Top 5 Cybersecurity Headlines to Know this Month
BARR Advisory Senior Consultant Kevin Lewis has picked out five security and compliance headlines from the past month that you need to know. Take a look to find out what our consulting team has been reading this April—plus, scroll to see Kevin’s CISO Pick of the Month for a must-attend virtual event on audit-proofing your AI implementation.
Rockstar Games Hit by Data Theft Attack
Rockstar Games has been targeted by hackers for the second time in three years. The group ShinyHunters has claimed responsibility for accessing servers through a third-party cloud provider. While the attackers have threatened to publish stolen data unless a ransom is paid, Rockstar has downplayed the incident, stating that it involved only a limited amount of non-material information with no impact on players. This breach follows the 2023 Lapsus$ attack against the company that leaked unfinished gameplay and serves as another reminder of the persistent risks associated with third-party cloud environments.
➡️ Read more
FBI Disrupts Russian Cyber Threat
The FBI and international partners have disrupted a GRU-led network that exploited vulnerable SOHO routers to conduct large-scale DNS hijacking. By compromising devices like TP-Link routers, Russian actors redirected traffic to malicious resolvers to facilitate adversary-in-the-middle attacks and harvest sensitive credentials. While the operation targeted military and government data, the indiscriminate nature of the breach highlights the urgent need for users to patch firmware and disable remote management interfaces.
➡️ Read more
Iran-Linked Group Targets U.S. Utilities
A joint advisory warns that the Iran-linked group CyberAv3ngers is exploiting internet-facing industrial controllers across U.S. water and energy sectors. The group utilizes a sophisticated malware platform, IOCONTROL, to harvest sensitive data while blending into legitimate network traffic. Because recent attacks leverage an unpatchable authentication bypass in Rockwell Automation controllers, isolating these devices through network segmentation is a critical defense.
➡️ Read more
Tomcat Flaw Introduces New Vulnerability
The Apache Software Foundation released emergency updates after a flawed security patch introduced a new bypass vulnerability in Apache Tomcat. Originally intended to fix a padding oracle flaw, the defective patch created a secondary issue that allows attackers to bypass the EncryptInterceptor entirely. Additionally, a bug in Tomcat’s certificate validation could cause authentication to succeed even when it should fail. Administrators should update to the latest releases immediately to resolve these cryptographic and access control weaknesses.
➡️ Read more
Meta Platform Abused for Phishing
Cybercriminals are exploiting Meta’s Business Manager to send phishing emails that appear to be genuine notifications from a verified domain. By abusing the “partner request” feature, attackers bypass standard email filters to deliver credible-looking invites that lead to counterfeit login pages. With over 40,000 emails sent to thousands of organizations, this campaign highlights the danger of trusting platform notifications without verifying them directly within the application.
➡️ Read more
CISO Pick of the Month:
Audit-Proofing Your AI Implementation: Webinar
How do you move fast with AI—without creating audit risk? 🔒
On Wednesday, May 13 at 2 p.m. ET, join BARR Advisory CEO Brad Thies and C1 CISO Will Bengtson for an in-depth discussion on how to build AI environments that stand up to scrutiny and create a clear path forward for responsible AI adoption. 🚀
Get The Scoop
Want to get these insights straight to your inbox? Subscribe to Take5, our monthly newsletter featuring top security and compliance headlines, events, and resources—brought to you by CISOs from BARR’s cybersecurity consulting team.