Cybersecurity Decrypted #33: May 8 – 15

📰 Headlines

• The LockBit ransomware gang has been hacked. The hacker defaced a LockBit site with the message, “Don’t do crime, crime is bad xoxo from Prague”, as well as a link to the leaked data, which includes details about attacks and messages between LockBit affiliates and victims. 🔗
• The U.S. DoJ and Lumen Technologies’ Black Lotus Labs team have seized two Anyproxy and 5socks botnet services and indicted four individuals for their alleged involvement in the long-running botnet services. 🔗
• A Kosovo national has been extradited to the U.S. for his role in running the cybercrime marketplace, BlackDB.cc. The man appeared in court this week and could face up to 55 years in federal prison. 🔗
• An alleged 89 million Steam user records and 2FA codes have been leaked on the dark web. It’s not currently known from where in the supply chain the leak originated. 🔗

📡 Threat Watch

• Morphisec researchers have uncovered a campaign in which threat actors are offering fake genAI tools to social media users. Instead of providing the user with an AI-generated image or video, the “tool” installs credential-stealing malware.  🔗
• A ClickFix attack against student engagement platform “iClicker” has been using a fake CAPTCHA to trick university students and staff into installing malware. 🔗
• Non-profit healthcare system Ascension Health has disclosed that a recent data breach exposed the data of over 437k patients, including their names, addresses, contact details, healthcare information, and Social Security numbers. 🔗
• Physical security provider Andy Frain has disclosed an attack carried out in 2024 by the Black Basta ransomware group. Over 100k impacted individuals have been offered 12 months of credit monitoring and identity restoration services. 🔗
• Pearson, the U.K.-based education company and academic publisher, has suffered a cyberattack in which “largely legacy data” was stolen. Attackers gained access through an exposed GitLab Personal Access Token. 🔗

🪲Patches And Updates

• Apple’s latest iOS, MacOS, and iPadOS security updates fix a code execution flaw triggered by malicious image files. 🔗
• ASUS has released a patch for DriverHub’s RCE vulnerability. The vulnerability enables malicious sites to execute commands on devices with DriverHub installed. 🔗
• After they were added to the KEV catalog last week, SonicWall has released patches for three potential RCE flaws in its Secure Mobile Access 100 appliances. 🔗
• Fortinet has released a patch for a critical vulnerability that had been exploited as a zero-day in attacks against FortiVoice phone systems. 🔗
• Microsoft’s latest Patch Tuesday update has fixed a total of 72 bugs, including five exploited zero-days. 🔗

🚨 Industry News

• Crowdstrike’s CEO has let go of over $1 billion in shares, significantly cutting his own voting power. The company’s shares have risen 90% since last August. This comes after Crowdstrike announced plans last week to lay off 500 workers. 🔗
• Commvault has announced a strategic partnership with Deloitte in order to offer a unified cyber resilience platform that supports businesses before, during, and after an attack, and includes “robust advisory and consultative services.”🔗
• Twilio has announced a multi-year partnership with Microsoft to jointly advance conversational AI. 🔗
• In a bit to combat the cybersecurity talent gap, the Linux Foundation and Open Source Security Foundation have partnered to launch the Cybersecurity Skills Framework, which helps organizations identify knowledge gaps and build critical skills into their existing IT roles. 🔗

🌎 Global News

• Google has been ordered to pay the state of Texas nearly $1.4 billion for illegally collecting users’ private data, including their “Incognito mode” searches. 🔗
• Following criticisms that it would make young people less safe online, Florida has rejected the “Social Media Use By Minors” bill, which would have required encryption backdoors for all social media platforms that allow minors to create an account. 🔗
• A new European Vulnerability Database has been launched by the EU. It will provide information invulnerabilities affecting IT, OT and IoT products. 🔗
• Google has warned that Scattered Spider, the cybercriminal group carrying out attacks on British retail chains, has begun targeting U.S. companies and that U.S. retailers should “take note.”  🔗
• North Korea-backed APT group TA406 is targeting the Ukrainian government with cyber espionage attacks in an attempt to support the DPRK’s military involvement in the Russo-Ukrainian war, according to Proofpoint researchers. 🔗
• APT group Marbled Dust is exploiting a zero-day vulnerability in a messaging app in order to spy on Kurdish military operations in Iraq, according to Microsoft Threat Intelligence. 🔗

💡Cybersecurity Solution Spotlight

A selection of top cybersecurity solutions we’ve reviewed recently. Check them out!

• Action1 provides fast, easy patch management for small teams – free account available. Read our review here.
• Crashplan provides flexible backup and controls for SaaS apps like M365 and Google Workspace. Read our review.
• Proofpoint is the world’s largest email security provider, delivering protection to organizations of all sizes. Check out our review.
• Twingate is a highly effective zero trust network access solution that enables organizations to easily provision secure, remote access. Read our review.
• Thales SafeNet Trusted Access is a trusted enterprise identity and access management solution. Read our review of the service.

🎙️The Expert Insights Podcast

The Expert Insights Podcast is your go-to source for insights from cybersecurity experts. We bring you weekly interviews from top cybersecurity thought leaders.

This week on the show:

• • Morey Haber, Chief Security Advisor at BeyondTrust, discusses the latest trends in Microsoft vulnerabilities. Listen Now

• • Chris McHenry, Head of Product at Aviatrix, joins us to explore the evolving landscape of cloud security. Listen Now

Coming soon:

• • John Hultquist, Chief Analyst at Google Threat Intelligence Group, on the cyber-threats you need to know about.

• • Nicole Bucala, General Manager of Comcast’s DataBee, on the shifting cybersecurity landscape.

• • Patrick Joyce, Global Resident CISO at Proofpoint, on the evolving role of the CISO.

• • Nicole Carignan, SVP of Security at Darktrace, unpacks the rise of agentic AI in cybersecurity.

Subscribe today.

🔍 Expert Insights: Latest From Us

Don’t miss this week’s round of interviews & insights with cybersecurity experts and thought leaders.

• • The Top 7 Interactive Application Security Testing (IAST) Tools

• • Network Security 101: A Deep Dive Into Implementing A Strong And Effective Firewall

• • Customer Identity & Access Management Market Overview: Key Stats & Trends For 2025

• • “Agentic AI”: An Autonomous Future For Cybersecurity, Or Just Another Buzzword?

• • The Top 7 Interactive Application Security Testing (IAST) Tools

That’s all for this week! 👋

How did you find this newsletter? Please send us any feedback to help us improve. Thanks for your support.

Expert Insights’ Cybersecurity Resources

• • Top Cyber Threat Intelligence Solutions

• • Top RMM Solutions For MSPs

• • Top Mobile Device Management (MDM) Solutions

• • Top Email Security Gateways

• • Top Email Security Solutions For Office 365

• • Top Identity And Access Management Solutions

• • Top Phishing Protection Solutions

• • Top Phishing Simulation And Testing Solutions

• • Top Cyber Threat Intelligence Solutions