Week 21st Aug - 25th Aug 2023 (Week 34)

Welcome to this edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age.

We’ve curated this collection of concise summaries of the most significant news and trends that are shaping the digital security landscape. From emerging threats to new innovations, our goal is to keep you informed on this week’s developments. Enjoy these short summaries.

1. Big Tech isn’t ready for landmark EU rules that take effect tomorrow

The Digital Services Act (DSA) of the European Union will soon come into effect, mandating more transparency and accountability from tech giants such as Meta, X, Google, Apple, etc. As a result of the DSA, these platforms may either incur heavy fines or change their core business models to allow for easier opt-out options from recommendation systems. Under the DSA, platforms must prevent the spread of harmful content, limit personalised content and ads, and disclose insights about their algorithms for content recommendation. Enforcing the DSA has already faced numerous challenges, with platforms failing to comply with the criteria. In spite of this, the EU intends to designate regulators in each member state to ensure enforcement. Any platform in violation of the DSA will face substantial fines.

2. Researchers discover reply URL takeover issue in Azure

Security researchers at Secureworks, have identified a critical vulnerability in Microsoft’s Power Platform related to Azure Active Directory (AD). The researchers discovered an abandoned reply URL address in an Azure AD application related to the low-code Power Platform, which could enable attackers to direct authorization codes to themselves, exchange them for access tokens, and gain elevated privileges in the Power Platform API. Microsoft has resolved the issue, but security experts caution Azure AD users to monitor their applications’ reply URLs to prevent any potential attacks.

3. Gmail will lock important settings behind a pop-up 2FA challenge

Gmail is bolstering its security measures by implementing a two-factor authentication (2FA) challenge for sensitive account settings such as filters, account forwarding, and IMAP. Whenever a user attempts to access these settings, a 2FA prompt will appear even if the user is already logged in. This extra verification prevents any unauthorised changes. In the event of failing to pass the 2FA challenge,a red “Critical security alert” pop-up will immediately appear on all trusted devices. The rollout of this feature is gradual and will take place over several days for both personal and business accounts. It’s purpose is to prevent potential attacks, particularly on account that have been compromised and their settings manipulated.

4. Meta plans to roll out default end-to-end encryption for Messenger by the end of the year

Meta has announced that by the end of the year, end-to-end encryption will be enabled for Messenger by default. The company is also increasing the number of users involved in testing the end-to-end encryption features. Although Messenger has offered optional encryption since 2016, the change to default encryption comes amidst pressure to safeguard user communication. The company has cited challenges faced in building encryption features for Messenger, making changes to server architecture and developing new features. Meta’s efforts will be mirrored in instagram, with plans to provide end-to-end encryption to protect private chats.

5. New variant of XLoader macOS malware disguised as ‘OfficeNote’ productivity app

A new macOS malware, dubbed XLoader, was uncovered masquerading as the office productivity program called ‘OfficeNote.’ XLoader, a successor to Formbook, is an information stealing keylogger. It’s distributed through a standard Apple disk image called ‘OfficeNote.dmg’ that’s signed by the developer signature MAIT JAKHU. According to security researchers with Sentinel One, XLoader uses C and ObjectiveC programming languages. The disk image file was signed on July 17, 2023 to evade detection. XLoader aims to steal browser and clipboard data which can be leveraged by other threat actors for further exploitation.

6. Ongoing Duo outage causes Azure Auth authentication errors

Duo Security, a Cisco-owned multi-factor authentication (MFA) provider, is investigating an ongoing outage that has caused authentication failures and errors. The outage has resulted in issues with the Core Authentication Service across multiple Duo servers. The outage also led to authentication errors in Azure Auth for Azure Conditional Access integrations and system-wide disruptions. The Azure Auth issue has automatically resolved, but customers are still encountering slow authentication and unsuccessful logins. The company is actively working to resolve the issue, which has hindered its cloud-based services such as SSO and push delivery.

Conclusion

That concludes our ‘This Week in Cybersecurity’ news roundup. The main goal with this segment is to keep you well-informed and up-to-date with the latest in cybersecurity and data privacy. Remember: always follow the best security practices, have strong and unique passwords and remain vigilant in the digital world.

Share any news articles that you come across in the ‘In the News’ category of the community forum to earn a community badge .

We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity”

Cast your vote below for the article(s) you’d like to see featured in the video: