Cyber Weekly Digest - 2023 Week #49
This week, we are thrilled to announce a new partnership with disruptive Cyber Asset Management vendor - ThreatAware. You can read more about the partnership HERE
Now, let's take a look at our Cyber Weekly Digest, highlighting our top cyber security news picks of the week.
This week we heard about a new Bluetooth Flaw letting hackers take over devices, an update in the 23andMe credential theft saga and a warning from the UK NCSC and Microsoft as they expose Russian hacking group!
Keep reading to stay up to date on the latest cyber security news.
1. New Bluetooth Flaw Let Hackers Take Over Android, Linux, macOS, and iOS Devices
A critical Bluetooth security flaw could be exploited by threat actors to take control of Android, Linux, macOS and iOS devices. Successful exploitation of the flaw could permit an adversary in close physical proximity to connect to a vulnerable device and transmit keystrokes to install apps and run arbitrary commands. The vulnerability affects a wide range of devices running Android (going back to version 4.2.2, which was released in November 2012), iOS, Linux, and macOS. Further, the bug affects macOS and iOS when Bluetooth is enabled and a Magic Keyboard has been paired with the vulnerable device. It also works in Apple's LockDown Mode, which is meant to secure against sophisticated digital threats.
2. Founder of Bitzlato Crypto Exchange Pleads Guilty in Money-Laundering Scheme
The Russian founder of the now-defunct Bitzlato cryptocurrency exchange has pleaded guilty, nearly 11 months after he was arrested in Miami earlier this year. Anatoly Legkodymov (aka Anatolii Legkodymov, Gandalf, and Tolik), according to the U.S. Justice Department, admitted to operating an unlicensed money-transmitting business that enabled other criminal actors to launder their illicit proceeds. He faces up to five years in prison.
3. 23andMe updates user agreement to prevent data breach lawsuits
As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company. In a recent update, 23andMe told BleepingComputer that a total of 6.9 million people were impacted by the breach — 5.5 million through the DNA Relatives feature and 1.4 million people through the Family Tree feature.
4. UK and allies expose Russian FSB hacking group, sanction members
The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor "Callisto Group" (aka "Seaborgium" or "Star Blizzard") is targeting organisations worldwide with spear-phishing campaigns used to steal account credentials and data. In January this year, NCSC warned about Callisto's attacks, underlining the group's open-source intelligence (OSINT) and social engineering skills.
Today, the United Kingdom officially attributed attacks to Callisto that led to the leaking of UK-US trade documents, the 2018 hack of the UK think tank Institute for Statecraft, and more recently, the hack on StateCraft's founder Christopher Donnelly.
5. SpyLoan Android malware on Google Play downloaded 12 million times
More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites. They pose as legitimate financial services for personal loans that promise "quick and easy access to funds." However, they trick users into accepting high-interest payments and then the threat actor blackmails victims into paying the money. To defend against the SpyLoan threat, only trust established financial institutions, carefully review the requested permissions upon installing a new app, and read user reviews on Google Play, which often contain clues about the fraudulent nature of the app.
©2025 Cyber Vigilance
Powered by Disruptive
Naggs Stable, Old Portsmouth Road, Guildford, Surrey, England, GU3 1LP