

Apurva Venkat
Principal Correspondent
Apurva Venkat is principal correspondent for the India editions of CIO, CSO, and Computerworld. She has previously worked at ISMG, IDG India, Bangalore Mirror, and Business Standard, where she reported on developments in technology, businesses, startups, fintech, e-commerce, cybersecurity, civic news, and education.


Malware disguised as ChatGPT apps are being used to lure victims, Meta says
Since March, Meta has discovered malware using ChatGPT and other AI themes to steal user data and compromise business accounts.

BlackCat group releases screenshots of stolen Western Digital data
The screenshots included an image of a meeting that was held by the company to discuss the response to the recent cybersecurity incident.

White House seeks information on tools used for automated employee surveillance
The information will be used to ascertain if employers are violating antitrust and privacy laws, including whether companies use technologies to artificially reduce wages.

Chinese hackers launch Linux variant of PingPull malware
The identification of a Linux variant of PingPull malware, as well as the recent use of the Sword2033 backdoor, shows Alloy Taurus continues to evolve its operations in support of its espionage activities.

Iranian hacking group targets Israel with improved phishing attacks
Research by CheckPoint presents a new and improved infection chain leading to the deployment of a new version of a Windows backdoor called PowerLess.

Hackers behind 3CX breach also breached US critical infrastructure
The attackers have been linked to North Korea and appear to be involved in cyberespionage and financially motivated attacks.

Iran cyberespionage group taps SimpleHelp for persistence on victim devices
Group-IB researchers have also identified a previously unknown command and control infrastructure and a PowerShell script that APT group MuddyWater is using for its cyberespionage and IP theft attacks.

New Qbot campaign delivers malware by hijacking business emails
The new Qbot email campaign uses a combination of PDF and WSF to install the malware and steal the victim’s banking credentials.

Google urges users to update Chrome to address zero-day vulnerability
Google has released Chrome version 112.0.5615.121 to address a vulnerability that can allow malicious code execution on Windows, Mac, and Linux systems.

Stolen ChatGPT premium accounts up for sale on the dark web
There has been an increase in discussions and trades related to ChatGPT on the dark web since March, according to Check Point.

Microsoft patches vulnerability used in Nokoyawa ransomware attacks
The vulnerability identified as CVE-2023-28252 is a privilege escalation flaw affecting the Windows Common Log File System driver.

OpenAI starts bug bounty program with cash rewards up to $20,000
Based on the severity and impact of the reported vulnerability, OpenAI will hand out cash rewards ranging from $200 for low-severity findings to up to $20,000 for exceptional discoveries.

3CX DesktopApp compromised by supply chain attack
3CX will be releasing an update for the DesktopApp in the next few hours; meanwhile, users are urged to use the PWA Client instead.

DarkBit puts data from Israel’s Technion university on sale
DarkBit had previously demanded 80 bitcoins as ransom, and said it would sell the data within five days if the ransom went unpaid.

Hackers changed tactics, went cross-platform in 2022, says Trend Micro
Ransomware groups are adopting corporate structures, Microsoft macros are no longer an easy target, and the Rust programming language is making it easier to write multiplatform malware.

Part of Twitter source code leaked on GitHub
Twitter has filed a case in the US District Court for the Northern District of California seeking GitHub to identify the person who shared the code.

As critical Microsoft vulnerabilities drop, attackers may adopt new techniques
As critical Microsoft software vulnerabilities decline, attackers will need to chain together less severe exploits to achieve code execution, elevate system privilege levels, and move around victim networks.

Developed countries lag emerging markets in cybersecurity readiness
Organizations in Asia-Pacific countries including Indonesia, the Philippines, Thailand, and India are generally more prepared for cyberattacks than their peers in more economically developed nations, according to a new Cisco report....

BianLian ransomware group shifts focus to extortion
The shift in the operating model comes as a result of Avast’s release of a decryption tool that allowed a victim of the BianLian ransomware gang to decrypt and recover their files without paying the ransom.