bureau of Investigation, and National Security Agency.

“Secure by design” is defined as those where the security of the customers is a core business goal, not just a technical feature. Products labeled “secure by default” are those that are secure to use out of the box with little to no configuration changes necessary and security features available without additional cost.

With both secure by design and secure by default measures in place these agencies hope to remove the security burden from the customer, reducing the chances they will be exploited by security incidents.

3. Payments Giant NCR Hit by Ransomware

Sources: SecurityWeek

On April 12, NCR revealed that it was looking into an "issue" with its Aloha restaurant point-of-sale system. NCR reported an outage at a single data center had affected a small percentage of its hospitality customers' ancillary Aloha applications on April 15.

“On April 13, we confirmed that the outage was the result of a ransomware incident. Immediately upon discovering this development we began contacting customers, engaged third-party cybersecurity experts and launched an investigation. Law enforcement has also been notified,” NCR said.

Restaurants that were impacted should still be able to serve guests since only a few particular functionalities have been affected, according to the firm, which has been trying to restore affected services.

4. Experts warn of an emerging Python-based credential harvester named Legion

Source: Security Affairs

Researchers from Cado Labs discovered Legion, a new Python-based credential harvester and hacking tool. The sample examined by Cado Labs currently has a low detection rate of 0 on VirusTotal.

Legion is a modular tool that criminals can use to access a number of online sites. Legion, which is similar to AndroxGh0st discovered back in December, is a modular tool that can be used by crooks to hack into various online services.

5. Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

Source: The Hacker News

A new Apple macOS malware strain named RustBucket is thought to have been created by a financially motivated North Korean threat actor.

"[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.

The connections stem from tactical and infrastructure overlaps with a prior campaign exposed by Russian cybersecurity company Kaspersky in late December 2022 likely aimed at Japanese financial entities using fake domains impersonating venture capital firms.

The FBI implicated the same threat actor for an incident in June 2022 for the theft of $100 million in cryptocurrency assets from Harmony Horizon Bridge.

For all the the latest cybersecurity news download our free mobile app, Onyxia: Cybersecurity Intel, available on iOS and Google Play stores.