Week 11th Sep - 15th Sep 2023 (Week 37)

:wave: Welcome to this edition of ‘This Week in Cybersecurity’ where together, we delve into a subject that affects us all: cybersecurity and privacy in the digital age.

This week’s edition covers topics such as WiKI-Eve attack that can steal numerical WiFi passwords, to GitHub vulnerability and Kubernetes flaws. These short summaries are to keep you informed with the latest trends and safeguarded against digital threats. Enjoy reading! :newspaper: :mag_right:

1. Iranian threat groups hits thousands with password spray campaign

Microsoft claims that between February and July 2023 an Iranian state-backed APT group known as Peach Sandstorm carried out a wave of cyber espionage attacks against thousands of global targets using password spraying techniques. This is a brute-force technique in which threat actors attempt to authenticate multiple accounts using a list of commonly used passwords. These attacks were initially noisy and widespread, but became more “stealthy and sophisticated” over time. The group used AzureHound and Roadtools to conduct reconnaissance in Microsoft Entra ID environments. It is therefore important to use unique and strong passwords to mitigate such attacks.

Date: Sep 15, 2023
Source: Infosecurity Magazine
Author: Phil Muncaster
Tag: Password Security, Cyber Crime

2. Update your browsers asap

Google, Mozilla, Microsoft and Brave have released critical security patches to address significant vulnerabilities that could allow attackers to infiltrate your computer and execute malicious code. The National Institute of Standards and Technology (NIST) has classified these vulnerabilities as severe and linked them to the rendering of WebP images, a format widely used on the web. Users are urged to update their software to the latest versions immediately. Researchers at Stack Diary noted that the scope of this vulnerability extends beyond browsers to other applications such as Signal and Honeyview, which have issued patches for this issue.

Date: Sep 14, 2023
Source: gHacks.net
Author: Emre Çitak
Tag: Vulnerability, Browser Security

3. Kubernetes flaws could lead to remote code execution on Windows endpoints

Researchers have identified three security flaws in Kubernetes that could lead to remote code execution on Windows endpoints. The vulnerabilities, tracked as CVE-2023-3676 (CVSS 8.8), CVE-2023-3893 and CVE-2023-3955 (CVSS 8.8), are caused by an insecure function call and a lack of user input sanitisation. Attackers can exploit these vulnerabilities to execute remote code with SYSTEM privileges on all Windows endpoints within a Kubernetes cluster, through the use of a malicious YAML file. The flaws affect the default Kubernetes installation, and have been tested against both on-prem deployments and the Azure Kubernetes service. These flaws have been patched since their disclosure.

Date: Sep 14, 2023
Source: Security Affairs
Author: Pierluigi Paganini
Tag: Vulnerability, Cyber Risk/Cyber Threats

4. Password-stealing Linux malware served for 3 years and no one noticed

A download site, freedownloadmanager[.]org, has been secretly distributing malware to Linux users, stealing passwords and other sensitive information for over three years. The site redirects users to the domain deb.fdmpkg[.]org, which consists of malicious content that allows attackers to remotely control the infected device. The malware, an updated version of Bew, collects system data, browsing history, saved passwords, cryptocurrency files and cloud credentials. This malware went undetected due to its sporadic distribution. Researchers believe it was part of a supply chain attack.

Date: Sep 13, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Cyber Crime, Malware

5. Critical Github vulnerability exposes 4000+ repositories to repojacking attack

New findings have recently uncovered a vulnerability in GitHub that allows “repojacking” attacks, potentially affecting over 4000 code packages in languages such as Go, PHP, Swift and GitHub action. Researchers said the flaw could allow an attacker to exploit a race condition in GitHub’s repository creation and username renaming processes to achieve repojacking. Repojacking allows threat actors to take control of repositories, potentially leading to a supply chain attack. The vulnerability highlights the risks associated with the ‘popular repository namespace retirement’ mechanism, that GitHub uses to prevent repository name conflicts. GitHub has addressed the issue.

Date: Sep 12, 2023
Source: The Hacker News
Author: THN
Tag: Software Security, Vulnerability

6. New WiKI-eve attack can steal numerical passwords over WiFi

Researchers have discovered a new attack called ‘WiKI-Eve’ that can intercept smartphone keystrokes on modern WiFi routers and deduce numeric keystrokes with up to 90% accuracy. WiKI-Eve exploits a feature in WiFi 5 (802.11ac) called BFI (beamforming feedback information), which is used to improve signal accuracy. However, BFI data is exchanged in clear text, which can be intercepted without cracking an encryption key and deducing numerical keystrokes. Such attacks pose security risks, and ways to mitigate them include keyboard randomisation, data traffic encryption, WiFi channel scrambling, and more.

Date: Sep 11, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Password Security, Cyber Risk/Cyber Threats

7. Google Chrome rolls out support for ‘Privacy Sandbox’ to bid farewell to tracking cookies

Google has begun rolling out Privacy Sandbox in the Chrome web browser to the majority of its users, after previously announcing its plans. Privacy Sandbox aims to improve privacy and preserve access to information by eliminating third-party cookies while still delivering personalised content and ads. Google is also testing Privacy Sandbox on Android devices running Android 13 in beta. However, the Privacy Sandbox feature hasn’t been without its critics. The ‘Movement for an Open Web’ group questions Google’s collection of personal data, as it’s difficult for web users to avoid the opt-in process. Google is also enhancing real-time protection against phishing attacks through Safe Browsing.

Date: Sep 11, 2023
Source: The Hacker News
Author: THN
Tag: Data Privacy, Browser Security

Conclusion

:tada: That concludes ‘This Week in Cybersecurity’ news roundup. :tada:

As the cyber world continues to evolve, staying informed remains our most important defence. If anything, these news insights prove the need to adopt secure measures, be vigilant and aware, update to the latest versions, have unique and strong passwords or use a password manager to safeguard your data.

Feel free to share any interesting articles you come across in the “In the News” category of passbolt community forum and earn a community badge :name_badge:.

Don’t forget to cast your vote for the most interesting articles you’d like us to feature in the monthly cybersecurity video. :white_check_mark:

  • :one: Password spray campaign
  • :two: Update browsers
  • :three: Kubernetes flaw
  • :four: Password-stealing Linux malware
  • :five: GitHub vulnerability
  • :six: WiKI-Eve attack
  • :seven: Google Chrome’s Privacy Sandbox
0 voters