Welcome to this edition of ‘This Week in Cybersecurity’ where together, we delve into a subject that affects us all: cybersecurity and privacy in the digital age.
This week’s edition covers topics such as WiKI-Eve attack that can steal numerical WiFi passwords, to GitHub vulnerability and Kubernetes flaws. These short summaries are to keep you informed with the latest trends and safeguarded against digital threats. Enjoy reading! 
1. Iranian threat groups hits thousands with password spray campaign
Microsoft claims that between February and July 2023 an Iranian state-backed APT group known as Peach Sandstorm carried out a wave of cyber espionage attacks against thousands of global targets using password spraying techniques. This is a brute-force technique in which threat actors attempt to authenticate multiple accounts using a list of commonly used passwords. These attacks were initially noisy and widespread, but became more “stealthy and sophisticated” over time. The group used AzureHound and Roadtools to conduct reconnaissance in Microsoft Entra ID environments. It is therefore important to use unique and strong passwords to mitigate such attacks.
| Date: | Sep 15, 2023 |
|---|---|
| Source: | Infosecurity Magazine |
| Author: | Phil Muncaster |
| Tag: | Password Security, Cyber Crime |
2. Update your browsers asap
Google, Mozilla, Microsoft and Brave have released critical security patches to address significant vulnerabilities that could allow attackers to infiltrate your computer and execute malicious code. The National Institute of Standards and Technology (NIST) has classified these vulnerabilities as severe and linked them to the rendering of WebP images, a format widely used on the web. Users are urged to update their software to the latest versions immediately. Researchers at Stack Diary noted that the scope of this vulnerability extends beyond browsers to other applications such as Signal and Honeyview, which have issued patches for this issue.
| Date: | Sep 14, 2023 |
|---|---|
| Source: | gHacks.net |
| Author: | Emre Çitak |
| Tag: | Vulnerability, Browser Security |
3. Kubernetes flaws could lead to remote code execution on Windows endpoints
Researchers have identified three security flaws in Kubernetes that could lead to remote code execution on Windows endpoints. The vulnerabilities, tracked as CVE-2023-3676 (CVSS 8.8), CVE-2023-3893 and CVE-2023-3955 (CVSS 8.8), are caused by an insecure function call and a lack of user input sanitisation. Attackers can exploit these vulnerabilities to execute remote code with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster, through the use of a malicious YAML file. The flaws affect the default Kubernetes installation, and have been tested against both on-prem deployments and the Azure Kubernetes service. These flaws have been patched since their disclosure.
| Date: | Sep 14, 2023 |
|---|---|
| Source: | Security Affairs |
| Author: | Pierluigi Paganini |
| Tag: | Vulnerability, Cyber Risk/Cyber Threats |
4. Password-stealing Linux malware served for 3 years and no one noticed
A download site, freedownloadmanager[.]org, has been secretly distributing malware to Linux users, stealing passwords and other sensitive information for over three years. The site redirects users to the domain deb.fdmpkg[.]org, which consists of malicious content that allows attackers to remotely control the infected device. The malware, an updated version of Bew, collects system data, browsing history, saved passwords, cryptocurrency files and cloud credentials. This malware went undetected due to its sporadic distribution. Researchers believe it was part of a supply chain attack.
| Date: | Sep 13, 2023 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
| Tag: | Cyber Crime, Malware |
5. Critical Github vulnerability exposes 4000+ repositories to repojacking attack
New findings have recently uncovered a vulnerability in GitHub that allows “repojacking” attacks, potentially affecting over 4000 code packages in languages such as Go, PHP, Swift and GitHub action. Researchers said the flaw could allow an attacker to exploit a race condition in GitHub’s repository creation and username renaming processes to achieve repojacking. Repojacking allows threat actors to take control of repositories, potentially leading to a supply chain attack. The vulnerability highlights the risks associated with the ‘popular repository namespace retirement’ mechanism, that GitHub uses to prevent repository name conflicts. GitHub has addressed the issue.
| Date: | Sep 12, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Software Security, Vulnerability |
6. New WiKI-eve attack can steal numerical passwords over WiFi
Researchers have discovered a new attack called ‘WiKI-Eve’ that can intercept smartphone keystrokes on modern WiFi routers and deduce numeric keystrokes with up to 90% accuracy. WiKI-Eve exploits a feature in WiFi 5 (802.11ac) called BFI (beamforming feedback information), which is used to improve signal accuracy. However, BFI data is exchanged in clear text, which can be intercepted without cracking an encryption key and deducing numerical keystrokes. Such attacks pose security risks, and ways to mitigate them include keyboard randomisation, data traffic encryption, WiFi channel scrambling, and more.
| Date: | Sep 11, 2023 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
| Tag: | Password Security, Cyber Risk/Cyber Threats |
7. Google Chrome rolls out support for ‘Privacy Sandbox’ to bid farewell to tracking cookies
Google has begun rolling out Privacy Sandbox in the Chrome web browser to the majority of its users, after previously announcing its plans. Privacy Sandbox aims to improve privacy and preserve access to information by eliminating third-party cookies while still delivering personalised content and ads. Google is also testing Privacy Sandbox on Android devices running Android 13 in beta. However, the Privacy Sandbox feature hasn’t been without its critics. The ‘Movement for an Open Web’ group questions Google’s collection of personal data, as it’s difficult for web users to avoid the opt-in process. Google is also enhancing real-time protection against phishing attacks through Safe Browsing.
| Date: | Sep 11, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Data Privacy, Browser Security |
Conclusion
That concludes ‘This Week in Cybersecurity’ news roundup.
As the cyber world continues to evolve, staying informed remains our most important defence. If anything, these news insights prove the need to adopt secure measures, be vigilant and aware, update to the latest versions, have unique and strong passwords or use a password manager to safeguard your data.
Feel free to share any interesting articles you come across in the “In the News” category of passbolt community forum and earn a community badge 
.
Don’t forget to cast your vote for the most interesting articles you’d like us to feature in the monthly cybersecurity video. 
Password spray campaign
Update browsers
Kubernetes flaw
Password-stealing Linux malware
GitHub vulnerability
WiKI-Eve attack
Google Chrome’s Privacy Sandbox