Week 29th May - 2nd June 2023 (Week 22)

:tada: Welcome to this week’s edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :newspaper: :partying_face:

So we’ve curated a few interesting articles highlighting the latest trends ranging from the BrutePrint attack that unlocked smartphones, to concerns with the EU Cyber Resilience Act and new updates on security.txt being mandatory for the Dutch government. So sit back, relax and enjoy these short summaries. :heart:

Camaro Dragon strikes with new TinyNote backdoor for intelligence gathering

Cybersecurity firm Check Point discovered another backdoor malware term as TinyNote which is linked to the Chinese nation-stage group Camaro Dragon and it functions as a first-stage payload capable of basic machine enumeration and command execution. Camaro Dragon, also known as Mustang Panda, uses custom firmware that co-opts TP-Link routers. It is seen that the backdoor is targeting Southeast and East Asian embassies.

Date: Jun 2, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Cyber Risk/Cyber Threats, Malware

Researchers tell owners to “assume compromise” of unpatched Zyxel firewalls

Zyxel firewalls are being exploited by a destructive botnet that is taking control of the device by exploiting the vulnerability. The flaw, tracked as CVE-2023-28771, with a severity of 9.8 out of 10, can be exploited to execute malicious code. The botnet, similar to Mirai, is using the vulnerability to knock sites offline with distributed denial-of-service attacks. Cybersecurity and Infrastructure Security Agency has given the federal agencies until June 21 to fix any vulnerable devices in their networks.

Date: Jun 1, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Malware, Cyber Risk/Cyber Threats

Critical Barracuda 0-day was used to backdoor networks for 8 months

A critical flaw in Barracuda Networks which was patched 10 days ago has been actively exploited since October 2022 according to the company. The flaw, tracked as CVE-2023-2868, has been exploited by threat actors to install multiple pieces of malware to steal sensitive data. The vulnerability allows attackers to execute system commands through the QX operator, a function in the Perl programming language that handles quotation marks. Some of the malware have been identified as Saltwater, Seaside and Seaspy. Barracuda has notified its affected customers and provided instructions for remediation.

Date: May 31, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Cyber Crime, Malware

Security.txt mandatory for government

As of May 25, 2023 the internet standard security.txt has been added to the ‘Apply or explain’ list of Forum Standardisation in the Netherlands. This means that the Dutch government organisations are obliged to apply this open standard. The security.txt is a text file that publishes contact information of a web server. The purpose of this is that security researchers and ethical hackers can use this information to immediately contact the right department or person if they find a vulnerability and speed up its remediation.

Date: May 30, 2023
Source: Digital Trust Center
Tag: Open Standard, Data Privacy

EU’s proposed Cyber Resilience Act raises concerns for open source and cybersecurity

The European Union proposed Cyber Resilience Act (CRA) is intended to improve Europe’s cybersecurity and product security. However, the EFF raises concerns that the CRA will bring about a negative impact on open source developers and cybersecurity such that it will penalise open source developers who receive monetary compensation for their work and require manufacturers to report vulnerabilities to regulators. The EFF urges European legislators to exempt open source, revise reporting requirements and better protection to security researchers.

Date: May 30, 2023
Source: Electronic Frontier Foundation
Author: Bill Budington
Tag: Open Source, Data Privacy

RaidForums user data leaked online a year after DOJ takedown

A database of 478,000 RaidForums users was leaked online. The leaked information included usernames, email addresses, hashed passwords and registration dates. The database was posted on Exposed, a forum that came up as an alternative to the shutdown of BreachForums by the U.S. Department of Justice last year. It is seen that the details of some users were already removed although it is unclear why. RaidForum is a forum that began in 2015 that primarily buys and sells stolen databases.

Date: May 30, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Cyber Crime, Data Protection

New BrutePrint Attack lets attackers unlock smartphones with fingerprint brute-force

Researchers have discovered a low-cost technique called BrutePrint that exploits two zero-day vulnerabilities in smartphone fingerprint authentication (SFA) systems. The flaws, Cancel-After-Match-Fail (CAMF) and Match-After-Lock (MAL), require the possession of the target device and enable unlimited fingerprint attempts to bypass security authentication such as lockout mode. The BrutePrint was evaluated against different smartphones and was successful in bypassing authentication against Android, HarmonyOS and iOS devices.

Date: May 29, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Mobile Security, Authentication


Well that’s it for ‘This Week in Cybersecurity’. We hope you enjoyed reading these short weekly roundups and remember to always stay informed with the latest news to better protect yourselves and your loved ones in the digital world.

Feel free to share any interesting articles you come across in the “In the News” category of passbolt community forum and connect with others. Thank you for your participation. :clap: :partying_face: