23 May 2023 Weekly Newsletter

BOCRA website



Join us on Slack

Follow us on Facebook

EU Regulators Hit Meta with Record $1.3 Billion Fine for Data Transfer Violations

                                                     LATEST CYBER HACKS 


ChatGPT Bug Exposed Payment Details of Paid Users

OpenAI has confirmed that a software bug on Monday caused ChatGPT to expose conversation histories from random users and payment details for some paid users. As a result, the company has reached out to affected users and implemented measures to prevent similar incidents in the future.


Microsoft 365 hit by new outage causing connectivity issues

Microsoft is investigating service issues preventing users from accessing their Microsoft 365 accounts and blocking access to installed apps. The company confirmed the issue in a tweet shared via the Microsoft 365 Status account and pointed admins to the Microsoft 365 Admin Center for more details.


More UK councils caught by Capita's open AWS bucket blunder

The bad news train keeps rolling for Capita, with more local British councils surfacing to say their data was put on the line by an unsecured AWS bucket, and, separately, pension clients warning of possible data theft in March's mega breach.



Android phones are vulnerable to fingerprint brute-force attacks

Researchers at Tencent Labs and Zhejiang University have presented a new attack called 'BrutePrint,' which brute-forces fingerprints on modern smartphones to bypass user authentication and take control of the device.


KeePass Exploit Allows Attackers to Recover Master Passwords from Memory

A proof-of-concept (PoC) has been made available for a security flaw impacting the KeePass password manager that could be exploited to recover a victim's master password in cleartext under specific circumstances.



TurkoRAT Mimics NPM Packages to Infect Developers

Researchers found a pair of malicious npm packages that gathered over a thousand downloads by developers worldwide. The packages in question concealed an open-source information stealer called TurkoRAT. 


Malicious Windows kernel drivers used in BlackCat ransomware attacks

The ALPHV ransomware group (aka BlackCat) was observed employing signed malicious Windows kernel drivers to evade detection by security software during attacks. The driver seen by Trend Micro is an improved version of the malware known as 'POORTRY' that Microsoft, Mandiant, Sophos, and SentinelOne spotted in ransomware attacks late last year.


Cloned CapCut websites push information stealing malware

A new malware distribution campaign is underway impersonating the CapCut video editing tool to push various malware strains to unsuspecting victims. CapCut is ByteDance's official video editor and maker for TikTok, supporting music mixing, color filters, animation, slow-mo effects, picture-in-picture, stabilization, and more.


                               GENERAL NEWS


Upgrade your device with this Windows 11 Pro license deal

Remote work and bring-your-own-device policies mean that all your computers should be up to professional standards. A Microsoft Widows 11 Pro license shifts your laptop, desktop, or professional tablet up to a higher gear, with no coupon needed.


Google will delete accounts inactive for more than 2 years

After that time has passed, the accounts "may" be deleted, along with all their contents, settings, preferences, and user-saved data. This includes all data stored on services such as Gmail, Docs, Drive, Meet, Calendar, Google Photos, and YouTube.