Week 19th - 23rd June 2023 (Week 25)

:rocket: :tada: Welcome to this week’s edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :tada:

Since Friday was observed as a public holiday in Luxembourg, we’re delivering ‘This Week in Cybersecurity’ roundup today. We’ve curated a few interesting articles of the week ranging from Reddit data breach, to EU calling for analysis of the risks for generative AI and Microsoft Teams under malware attack. These incidents show the importance of always updating to the latest versions, having strong passwords, and staying vigilant in downloading any unknown attachments. Stay safe online! :newspaper: :partying_face:

Microsoft Teams vulnerability allows attackers to deliver malware to employees

Security researchers have found a bug in Microsoft Teams that could allow attackers to deliver malware directly into employees’ Microsoft Teams inbox as a file for download. The bug is seen to exploit the default settings, letting the external users to contact staff in the organisation. This tactic has been exploited by the attackers as it can bypass anti-phishing controls by leveraging employees’ trust in Teams messages. As a mitigation approach, Microsoft warns users to restrict external contact, adjust the security setting and educate staff on potential threat attacks.

Date: Jun 23, 2023
Source: Helpnet Security
Author: Zeljka Zorz
Tag: Vulnerability, Malware

Zero-day alert: Apple releases patches for actively exploited flaws in iOS, macOS, and Safari

Apple on June 21, 2023 released a number of patches for iOS, iPadOS, macOS, watchOS and Safari browser to address multiple vulnerabilities, including two zero-day flaws that have been weaponised in a mobile surveillance campaign called Operation Triangulation. The flaws included an integer overflow vulnerability in the Kernel and a memory corruption vulnerability in WebKit. The spyware targets iOS devices via iMessages with an exploit for a remote code execution (RCE) vulnerability. Therefore, always remember to update to the latest versions to mitigate against such attacks and stay safe online.

Date: Jun 22, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Vulnerability, Spyware

One in three UK and Ireland workers susceptible to phishing

According to a report by KnowBe4, more than one in three workers in the UK and Ireland are susceptible to falling for phishing attacks. These reports highlight the vulnerability organisations fall to phishing and social engineering. Such attacks could result in significant reputational damage, financial loss and disruption to business operation. Therefore, organisations should take necessary steps to protect themselves against these attacks by taking more security awareness training and fostering a robust security culture within organisations.

Date: Jun 21, 2023
Source: Infosecurity Magazine
Author: Alessandro Mascellino
Tag: Social engineering, Vulnerability

Consumer group calls on EU to urgently investigate ‘the risks of generative AI’

The European Consumer Organisation (BEUC) has called for an urgent investigation into the risks associated with generative AI, raising concerns on how the system might “deceive, manipulate and harm people.” This action coincided with the Norwegian report highlighting the numerous problematic issues of AI. The EU has recently approved its official AI law, which will be finalised by the end of the year, categorising AI applications based on their risks assessment. The BEUC’s voice in this will influence the role the regulators will take.

Date: Jun 20, 2023
Source: Tech Crunch
Author: Ingrid Lunden
Tag: AI, Data Protection

Over 100,000 stolen ChatGPT account credentials sold on dark web marketplaces

Between June 2022 and May 2023, there have been over 101,100 compromised OpenAI ChatGPT account credentials that were discovered on the dark web marketplaces, with India alone accounting for 12,632 stolen credentials. It is seen that the majority of the breaches are carried out by the notorious Raccoon info stealer, Vidar and RedLine. This poses a threat especially to those enterprises that use ChatGPT. In order to mitigate against such attacks, users are advised to use strong passwords and secure their accounts with two-factor authentication (2FA).

Date: Jun 20, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Cyber Risk/Cyber Threats, Password Security

Hackers threaten to leak 80GB if confidential data stolen from Reddit

A BlackCat ransomware gang, also known as ALPHV, have threatened to release the stolen 80 gigabyte of compressed data from Reddit during the February breach. The hackers have been demanding the company to pay a ransom of $4.5million and reverse its controversial API price hikes. Reddit’s new API pricing plan has been subject to controversies lately with popular third party Reddit app announcing its close down and thousands of subreddits going dark as a sign of protest. Reddit hasn’t responded to the demands made by the group.

Date: Jun 19, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Enterprise, Ransomware


That is all for ‘This Week in Cybersecurity’. We hope you enjoyed reading these short weekly roundups and remember to always stay informed with the latest news to better protect yourselves and your loved ones in the digital world. :tada: :partying_face:

Feel free to share any interesting articles you come across in the “In the News” category of passbolt community forum and connect with others. :heart: