Week 10th July - 14th July 2023 (Week 28)

:tada: Welcome to this week’s edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :tada:

:lock: This week we’ve curated some interesting cybersecurity news relating to new Mozilla features, the EU’s decision on the EU-US Data Privacy Framework that allows transfer of data from Europe to US companies and a fake PoC for Linux Kernel vulnerability on Github. Have a read at these short summaries and stay updated and informed. :heart: :newspaper:

1. OpenAI’s ChatGPT under investigation by Federal Trade Commission

The US Federal Trade Commission (FTC) has opened an investigation into OpenAI’s ChatGPT to learn more about the company’s data privacy practices, including allegations that ChatGPT violates consumer protection laws and data security regulations. The investigation will also determine whether ChatGPT provides false and misleading information in its responses. News of this inquiry was first reported in the Washington Post. However, OpenAI has faced a number of legal challenges from a variety of people for fabricating defamatory claims about them and acquiring illegal copies of their work. When it comes to data privacy, OpenAI has been continuously questioned, such as when Italy blocked ChatGPT for failing to comply with its GDPR laws.

Date: Jul 14, 2023
Source: Sky News
Author: Sarah Taaffe-Maguire
Tag: ChatGPT, AI

2. Fake PoC for Linux Kernel vulnerability on GitHub exposes researchers to malware

A proof-of-concept (PoC) has been discovered on GitHub, disguising itself as a harmless learning tool, but hiding a backdoor with malicious methods. The PoC appears to address the recently disclosed high-severity flaw in a Linux kernel. However, through this backdoor, it actually steals sensitive data and gains remote access. Another PoC has been identified that impacted VMware Fusion. Users who have downloaded and run these PoCs are advised to take precautions and use safe practices such as testing in isolated environments.

Date: Jul 13, 2023
Source: The Hacker News
Author: THN
Tag: Vulnerability, Cyber Risk/Cyber Threats

3. Chinese hackers raided US government email accounts by exploiting Microsoft cloud bug

Chinese hackers exploited a vulnerability in Microsoft’s cloud email service, compromising around 25 government official email accounts and related customer accounts. Microsoft noted that the China-based hacking group, called Storm-0558, gained access to the email accounts by obtaining Microsoft’s Consumer Signing Key to forge authentication tokens, access user accounts, and impersonate Azure AD users. Microsoft stated it had that mitigated the month-long attack and it is unclear whether any sensitive information was exfiltrated. CISA and the FBI are urging people to report any anomalies found in Microsoft 365.

Date: Jul 12, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Cyber Risk/Cyber Threats, Vulnerability

4. Apple re-releases zero-day patch after fixing browsing issue

Apple has released a fixed version of its emergency security update after initially withdrawing it due to browsing issues on certain websites. The rapid security response patches a zero-day vulnerability (CVE-2023-37450) affecting the WebKit browser engine, which allows attackers to execute arbitrary code by tricking targets into opening maliciously crafted web pages. Update to the latest versions iOS 16.5.1 (c), iPadOS 16.5.1 (c) and MacOS 13.4.1 (c) Security Response updates that address the web browsing issues.

Date: Jul 12, 2023
Source: Bleeping Computer
Author: Sergiu Gatlan
Tag: Vulnerability, New Releases

5. Big tech can transfer Europeans’ data to US in win for Facebook and Google

The European Commission has announced its decision to allow the transfer of personal data from Europe to US companies stating that the US ensures an adequate level of data protection. However, the EU-US Data Privacy Framework is facing a number of legal challenges from data privacy advocates who have expressed concerns about US government surveillance and the need to change US surveillance laws. The framework greatly benefits big tech companies such as Facebook and Google. The EU said the new framework will limit US intelligence agencies’ access to EU data, establish a Data Protection Review Court (DPRC) to be overseen by the US Department of Commerce and the US Federal Trade Commission.

Date: Jul 11, 2023
Source: Ars TECHNICA
Author: Jon Brodkin
Tag: Data Privacy, Data Protection

6. New Mozilla feature blocks risky add-ons on specific websites to safeguard user security

Mozilla has announced a new feature called Quarantined Domains which blocks some add-ons from running on certain sites for security. The move, introduced in Firefox version 115.0, is designed to prevent malicious attacks by threat actors who exploit the openness of the add-on ecosystem. Users will have more control over the settings with Firefox version 116. This feature came after Mozilla criticised France’s browser-based website blocking proposal for undermining content moderation norms and aiding authoritarian governments in censorship efforts.

Date: Jul 10, 2023
Source: The Hacker News
Author: THN
Tag: Browser Security, New Features


:tada: That concludes ‘This Week in Cybersecurity’ roundup. The incidents that unfolded this week serve as a reminder for individuals and organisations to remain vigilant, adopt secure practices, and stay updated on the emerging threats. :tada:

Feel free to share any interesting articles you come across in the ‘In the News’ category of the Passbolt community forum.

Let’s hear your thoughts on all things data privacy and cybersecurity. What do you think of the U-US Data Privacy Framework – EU’s decision regarding the transfer of personal data from Europe to the US companies? Share your thoughts! :newspaper: :partying_face:

We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity” :video_camera:

Cast your vote below for the article(s) you’d like to see featured in the video: :white_check_mark:

  • :one: OpenAI’s ChatGPT
  • :two: Fake PoC on GitHub
  • :three: Microsoft cloud bug
  • :four: Apple patch
  • :five: Transfer of EU’s data
  • :six: Mozilla feature
0 voters
1 Like