Read also: Germany dismantles DDoS-friendly host ‘FlyHosting,’ Spanish hacker ‘Alcasec’ arrested, and more.

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Handing out advice on how to secure self hosted MS systems seems not to have been used internally. Ho hum…

As reported widely in the press, the Genesis Market is no more. On Tuesday 4th April 2023, the FBI seized control of the infamous marketplace that’d had hundreds of thousands of stolen digital identities for sale, replacing its login page with a takedown notice and call for further information from its users.

How hard can it be to support custom container image tags? Turns out… quite! I know this because my team has been busy at work on our new custom base image support for Snyk Container, andwe were tasked with the following problem: Given a tag, parse its parts to be able to compare it to other similar tags. It was a fun problem to solve, and we'd love to share how we got to our final solution!

Driving for companies like Uber is always risky, as you never know who you will pick up, where you will have to take them, and if your vehicle could break down. However, drivers should not have to worry about their identities while driving. Uber was just hit by a cyber attack back in December that hurt more than 77,000 employees, and it seems the company is suffering from another serious data loss that could impact some of its drivers, yet again.

Phishing attacks that can evade detection by email scanners are improving their chances of reaching the inbox, thanks to an increase in the use of one specific attachment type. According to new data found in HP Wolf Security’s latest Security Threat Insights Report for Q4 of 2022, 13% of all email threats being sent make their way past layered email security defenses to reach the user’s inbox. This, up from the previously published finding of 11.7% of threats doing so by Acronis.

Over a decade ago, the sketch comedy show Portlandia tried to answer a simple question: why do hipsters put birds on everything? Teapots, tote bags, greeting cards, pillows — even toast. When in doubt, put a bird on it.

With web application exploits the 3rd-most-common cybersecurity threat, overlooking the importance of XSS vulnerabilities puts you at risk. As we move through 2023, many organizations are looking at their cybersecurity programs and considering how to allocate their application security testing resources. While allocating testing resources to OWASP Top 10 vulnerabilities like cross-site scripting (XSS) may not feel innovative, it’s one of the best ways to ensure an organization’s security.

Does your company have secret intel that only a few employees can handle? Do you lose sleep over the thought of sneaky hackers getting their grubby little paws on your precious data? Don't take any chances with your business! Level up your security game with privileged access management and keep those cyber threats at bay. Privileged access refers to the rights of specific users, such as IT administrators or executives, to access files, critical systems, or sensitive data.

Attackers who were previously abusing DigitalOcean to host a tech support scam have expanded the operation, now abusing StackPath CDN to distribute the scam, and are likely to start abusing additional cloud services to deliver the scam in the near future. From February 1 to March 16, Netskope Threat Labs has seen a 10x increase of traffic to tech support scam pages delivered by StackPath CDN.