Week 22nd May - 26th May 2023

:tada: Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week we’ve curated interesting articles from a whooping Meta fine to KeePass security flaw and sneaky Google espionage apps that secretly records audio. Stay up-to-date with the latest cybersecurity developments and keep yourself informed with this week’s cybersecurity roundup to better protect against digital threats.

Phishers use encrypted file attachments to steal Microsoft 365 account credentials

Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. The phishing emails, sent from compromised Microsoft 365 accounts, target individuals in the billing departments. The use of encrypted messages remains hidden from email scanning gateways, making it difficult for security solutions to detect. As a mitigation approach, organisations are advised to follow certain steps including block .rpmsg attachments, implement MFA, be aware of opening unknown attachments and so on.

Date: May 26, 2023
Source: Helpnet Security
Author: Helga Labus
Tag: Cyber Crime, Encryption

Researchers uncover Russia-linked malware that could immobilize electric grids

Security researchers Mandiant discovered new industrial control system malware, known as “CosmicEnergy” which could be used to disrupt critical infrastructure systems and electric grids. The malware shares similarities with an Industroyer malware that the Russia state-backed “Sandworm” hacking group used to cut power in Ukraine in 2016. It is still unclear the origins of CosmicEnergy but it poses a plausible threat to organisations involved in electric transmission and distribution, targeting the IEC-104 network protocol used in industrial environments. No attacks using CosmicEnergy have been recorded so far.

Date: May 25, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Malware, Cyber Risk/Cyber Threats

Microsoft warns that China hackers attacked U.S. infrastructure

Microsoft warns that Chinese state-sponsored hackers “Volt Typhoon” have compromised “critical” U.S. cyber infrastructure across various industries with an intent to gather intelligence. The threat actor is able to infiltrate organisations using a vulnerability in a popular cybersecurity suite called FortiGuard to steal users credentials and gain access to other corporate systems. The impacted parties have been notified and advised to “close or change credentials for all compromised accounts.”

Date: May 24, 2023
Source: CNBC
Author: Rohan Goswami
Tag: Cyber Crime, Vulnerability

Legit app in Google play turns malicious and sends mic recordings every 15 minutes

Security firm ESET discovered that the iRecoder Screen Recorder app, available in Google Play, secretly recorded audio every 15 mins and sent it to the app developer. The app initially functioned as a screen recording tool but later updated to include malicious capabilities. It utilised code from AhMyth, an open source RAT (remote access Trojan), which later modified to AhRat, to enable unauthorised recording and transmission of audio. The motive behind the espionage campaign remains unknown.

Date: May 24, 2023
Source: Ars Technica
Author: Dan Goodin
Tag: Cyber Crime, Spyware

Dish confirms 300,000 people’s data was exposed in February attack

Satellite TV company, Dish network, has confirmed that the February cybersecurity incident and outage resulted in the extraction of data of 300,000 people, including current and former employees and their family members. Dish did not confirm which personal information was stolen except the driver’s licence and non-driver ID cards were compromised. The company did not publicly state the attack was caused by ransomware, but internal sources indicated that Black Basta ransomware was behind the attack.

Date: May 23, 2023
Source: The Register
Author: Brandon Vigliarolo
Tag: Cyber Crime, Ransomware

KeePass exploit allows attackers to recover master passwords from memory

A proof-of-concept (PoC) has been created for a security vulnerability (​​CVE-2023-32784) in KeePass password manager, impacting version 2.x for Windows, Linus, and macOS. The flaw allows the attacker to recover the user’s master password in plaintext through a memory dump. However, for successful exploitation it requires prior compromise of the potential target’s computer and the password being typed and not copied.Users are advised to update to version 2.54 when it becomes available to address the issue.

Date: May 22, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Password Security, Vulnerability

Microsoft 365 hit by a new outage causing connectivity issue

Microsoft is investigating service issues that prevent affected users from accessing their Microsoft 365 account and blocking access to installed apps. Microsoft stated that the impact is mostly seen in North America, Poland and the United Kingdom regions, though users in other regions are also affected. This is not the first time Microsoft has faced such issues as there have been previous outages for Exchange Online customers. The latest update states that Microsoft has addressed the issue.

Date: May 22, 2023
Source: Bleeping Computer
Author: Sergiu Gatlan
Tag: Enterprise

EU regulators hit meta with records $1.3 billion fine for data transfer violation

Facebook’s parent company Meta has been fined a record of $1.3 billion by European Union data protection regulation for transferring the personal data of users in the region to the U.S. The decision taken by the European Data Protection Board came after Meta violated compliance with GDPR law and was ordered to delete any unlawfully stored and processed data within six months. Meta responded that it intends to appeal the ruling on grounds that there is a “fundamental conflict of law” between the U.S. government’s rules on access to data and European privacy rights.

Date: May 22, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Data Privacy, Data Protection


That’s it for this week in cybersecurity where we delve into exciting articles that can protect you from any cyber threats. As always, our goal is to keep you informed and encourage you to implement secure measures in the digital world.

Feel free to share any interesting articles you come across in ‘In the News’ category in passbolt community forum. Thank you for your participation. :partying_face: :tada: