Week 13th March - 17th March 2023

:tada: Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week’s newsletter we’ve curated a few relevant news stories in the field of cybersecurity. With digital threats on the rise, it is important to stay up-to-date with the latest trends be it a professional in the field or businesses or individuals concerned about their online safety.

Whatsapp takes on the EU regarding encryption and child abuse content

Whatsapp Head, Will Cathcart, said that the chat app refuse to comply with the legislation in the UK’s Online Safety Bill that sought to outlaw end-to-end encryption on the basis of the government handling on child sexual abuse material (CSAM). This would mean weakening security protocols, complying to authorities’ requests for handing over messages which Whatsapp doesn’t do. Another messaging app, Signal, said that it would walk away from the UK if this bill is approved.

Date: Mar 11, 2023
Source: ghacks.net
Author: Shaun Jooste
Tag: Encryption, Data Privacy

The risk of pasting confidential company data into ChatGPT

Researchers from Cyberhaven Labs have analysed that the use of ChatGPT in the workplace could potentially cause leak of sensitive and confidential data. Some companies like JP Morgan and Verizon have blocked access to the chatbot in the workplace. The researchers pointed out that while ChatGPT doesn’t have the ability to store or acquire company or personal data and it doesn’t represent a risk to the security of company data in itself, it is important to exercise due diligence in sharing sensitive information online.

Date: Mar 13, 2023
Source: Security Affairs
Author: Pierluigi Paganini
Tag: Cyber Risk/Cyber Threats, AI, ChatGPT

Warning: AI-generated YouTube video tutorials spreading infostealer malware

Threat actors have recently been using AI-generated YouTube videos to spread stealer malware such as Raccoon, RedLine and Vidar. They use these videos to lure people into downloading cracked software by pretending to be tutorial videos of licensed products. YouTube had witnessed a 200-300% increase of videos containing links to stealer malware in the video description. One way to mitigate such risks includes enabling MFA, refrain from clicking unknown links and be alert in downloading softwares.

Date: Mar 13, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Social engineering, Cyber Risk/Cyber Threats, AI

Still using authenticators for MFA? Software for sale can hack you anyway

Microsoft has profiled new phishing software for sale in online forums that can even bypass the common form of multi-factor authentication (MFA). The software sells at $300 for standard version and $1000 for VIP users. This phishing kit can defeat common forms of MFA including the time-based one time password (TOTP) by using a technique known as AitM, short for adversary in the middle which uses a phishing site that prompts users to enter their credentials in real sites in real time. Microsoft researchers have listed out several mitigating measures including Windows Defender and anti-phishing solutions. But the most effective would be FIDO2.

Date: Mar 15, 2023
Source: arsTECHNICA
Author: Dan Goodin
Tag: Social engineering, Cyber Risk/Cyber Threats

Github releases blueprint for budding open source program offices

Github has published its own internal repository aimed at helping businesses set up their inaugural open source program office (OSPO). The new Github-OSPO will include everything from policies to licence agreements, to guides and archive repositories. OSPO is emerging as a staple part of modern organisations and helps in formalising loose collective of employees working on open source projects. Github notes that this will help small-scale open source projects become more substantial and organised.

Date: Mar 15, 2023
Source: Tech Crunch
Author: Paul Sawers
Tag: Open Source, Enterprise

Google uncovers 18 severe security vulnerabilities in Samsung Exynos chips

Google announced 18 vulnerabilities in Samsung Exynos chips affecting Android smartphones from Samsung, Vivo, Google, wearables and vehicles. It says that 4 vulnerabilities allow the attacker to compromise a phone at the baseband level with no user interaction and the other 14 vulnerabilities are not that severe as it requires local access or network insider. Fixes for Pixel 6 and 7 have already been rolled out and users of other devices are recommended to switch off Wi-Fi calling and Voice over LTE (VoLTE).

Date: Mar 17, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Mobile Security, Tech, Network Security

In case you come across any interesting news articles relating to cybersecurity, vulnerabilities, data privacy issues, don’t hesitate to share in ‘In The News’ category of Passbolt community forum.

Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. :partying_face: :tada:

1 Like