Week 25th Sep - 29th Sep 2023 (Week 39)

:wave: Welcome to this edition of ‘This Week in Cybersecurity’ where together, we explore a topic that affects us all: cybersecurity and privacy in the digital age. :newspaper:

In a technology-driven world, organisations and individuals alike face many challenges and threats. Staying informed about the latest cyber trends and adopting proactive security measures to better safeguard your sensitive information and data can go a long way. Dive into this week’s news roundup as we bring to you the latest developments in cybersecurity and data privacy. Enjoy these short summaries!

1. A new Chrome 0-day is sending the Internet into a new chapter of Groundhog Day

A critical zero-day vulnerability has been discovered that affects not only Google Chrome but also Mozilla Firefox. The vulnerability, which is being tracked as CVE-2023-5217, is in a widely used code library for processing media files, particularly those in the VP8 format. There are many software packages that rely on the library, known as libvpx, and it’s unclear how many packages are vulnerable to this exploit. The zero-day requires the target device to create media in a VP8 format, unlike the previous vulnerability which displayed a malicious image. Firefox and Chrome browsers that expose the VP8 encoding capabilities of libvpx to JavaScript appear to be at risk. Users are advised to be cautious of applications that use VP8 video encoding and update to the latest versions due to the ongoing risk.

Date: Sep 29, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Vulnerability, Cyber Risk/Cyber Threats

2. GitHub repositories hit by password-stealing commits disguised as dependabot contributions

A new fraudulent campaign targeting GitHub accounts has been discovered. Disguised as Dependabot contributions, it makes malicious code commits to steal passwords from developers. The malicious code exfiltrates GitHub project secrets, modifying javascript files with a web-form password-stealer malware code. The malware captures GitHub secrets and variables through GitHub Action. The campaign affected hundreds of public and private GitHub repositories between July 8 - 11, 2023. The attackers accessed accounts using compromised PAT (Personal Access Token) and may have involved rogue packages inadvertently installed by developers. This incident highlights the attempts by threat actors to infiltrate the open source environment.

Date: Sep 28, 2023
Source: The Hacker News
Author: THN
Tag: Malware, Cyber Crime

3. SSH keys stolen by stream of malicious PyPI and npm packages

A series of malicious npm and PyPI packages have been discovered that steal a range of sensitive data from developers. The campaign began on 12 September 2023, with Sonatype identified 14 malicious packages on npm. After a brief break, the attacks resumed and expanded to the PyPI ecosystem. The attackers uploaded 45 packages to npm and PyPI, with variants in the code indicating a rapid evolution of the attack. The malicious packages use typosquatting to resemble legitimate packages. They steal sensitive machine and user information, including SSH keys and Kubernetes configurations. Be cautious in downloading and launching packages on their system.

Date: Sep 27, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Malware, Cyber Risk/Cyber Threats

4. Fake Bitwarden installation packages delivered RAT to Windows users

Windows users attempting to install the Bitwarden password manager may have unknowingly downloaded a Remote Access Trojan (RAT), as a malicious website spoofed a legitimate Bitwarden site. The spoofed website, which contained fake Bitwarden installers, only targeted Windows users. When users clicked on the Windows download button, a fake installer was downloaded. The malware, known as ZenRAT, is a modular RAT with information-stealing capabilities and a range of anti-VM and anti-sandbox checks. The malware encrypts and uploads browser data and credentials to the C2 server. It’s not clear yet how the malware is distributed. Users are advised to download software only from trusted sources to mitigate against such attacks.

Date: Sep 27, 2023
Source: Helpnet Security
Author: Helga Labus
Tag: Malware, Password Manager

5. Vulnerability in popular ‘libwebp’ code more widespread than expected

Cybersecurity researchers warn that a recently disclosed vulnerability, initially linked to Google Chrome, actually affects a wider range of browsers due to it being in the open-source libwebp library. The library is used by several browsers and image editors, including Chrome, Mozilla’s Firefox, and Microsoft Edge. This week, Google gave the vulnerability the highest CVSS rating (10/10). Experts believe the issue impacts millions of different applications globally, and may not be accurately detected by vulnerability scanners, leading to potential blind spots for organisations. The vulnerability, CVE-2023-5129, is being actively exploited, making it a significant risk. Experts emphasised the need for a monitoring tool, a comprehensive software inventory, and responsible disclosure to address such vulnerabilities.

Date: Sep 27, 2023
Source: The Record
Author: Jonathan Greig
Tag: Software Security, Vulnerability

6. GPUs from all major suppliers are vulnerable to new pixel-stealing attack

Researchers have discovered a new cross-origin attack known as GPU.zip that allows malicious websites to read sensitive visual data displayed on other websites, such as usernames and passwords. The attack affects GPUs from major vendors, including Apple, Intel, AMD, Qualcomm, Arm and Nvidia. GPU.zip exploits the data compression used by GPUs to improve performance by violating the same origin policy that isolates content from different website domains. While the current threat posed by GPU.zip is low, it highlights the potential risk of hardware optimization creating a side channel that software is ill-equipped to mitigate.

Date: Sep 26, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Malware, Cyber Risk/Cyber Threats

7. Google is retiring its Gmail Basic HTML view in January 2024

Google is deprecating Gmail’s Basic HTML view in January 2024, redirecting users to the more modern Standard view. The Basic HTML view was a simplified version of Gmail for users with limited internet access, older hardware, or older web browsers. Users have used the HTML view for the text-to-speech tool for individuals with visual impairments as it’s more reliable than the more complex Standard view. Google has not given a reason for its decision. Users will need to prepare for the transition or switch to a desktop email client, as they will be redirected to the Standard view after January 2024.

Date: Sep 25, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Tech, New Releases


That concludes our ‘This Week in Cybersecurity’ news roundup. :tada:

Our onjective in providing you with these short summaries is to ensure the community remains informed and up-to-date with the latest developments in the digital realm. These incidents are proved that having the basic knowledge can come a long way in defending against the ever-evolving cyber threats that are becoming challenging day-by-day.

Join us in this initiative and share any articles you come across that’s not covered during this week’s roundup in the “In the News” category of passbolt community forum and connect with others.

Cast your vote for the most interesting articles you’d featured in the monthly cybersecurity video. :video_camera: :white_check_mark:

  • :one: Zero-day Chrome vulnerability
  • :two: GitHub repository malware attack
  • :three: SSH key stolen
  • :four: Fake Bitwarden installation package
  • :five: Libwebp code vulnerability
  • :six: GPU.zip attack
  • :seven: Gmail basic HTML retired
0 voters