SMS Blaster Busts, OpenEMR Flaws, 600K Roblox Hacks: Threat Report

Law enforcement agencies in the United States and Europe have dismantled a sprawling SMS phishing campaign that leveraged fake cellular base stations, known as IMSI catchers, to blast millions of fraudulent text messages. The operation, dubbed 'Operation SMS Blaster', resulted in the seizure of 14 portable IMSI catcher devices, 12 domain names, and the arrest of three suspects in Texas, Florida, and the Netherlands. The attackers used the devices to spoof legitimate carrier cell IDs, bypassing SMS filtering, sending messages that claimed to be from banks, shipping companies, and cryptocurrency exchanges.

In the healthcare sector, the open-source electronic medical record system OpenEMR disclosed a critical remote code execution vulnerability, tracked as CVE-2023-28471, affecting versions prior to 7.0.0.1. The flaw resides in a misconfigured PHP eval() call within the portal module, allowing an unauthenticated attacker to inject malicious code via a specially crafted HTTP POST request. OpenEMR’s security team released a patch, and the Department of Health and Human Services urged covered entities to apply the update within 48 hours.

Roblox, the popular online gaming platform, disclosed a data breach that exposed the personal information of approximately 600,000 users. The breach stemmed from a credential stuffing attack that exploited reused passwords harvested from a third‑party data dump. Leaked data includes email addresses, bcrypt‑hashed passwords, and in some cases limited billing information. Roblox’s incident response team locked affected accounts, forced password resets, and is collaborating with law enforcement to trace the source.

Beyond these headline‑grabbing incidents, this week’s threat landscape saw a surge in supply chain attacks targeting widely used JavaScript libraries, a new ransomware variant named 'LockByte 2.0' that encrypts VDI images, and a wave of deepfake phishing emails impersonating CEOs. Researchers also identified a zero‑day in a popular VPN client (CVE-2023-29532) that allows privilege escalation, and the Microsoft bounty program awarded $250,000 for a critical Azure Sphere flaw. Overall, the frequency of multi‑vector attacks underscores the need for organizations to adopt a zero‑trust architecture, regularly update threat intelligence feeds, and enforce strong authentication mechanisms.