Welcome to our weekly dose of critical cyber stories. So what are the top cybersecurity stories from the third week of July 2023?
In this week’s cybersecurity roundup, we delve into a series of significant incidents and reports that have made headlines. From a major heist exploiting a flaw in Revolut’s payment systems to central bankers warning about the cyber threats to digital currencies, the landscape of cyber threats continues to evolve and expand. We also look at the recent vulnerabilities discovered in Microsoft’s Outlook and Teams, the alarming prevalence of ransomware in the health sector, the disturbing case of ransomware criminals leaking children’s private files in US schools, and more.
Revolut Faces $20 Million Loss due to Payment System Exploit
In a significant cybersecurity incident, malicious actors exploited an unknown flaw in Revolut’s payment systems, resulting in a theft of over $20 million. The flaw, which originated from discrepancies between Revolut’s U.S. and European systems, allowed funds to be erroneously refunded using Revolut’s own money when transactions were declined. Organized criminal groups leveraged this loophole, leading to a net loss of about $20 million for the neobank and fintech firm. The exact technical details associated with the flaw remain unclear. This incident underscores the critical need for robust security measures in financial institutions to prevent such exploits.
Central Bankers Highlight Cyber Threats to Digital Currencies
Central bankers have warned about the potential cyber threats to digital currencies. The Bank for International Settlements (BIS) highlighted that as digital currencies become more prevalent, they also become a more attractive target for cybercriminals. The BIS urged central banks to ensure robust security measures are in place to protect against potential cyber attacks.
Microsoft Outlook and Teams Flaws Exposed
Microsoft faced a challenging week with an Outlook.com bug that prevented users from searching their emails and a Teams flaw that could allow phishing emails and malware to be sent to other Teams users. The company fixed the Outlook.com issue but has decided not to fix the Teams flaw, stating that it relies on social engineering to be successful.
Ransomware Accounts for 54% of Cyber Threats in the Health Sector
The European Union Agency for Cybersecurity (ENISA) released a report revealing that ransomware accounts for 54% of cybersecurity threats in the health sector. The report also highlighted that most organizations in the health sector lack a program to mitigate ransomware attacks.
Ransomware Criminals Leak Children’s Private Files After US School Hacks
In a disturbing development, ransomware criminals leaked children’s private files after hacking US schools. The leaked documents contained sensitive information about student sexual assaults, psychiatric hospitalizations, and other personal details. The incident underscores the urgent need for improved cybersecurity measures in educational institutions.
MITRE Unveils Top 25 Most Dangerous Software Weaknesses of 2023
MITRE released its annual list of the top 25 most dangerous software weaknesses for 2023. The list, based on an analysis of public vulnerability data, includes Out-of-bounds Write, Cross-site Scripting, SQL Injection, and Use After Free among the top threats. The organization urged software developers and programmers to be aware of these weaknesses to prevent serious vulnerabilities in their software.