June 14, 2023

CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Ransomware Exposes Jamaican Officials

A ransomware attack on brokerage firm Mayberry Investments Limited in Jamaica has resulted in the exposure of personal information belonging to government ministers, former senators, and business leaders. The leaked data dates back to 2009 and includes corporate information such as portfolio details and bank statements, along with personal information like birth certificates and passports. Mayberry has reassured clients that their financial positions have not been compromised and has reported the incident to the Jamaica Constabulary Force’s Cybercrimes Unit. The attack was carried out by Play Ransomware, which leaked the information on their dark web site after the ransom was not paid.

Fortinet Fixes Critical SSL-VPN Vulnerability

Fortinet released firmware updates for Fortigate firewall to address critical vulnerability, tracked as CVE-2023-27997. The security fixes are for a pre-authentication vulnerability in SSL-VPN that can allow a remote attack to take control of the device. Administrators need to update their devices before this vulnerability is exploited by threat actors.

Widespread Brand Impersonation Scam Uncovered

Bolster’s threat research team discovered a widespread brand impersonation scam campaign that targeted over 100 popular clothing, footwear, and apparel brands, including Nike, Puma, Adidas, and more. The campaign began in June 2022 and saw a peak in phishing activity between November 2022 and February 2023. The threat actors registered thousands of domains to deceive unsuspecting customers and profit from their scams.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500