Weekly Cybersecurity News

𝐂𝐲𝐛𝐞𝐫𝐏𝐮𝐥𝐬𝐞 𝐄𝐩𝐢𝐬𝐨𝐝𝐞 𝟏𝟏

photo of 𝐂𝐲𝐛𝐞𝐫𝐏𝐮𝐥𝐬𝐞 𝐄𝐩𝐢𝐬𝐨𝐝𝐞 𝟏𝟏

This week, we dive into major GDPR fines, emerging malware threats, and global scam takedowns.


📱 Netflix Fined for GDPR Violations

Key Issues Identified:

⟶ Dutch DPA fined Netflix €4.75 million for not adequately informing users about data usage (2018–2020).

⟶ Violations include insufficient details on data sharing, retention periods, and security measures for transfers outside Europe.

⟶ Customers were not provided full access to their data upon request.

Outcome:

⟶ Netflix updated its privacy policy but is contesting the fine.

⟶ Similar complaints filed against Amazon, Apple Music, Spotify, and YouTube.


🛠️ Glutton: A Malware Targeting PHP Frameworks

Discovery and Attribution:

⟶ Glutton, a PHP-based backdoor, was identified by QiAnXin XLab in attacks targeting systems globally.

⟶ Linked to the Winnti group (APT41), though with uncharacteristically subpar stealth features.

Malicious Features:

⟶ Exploits frameworks like Laravel, ThinkPHP, and Yii, with modular payloads.

⟶ Infects PHP files and drops ELF-based backdoors for persistence and sensitive data theft.

Notable Techniques:

⟶ Sells compromised enterprise hosts to cybercriminal forums.

⟶ Uses tools like HackBrowserData to steal information for phishing campaigns.


💰 Meta Fined €251 Million for 2018 Breach

Context:

⟶ Irish DPC fined Meta €251 million for exposing data of 3 million EU users.

⟶ Highlighted vulnerabilities in GDPR compliance and user data security.

Impact:

⟶ Underscores the importance of robust measures for global platforms.


📂 Malicious Office Macros in Cyber Attacks

Technique Used:

⟶ Malicious Word documents with macros download payloads, including Trojans.

⟶ Targets achieve remote control of infected systems for data exfiltration.

Final Objective:

⟶ Facilitate long-term access to networks for cyber espionage and financial theft.


💰 Fintrap: Fraudulent Investment Applications

Context:

⟶ Over 10 million victims in 2024 fell prey to fake investment apps promising high returns.

Threats:

⟶ Total loss of funds and theft of financial data.

User Advice:

⟶ Verify platform licenses and avoid apps with excessive permissions or no reviews.


🛠️ Dismantling Global Scam Networks

Operation VENUS:

⟶ Europol dismantled a major network involved in social engineering scams.

⟶ Resulted in over 150 arrests across 10 countries.

Global Impact:

⟶ Significant reduction in scam operations and enhanced global collaboration.