Week 20th March - 24th March 2023

:tada:Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week we’re changing the layout of the news articles. Thanks to a suggestion from @garrett , we’re listing the recent news on the top. In this week’s newsletter we’ve curated a wide range of interesting articles including fake ChatGPT browser extension, USB drive explosion, Ferrari’s ransomware, the rise of Emotet malware again. In today’s world, cybersecurity is more important than ever and staying informed is crucial. So sit back, relax and let us bring you up to speed on the news that matters.

Github swiftly replaces exposed RSA SSH key to protect git operations

Github, which is a cloud-base repository hosting service said it took steps in replacing its RSA SSH host key used to secure git operations after it was briefly exposed in public repository. The activity was carried on only as a precautionary measure to prevent any bad actors from impersonating the service or eavesdropping on users’ operations over SSH. The change only impacts Git operations over SSH using RSA and not required for ECDSA or Ed25519 users. The company said that there was no evidence that the exposed SSH private key was exploited.

Date: Mar 24, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Cloud Security

Fake ChatGPT chrome browser extension caught hijacking Facebook accounts

Google has removed a fake OpenAI’s ChatGPT chrome browser extension from its official web store that sought to harvest Facebook session cookies and hijack the accounts. Installing the extension, activates the threat actor to be able to capture Facebook-related cookies and exfiltrate it to a remote server in an encrypted manner. This enables the threat actor to seize Facebook accounts, passwords, profile names and pictures. This shows how threat actors are already cashing ChatGPT for malware attacks.

Date: Mar 23, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Malware, AI, Cyber Risk/Cyber Threats

Journalist plugs in unknown USB drive mailed to him-it exploded in his face

Five Ecuadorian journalists have received a USB drive in the mail from Quinsaloma that was meant to explode when activated. Lenin Artieda of the Ecuavisa TV station inserted the USB to his computer after which it exploded causing him mild injuries to his hand and face. Ecuador Interior Minister said the incidents send "an absolutely clear message to silence journalists.” This is an important reminder to not click on random link messages or open unknown attachments or inserting unknown USB drives. We need to be more aware to protect ourselves better against such risks.

Date: Mar 23, 2023
Source: Ars TECHNICA
Author: Scharon Harding
Tag: Malware, Cyber Risk/Cyber Threats

German political parties accused of microtargeting voters on Facebook

Privacy activist at Nyob has filed complaints with German data protection watchdog claiming that six of German political parties broke European Data Law when they targeted voters during Germany’s 2021 federal election on Facebook’s adtech platform. Six of the political parties whose complaints have been filed, have seats in the German’s parliament and only two parties have not been filed. Nyob claims that users have been selected because Facebook had “evaluated their political views in the background” in target advertising which goes against political views being protected under Article 9 of Europe’s GDPR.

Date: Mar 22, 2023
Source: The Register
Author: Jude Karabus
Tag: Data Protection, Politics, Data breach

Hackers drain bitcoin ATMs of $1.5 million by exploiting 0-day bug

General Bytes-made Bitcoin ATMs were hacked by attackers exploiting zero-day vulnerability draining millions of dollars in digital coins. The threat actors exploited a vulnerability that allowed them to use the crypto application server (CAS) interface to upload and execute a malicious Java application. This enabled them to gain access to API keys, private keys and terminal event logs. Going forward, General Bytes will no longer manage CASes on behalf of customers and terminal holders will have to manage it themselves.

Date: Mar 22, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Hack, Cyber Crime

2022 Zero-Day exploitation continues at a worrisome pace

Threat intelligence firm Mandiant reported that there were 55 zero-day vulnerabilities that were exploited in the wild in 2022 and majority is from software like Microsoft, Google and Apple. Although the number decreased from 81 in 2021, this is still continuing at a worrisome pace. Out of the 55 vulnerabilities, 4 were exploited by financially motivated threat actors and 75% were ransomware. Among the state-sponsored groups, China emerged as the most prolific, exploiting 7 zero-days. North Korea and Russia exploited 2 zero-days.

Date: Mar 21, 2023
Source: Security Affairs
Author: Pierluigi Paganini
Tag: Cyber Crime, Ransomware

Ferrari says ransomware attack exposed customers’ personal data

Ferrari in its hit by ransomware confirmed that customers’ personal data such as names, address, emails, telephone numbers has been exposed. However Ferrari CEO Benedetto Vigna announced that no payment information or details of car owned or ordered has been compromised. The company hasn’t confirmed how many customers were affected but only stated that they did not make any ransom payment.

Date: Mar 21, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Data breach, Ransomware

Google flags app made by popular Chinese e-commerce giants as malware

Google announced it flagged several apps made by a Chinese e-commerce giant, Pinduoduo, as containing malware. Google via the Google Play Protect blocked the off-Play version of the apps that have been found to contain malware and warned users who have installed such malicious apps to uninstall. Multiple Chinese security researchers noted that the apps were exploiting several zero-days to hack their users. The malicious apps have been found on app stores of the phone manufacturers Samsung, Huawei, Oppo and Xiaomi.

Date: Mar 21, 2023
Source: Tech Crunch
Author: Lorenzo Franceschi-Bicchierai
Tag: Cyber Risk/Cyber Threats, Malware

Emotet rises again: Evades macro security via OneNote attachments

Emotet malware which was linked to threat actors such as Gold Crestwood is now returning after a short hiatus and is distributed via Microsoft OneNote email attachments in an attempt to bypass macro-based security restrictions. It social-engineered users to click on the view button but instead they inadvertently click on the embedded script file which then retrieves and executes the Emotet binary payload from the remote server. Emotet has also been used by other threat actors to run malicious campaigns.

Date: Mar 20, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Social engineering, Email Security

We hope you find these news articles interesting and thought-provoking. In case you come across any informative news article that is not in the list, don’t hesitate to share it in ‘In The News’ category of Passbolt community forum.

Feel free to share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. :partying_face: :tada:

1 Like