Welcome to this edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age.
Delve into these short summaries to stay informed on the latest cybersecurity trends of the week. Here are some interesting questions we have for you: have you updated to the latest apple updates? What are your thoughts on the Online Safety Bill? 
Leave your comment below and let’s start a conversation. 
1. Major security flaw discovered in Metabase BI software - urgent update required
Metabase users are advised to update to the latest version due to the discovery of an “extremely severe” flaw that could result in pre-authenticated remote code execution on affected installations. The issue, which is tracked as CVE-2023-38646, is seen to affect open source editions prior to 0.46.6.1 and Metabase enterprise versions before 1.46.6.1. The vulnerability is linked to the JDBC connection issue in the API endpoint, enabling an SQL injection attack to obtain a reverse shell on the system. Users are advised to apply patches immediately to secure their system.
| Date: | Jul 28, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Software Security, Vulnerability |
2. GameOver(lay): Two server Linux vulnerabilities impacted 40% of ubuntu users
Cybersecurity researchers, Wiz, have discovered two high-severity security flaws in Ubuntu kernels that could lead to a local privilege escalation attack. These vulnerabilities called GameOver(lay) are said to have the potential to affect 40% of Ubuntu servers, especially those OS in cloud environments.The flaws are found in the OverlayFS module and stem from inadequate permissions checks, thereby enabling a local attacker to gain privilege attack. Ubuntu fixed the vulnerabilities on July 24th, 2023. Wiz CTO emphasised that the subtle changes introduced in the Linux kernel by Ubuntu could have unforeseen implications.
| Date: | Jul 27, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Vulnerability, Cyber Risk/Cyber Threats |
3. The U.K. government is very close to eroding encryption worldwide
The U.K Parliament is moving forward with the Online Safety Bill which gives the British government the ability to backdoor into messaging services and destroy end-to-end encryption. Despite the resistance from various groups, the amendments that would address the most concerning aspect of the bill have not been accepted. Companies like Whatsapp, Element and Signal have echoed concerns regarding the dangerous precedents of the bill on privacy, security, and democracy when passed, which will have implications beyond U.K. borders. Survey showed that the majority of U.K. citizens want the highest level of security and privacy in their messaging apps.
| Date: | Jul 26, 2023 |
|---|---|
| Source: | EFF |
| Author: | Joe Mullin |
| Tag: | Data Privacy, Encryption |
4. Dark web markets offer new FraudGPT AI tool
After discovering WormGPT, a ChatGPT-like bot that creates phishing messages and malware, another generative AI tool FraudGPT has been identified by cybersecurity experts. It has been circulating in the dark web since July 22, 2023. FraudGPT is involved in crafting spear-phishing emails, undetectable malware, generating phishing pages, identifying vulnerable websites and even giving hacking tutorials. Experts are concerned that generative AI tools provide criminals the ability to operate at greater speed and scale. Therefore, in order to mitigate such threats it is required to have better security awareness, phishing and behaviour training.
| Date: | Jul 26, 2023 |
|---|---|
| Source: | Infosecurity Magazine |
| Author: | Alessandro Mascellino |
| Tag: | Cyber Risk/Cyber Threats, AI |
5. Apple rolls out urgent patches for zero-day flaws impacting iPhones, iPads and Macs
Apple has rolled urgent security patches to iOS, iPadOS, macOS, tvOS, watchOS, and Safari to address several security vulnerabilities including one zero-day flaw exploited in the wild. The flaw, tracked as CVE-2023-38606, allows malicious apps to potentially modify sensitive kernel state. This flaw is the third security vulnerability in connection with Operation Triangulation which is a mobile espionage campaign targeting iOS devices. In order to mitigate against such threats, don’t forget to update to the latest version: iOS 16.6, iPadOS 16.6, macOS Ventura 13.5, macOS Monterey 12.6.8, macOS Big Sur 11.7.9, tvOS 16.6, watchOS 9.6.
| Date: | Jul 25, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | New Releases, Vulnerability |
6.EU governments reject requiring manufacturers to report vulnerabilities to central cyber agencies
The European Union (EU) governments rejected a proposal that requires manufacturers to report actively exploited vulnerabilities to the European Union Agency for Cybersecurity (ENISA). Instead they proposed the amended Cyber Resilience Act (CRA) which calls for manufacturers to disclose the vulnerabilities to the National Computer Security Incident Response Team (CSIRT) of the country they’re based in, who will then share the information through a new intelligence sharing platform maintained by ENISA. The main purpose of this is to address concerns about ENISA stockpiling information, becoming a target for hostile states and criminals. This will be debated in the European Parliament later this year.
| Date: | Jul 24, 2023 |
|---|---|
| Source: | The Record |
| Author: | Alexander Martin |
| Tag: | Cyber Risk/Cyber Threats, Vulnerability |
Conclusion
That concludes the ‘This Week in Cybersecurity’ roundup. We hope these curated short summaries will help you stay informed on the latest trend and encourage you to implement the best security practices in the digital world.
Don’t hesitate to share any interesting articles you come across in the ‘In the News’ category of the Passbolt community forum. 
We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity” 
Cast your vote below for the article(s) you’d like to see featured in the video: 
Metabase BI software flaw
GameOver(lay)
Online Safety Bill
FraudGPT
Apple security updates
ENISA