Week 27th Feb - 3rd March 2023

Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :tada:

Linkedin scammers step up sophistication of online attacks

LinkedIn has reported a surge in recruitment scams that have become more sophisticated recently. Fraudsters create fake recruitment processes and many job seekers have lost money and sensitive information. Oscar Rodriguez, LinkedIn’s VP of product management, said that scammers were setting up websites and phone numbers to deceive job seekers. The company has blocked 10 million fake accounts in recent months.

Date: Feb 27, 2023
Source: Slashdot.org
Author: msmash
Tag: Social engineering, Data Privacy

LastPass says employee’s home computer was hacked and corporate vault taken

LastPass has announced that an attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers. The unknown threat actor was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault, which gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

Date: Feb 28, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Hack, Social engineering, Cyber Risk/Cyber Threats

TikTok banned on all Canadian government mobile devices

The Canadian government has banned TikTok from all government-issued mobile devices, citing concerns over privacy and security. The app will also be blocked from being downloaded on official devices in the future. The move follows similar bans in the US and EU, amid concerns that the Chinese-owned app could be used to collect data on Western users or push pro-China narratives and misinformation. TikTok is owned by ByteDance, a Chinese company that moved its headquarters to Singapore in 2020.

Date: Feb 28, 2023
Source: AP NEWS
Author: Rob Gillies
Tag: Politics, Enterprise

New Windows 11 update puts AI-powered Bing Chat directly in the taskbar

Microsoft is adding support for Bing Chat and other AI features to the Windows taskbar as part of 2023’s first major Windows 11 feature update. The new Bing Chat feature has only been available to the public for a few weeks, and while it can convey a useful range of responses, it has also been shown to spread misinformation and get morose or belligerent during extended chat sessions. Microsoft is attempting to address these issues in public before opening the feature up to a wider audience.

Date: Feb 28, 2023
Source: ars TECHNICA
Author: Andrew Cunningham
Tag: Tech

EDPB welcomes improvements under the EU-U.S. Data Privacy Framework, but concerns remain

The European Data Protection Board welcomes substantial improvements in the EU-U.S. Data Privacy Framework but also expressed a few concerns and requested clarifications with some issues such as rights of data subjects, onwards transfers, etc. The Framework is aimed to replace the Privacy Shield invalidated by the Court of Justice of the European Union. The EDPB suggested that the adoption of the decision was conditional upon the adoption of updated policies and procedures to implement Executive Order 14086 by all U.S. intelligence agencies. The EDPB asks the Commission to clarify the scope of the exemptions regarding the duty to adhere to the DPF Principles and stresses the importance of effective oversight and enforcement of the DPF.

Date: Feb 28, 2023
Source: EDPB
Author: EDPB
Tag: Data Privacy, Politics

Gmail and Google Calendar now support Client-Side Encryption (CSE) to boost data privacy

Google has now announced that client-side encryption (CSE) for Gmail and Calendar is now available. The emails sent or received and events in the calendar are encrypted even before reaching the google servers. What is also available is the decryption utility in beta for Windows. This decrypts the CSE files and emails exported via its Data Export Tool or Google Vault. This feature addresses Google’s effort for data privacy and security when communicating and sharing sensitive information. It is available in Google workspace and will extend to individual accounts in the coming months.

Date: Mar 1, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Encryption

Biden administration wants to hold companies liable for bad cybersecurity

As part of the National Cybersecurity strategy, Biden administration announced to hold software developers and critical infrastructure to tougher security standards and apply more pressure on ransomware gangs. The document highlights a need for a modern federal system for cybersecurity defence and long term investments in hacking defence capabilities in the intelligence community. The strategy lists five pillars like defend critical infrastructure, disrupting and dismantling threat actors, forge international partnerships, etc. It also reclassifies ransomware as a national security threat which was earlier labelled as a criminal threat.

Date: Mar 3, 2023
Source: ars TECHNICA
Author: Dan Goodin
Tag: Politics


The articles in this week’s newsletter have highlighted the ongoing importance of cybersecurity and privacy in our digital world. We featured news ranging from Linkedin recruitment scams to LastPass hacks to EU-U.S. Data Privacy Framework. In case you come across other interesting news of the week, we invite you post it below. Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. We would love to include your contribution to the weekly newsletter. :heart: :partying_face: