Week 14th Aug - 18th Aug 2023 (Week 33)

Welcome to this edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age.

We’ve curated a selection of articles ranging from covering topics like the shutting down of Discord.io after suffering a breach, to LinkedIn account takeovers, and upcoming new features such as the first quantum-resilient FIDO2 security key and its auto-removal feature for malicious extensions. Keep up to date with these brief summaries and stay safe online.

1. Google Chrome’s new feature alerts users about auto-removal of malicious extensions

Google has announced it will add a new feature to the upcoming Chrome release. The new feature will alert users when an installed extension has been removed from the Chrome Web Store due to developer action, policy violation, or being flagged as malware. This ‘Safety Check’ feature will notify users in the ‘Privacy and Security’ section. Users can then choose to remove the extension or hide the warning, but extensions flagged as malware will be automatically disabled. In addition, Google plans to update the entire ‘http://’ URL navigation to ‘https://’, showing warnings while downloading high-risk files on insecure connection and enabling HTTPS-First Mode by default in Incognito Mode.

2. Phishers use QR codes to target companies in various industries

A phishing campaign that uses QR codes to target various industries has been discovered. The phishing attempts are aimed at acquiring Microsoft credentials. Major targets include the US energy sector, manufacturing, insurance, technology, and financial services. The campaign involves sending phishing emails containing a PNG or PDF that prompts victims to update their Microsoft account security settings or add two-factor authentication by scanning a QR code. The embedded QR code often leads to Bing redirect URLs to avoid detection. Users should be aware and cautious in order to stay safe online.

3. This $70 device can spoof an Apple device and trick you into sharing your password

Security researchers at Def Con demonstrated how a custom device can trigger pop-up messages on iPhones, urging users to connect their Apple ID or share a password with a nearby Apple TV. The research project shows that turning off bluetooth requires navigating to the ‘Settings’ app rather than a quick-access ‘Control Centre.’ These researchers used a $70 Raspberry Pi to send custom advertisement packets that mimicked Apple TV and triggered the pop-up. The device was not built to collect data, but to expose the flaw in Apple’s Bluetooth Low Energy protocol.

4. Google introduces first quantum resilient FIDO2 security key implementation

Google has unveiled the first quantum-resilient FIDO2 security key implementation as part of its OpenSK security key initiative. The open source implementation uses a unique hybrid ECC/Dilithium signature schema that combines the security of the ECC with resilience against quantum attack. Written in Rust, OpenSK supports both the FIDOU2F and FIDO2 standards. Google announced plans to standardise this implementation more as part of the FIDO2 key specification, so that user credentials can be protected against quantum attacks. This comes after Google’s proposal to support quantum-resistant encryption algorithms in the Chrome browser, starting with version 116.

5. Major LinkedIn account takeover campaign underway

Security researchers have warned of a global account takeover campaign targeting LinkedIn users. Many frustrated users have taken to social media and there’s been a significant surge in Google searches for ‘LinkedIn account hacked’ and ‘LinkedIn support.’ The attackers have focused on breaching accounts protected by multi-factor authentication (MFA) or brute-force attacks on password-only accounts, resulting in LinkedIn locking out legitimate user accounts. The consequences of the account takeover range from ransom messages, account deletion, social engineering, data harvesting, and the distribution of malicious content.

6. An Apple malware-flagging tool is “trivially” easy to bypass

Mac security researcher, Patrick Wardle has discovered vulnerabilities in Apple’s MacOS Background Task Management mechanism that could be exploited to bypass Apple’s new tool defeating the purpose of it. Apple introduced the Background Task Management tool in macOS Ventura to detect software persistence events that could indicate malicious activity. However, Wardle discovered that sophisticated malware could easily bypass the tool and disable persistent event notification even without root access. Wardle stressed the need for a more robust mechanism tool to ensure better MacOS security.

7. Discord.io confirms breach after hacker steals data of 760k users

Discord.io, a third-party custom invite service, has been temporarily shut down after a data breach affecting 760,000 members. The individual behind the attack has been named as ‘Akhirah,’ They are selling the database on the new Breached hacking forums. Sensitive information such as usernames, email and billing addresses, passwords and Discord IDs were included in the breached database. Discord.io confirmed the authenticity of the breach and responded by temporarily shutting down its server and website. Members are advised to be wary of phishing attacks and to check the main website for possible password resets.

Conclusion

That’s it for ‘This Week in Cybersecurity’. We hope that these concise summaries of the latest trends in cybersecurity and data privacy have helped you stay informed and ensure your security in the digital world.

Feel free to share any news articles that you come across in the ‘In the News’ category of the Passbolt community forum and earn a community badge .

We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity”

Cast your vote below for the article(s) you’d like to see featured in the video: