Connect with us

Hi, what are you looking for?



In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea

Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea. 

Cybersecurity News tidbits

SecurityWeek is publishing a weekly cybersecurity roundup that provides a concise compilation of noteworthy stories that might have slipped under the radar.

We provide a valuable summary of stories that may not warrant an entire article, but are nonetheless important for a comprehensive understanding of the cybersecurity landscape.

Each week, we will curate and present a collection of noteworthy developments, ranging from the latest vulnerability discoveries and emerging attack techniques to significant policy changes and industry reports.

Here are this week’s stories:  

Cybercriminals targeting hotels, booking sites and travel agents

Cybercriminals are deploying infostealer malware on the systems of hotels, booking sites and travel agents, and then use the access they have obtained to reach out to their customers through legitimate communication channels. The goal is to trick the targeted company’s customers to hand over payment card information, Akamai reported

Diplomatic phishing operations of Russia’s APT29 

Mandiant has published a technical report describing the diplomatic phishing operations of Russia’s APT29 cyberespionage group since the start of the war in Ukraine. The cybersecurity firm has seen significant changes in the threat actor’s tooling and tradecraft. 

Advertisement. Scroll to continue reading.

Spanish aerospace company targeted by North Korean hackers

A Spanish aerospace company has been targeted by the North Korean hacker group Lazarus with a previously unknown backdoor named LightlessCan. The attackers gained initial access to the company’s systems after posing as a recruiter for Meta, ESET reported.

ShadowSyndicate working with various ransomware groups

Group-IB has analyzed the activities of a threat actor named ShadowSyndicate, which has worked with various ransomware groups and affiliates since July 2022. There is evidence that the group was involved in Quantum, Nokoyawa, ALPHV, Royal, Cl0p, Cactus, and Play ransomware operations.

APT and financial attacks on industrial organizations 

Kaspersky has published a report summarizing the state-sponsored and financially motivated attacks launched against industrial organizations in the first half of 2023. 

Fort Lauderdale loses $1.2 million in BEC attack

The city of Fort Lauderdale in Florida has lost $1.2 million in a BEC attack that involved the attackers posing as a construction company the city has been working with, CNN reported. The cybercriminals provided documents that made their request for the money seem legitimate. 

French hacker pleads guilty in the US

Sebastien Raoult, aka Sezyo Kaizen, a French citizen and member of the notorious ShinyHunters cybercrime group, has pleaded guilty in a US court to fraud and identity theft charges. He was arrested last year in Morocco and extradited to the US in January. Authorities say Raoult and his accomplices stole hundreds of millions of user records and caused losses of over $6 million.

US sanctions Russian and Chinese firms over national security risks

The US has sanctioned companies in China, Russia and other countries, citing national security risks. 

Marvin attack on RSA encryption

A researcher has disclosed the details of Marvin, a new attack method against RSA encryption that demonstrates Bleichenbacher-style attacks work against many software implementations of the PKCS#1 v1.5 padding scheme for RSA key exchange that were until now believed to be safe. 

Meta describes privacy safeguards in new generative AI features

Meta has described the privacy safeguards implemented in its new generative AI features in an effort to protect users’ information. The new features include a conversational assistant, AI stickers, as well as 28 more AIs with unique personalities and interests. 

Related: In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking

Related: In Other News: China Blames NSA for Hack, AI Jailbreaks, Netography Spin-Off

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...