July 3, 2023

CyberSec Roundup
A synopsis of the Latest Cybersecurity News

TSMC won’t pay $70 Million Ransom

Taiwan Semiconductor Manufacturing Company, a prominent semiconductor manufacturer, addressed reports that they were hacked. LockBit ransomware claimed responsibility for the attack and posted an entry for TSMC on their dark web blog, demanding a ransom of $70 million. However, it was one of TSMC’s suppliers, Kinmax Technology that was compromised, and are working with law enforcement to investigate the incident, as they do not intend to pay the ransom.

MOVEit Victims List Grows

The list of victims exploited by a zero-day vulnerability in the MOVEit Transfer file transfer software is increasing. Siemens Energy confirmed that non-critical data was stolen, but the New York City Department of Education disclosed documents with personal information for 45,000 students was compromised. Clop Ransomware has the primary threat group exploiting this vulnerability.

Samsung and D-Link Flaws Highlighted

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has disclosed a series of vulnerabilities affecting Samsung smartphones and D-Link devices. These types of vulnerabilities are frequent attack vectors for malicious cyber actors and should be patched to eliminate the significant risks they pose, and some of these flaws have been exploited in the wild.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500