Week 27th March - 31st March 2023

:tada: Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

In this week ‘In the News’, we covered a special article on press censorship and surveillance. These threaten the freedom of the press and it’s important to raise public awareness of what is going on around us. We’ve also curated a few relevant cybersecurity news that we think will be helpful in keeping you informed about the digital world. We have stories ranging from Twitter source code leaked in Github to Microsoft Security Copilot tool and 3CX supply chain attack. All these incidents remind us to be more vigilant and adopt robust security measures to protect ourselves against various threats. Our goal is to provide you with short summaries of important cybersecurity news to keep you alert with the latest trends. We hope our curated weekly news will be a valuable resource to you.

Greece: The government’s silence about new revelations in the surveillance scandal is deafening

Reporters Without Borders (RSF) published their recommendations to the Greek government about the surveillance of 3 Greek journalists and announced specific measures for better protection against arbitrary espionage. RSF has submitted proposals for legislative amendments, prepared with Greek journalists and experts to bridge the gap of the Greek legal system for surveillance. Greece ranked last in the EU in RSF’s 2022 World Press Freedom Index.

Date: Nov 3, 2022
Source: RSF
Tag: Technological Censorship, Politics

3CX knew its app was flagged as malicious, but took no actions for 7 days

3CX, the VoIP/PBX software provider with more than 600,000 customers and 12 million daily users was under a massive supply chain attack. The company was aware its desktop app was being flagged as malware, a threat alert made by SentinelOne, but took no action for a week. Other users looked at the warning as a false positive but later learned that the app was compromised. The 3CX compromise is linked to a group tied to the North Korean government. This incident acts as a cautionary tale to both support teams and end users about taking suspicious activity seriously.

Date: Mar 31, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Malware, Cyber Risk/Cyber Threats

AlienFox malware targets API keys and secrets from AWS, Google and Microsoft cloud services.

According to a SentinelOne report, a new toolset called AlienFox is being distributed on Telegram as a way for threat actors to steal credentials from API keys and secrets from popular cloud service providers. The report says that the malware is highly modular and constantly evolving to accommodate new features and performance improvements. The malware entails searching for susceptible servers associated with popular web frameworks. Attacks involving AlienFox seek to gather sensitive data pertaining to AWS, Microsoft 365, Zoho, etc.

Date: Mar 30, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Malware, Cyber Risk/Cyber Threats

Ransomware crooks are exploiting IBM file-exchange bug with a 9.8 severity

Threat actors are exploiting a critical vulnerability in an IBM file-exchange application in hacks that installed ransomware on servers. The IBM Aspera Faspex is a centralised file-exchange application that large organisations use to transfer large files or large volumes of files at very high speeds. IBM warned of a critical vulnerability, tracked as CVE-2022-47986, in January 2023 which has a severity of 9.8 out of 10. Users are urged to install updates to patch the flaw and mitigate potential attacks.

Date: Mar 29, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Ransomware, Cyber Risk/Cyber Threats

EU mandated messaging platform love-in is easier said than done: Cambridge boffins

By March 2024, instant messaging and real-time media apps operated in Europe will be required to communicate with other services as per the EU’s Digital Market Act (DMA). In a preprint paper, two researchers Blessing and Anderson observed that making encrypted end-to-end communication services interoperable will be a significant technical and social challenge to make it secure and stable. They say that two ways to approach message platform interoperability is a common protocol or platform-based open APIs for third-party connectivity. But this also comes with many social obstacles.

Date: Mar 29, 2023
Source: The Register
Author: Thomas Claburn
Tag: Encryption, Mobile Security

Microsoft introduces GPT-4 AI-Powered Security Copilot tool to empower defenders

Microsoft announced Security Copilot, a security analysis tool powered by OpenAI’s GPT-4 that enables cybersecurity analysts to quickly respond to threats, process signals, and assess risk exposure. Security Copilot can correlate data on attacks while prioritising security incidents. It can help security teams understand their environment, assess their vulnerability to attacks, receive remediation instructions; and summarise incidents.

Date: Mar 28, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: AI, ChatGPT

Biden’s executive order limits government’s use of commercial spyware

U.S. President Joe Biden signed an executive order limiting the use of commercial spyware by federal agencies like law enforcement, defence and intelligence activity. This move comes as a response to increasing use of spyware by other countries to surveil dissidents, journalists and politicians. Administration officials noted that roughly 50 US government personnel have been targeted by these spyware. The best-known commercial spyware is the NSO group of Israel. Other companies selling commercial spyware include Cytrox, Candiru, and Paragon.

Date: Mar 28, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Spyware, Data breach

Twitter says source code was leaked on Github, now it’s trying to find the culprit

Portions of Twitter source code (proprietary source code for Twitter’s platform and internal tools) was leaked online via Github. In response, Twitter filed a DMCA (Digital Millennium Copyright Act) takedown notice asking Github to remove the leaked code and submitting the user/users history, contact information. IP addresses, etc. However, Github did not respond to this. It is unclear how long the leaked code has been online but Twitter executives were only made aware of it recently. A Github user with the username “FreeSpeechEnthusiast” leaked the code and Twitter suspects it to be an ex-employee.

Date: Mar 27, 2023
Source: The Verve
Author: Jon Porter
Tag: Code Breach, Cyber Crime


We hope you’ve enjoyed reading our curated weekly news where we’ve covered various cybersecurity issues. It is important to be vigilant in the digital world, keeping your software up to date, using a strong password and being cautious about opening any unknown attachments.
Feel free to contribute any news article of the week that is not on the list and we’ll share it in the ‘In the News’ category of Passbolt community forum.

Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. :partying_face: :tada: