Week 31st July - 4th Aug 2023 (Week 31)

:tada: Welcome to this edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :tada:

:partying_face: Explore the highlights from this week’s news and stay up to date with the latest trends. Our curated content covers various topics from hackers stealing Signal, WhatsApp data with fake Android app, to Meta will now seek consent for behavioural ads to users in the EU and to Microsoft facing severe criticism for its security practices. Check out these short summaries of the week below. :newspaper: :globe_with_meridians:

1. Malicious npm packages found exfiltrating sensitive data from developers

Cybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. The packages were published by an npm user and believed to be part of a targeted campaign. These malicious packages exfiltrate valuable information to a remote server. The motive for these attacks are centred around extraction of source code or environment-specific configuration files. There have been incidents of open source repositories being used to distribute malicious code. Developers should be cautious of packages they use in projects.

Date: Aug 4, 2023
Source: The Hacker News
Author: THN
Tag: Software Security, Malware

2. Credentials account for over half of Cloud compromises

Google Cloud’s latest Threat Horizon report has revealed that more than half (55%) of public cloud instances have been compromised due to missing or weak passwords. Misconfiguration accounted for 19% of the incidents that are usually linked to exposure of sensitive UIs or APIs. Cross-project abuse of access token generation privileges were another top risk that led to compromise in Google Cloud environments. Followed by replacing existing compute disks or snapshots. The report also highlighted how threat actors are evading detection of malware in the Google Play Store using popular tactics like “versioning.” To mitigate these risks, Google recommends a defence-in-depth approach and the use of strong passwords.

Date: Aug 4, 2023
Source: Infosecurity Magazine
Author: Phil Muncaster
Tag: Cloud Security, Vulnerability

3. Microsoft comes under blistering criticism for “grossly irresponsible” security

Microsoft is facing severe criticism for its security practices of Azure and other cloud offerings. The CEO of security firm Tenable called Microsoft “grossly irresponsible.” This criticism follows recent incidents in which Chinese government-backed hackers stole thousands of emails from cloud customers and gained a powerful encryption key that allowed access to data and apps managed by Azure AD. Cybersecurity researchers such as Tenable and Sygnia have found security vulnerabilities or vectors impacting Azure Fabric and Azure AD Connect accounts. Microsoft has been heavily criticised for not disclosing these incidents, which have raised cybersecurity concerns.

Date: Aug 3, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Vulnerability, Tech

4. Meta loses battle in EU, will ask for consent to show personalised ads

After five years of legal wrangling, Meta has agreed to seek consent from Instagram and Facebook users in the EU before providing highly-personalised ads. Instead of users in the EU consenting to invasive data collection or opting out by filling out a long form, they’ll soon be able to opt in or out with a simple “yes” or “no.” Meta has also now agreed to comply with GDPR, which requires this consent for data collection. These changes are expected by the end of October or early next year. Privacy advocates feel that Meta’s decision is a major victory in the area of data collection.

Date: Aug 2, 2023
Source: Ars TECHNICA
Author: Ashley Belanger
Tag: Data Privacy, Data Protection

5. European bank customers targeted in SpyNote android trojan campaign

An aggressive campaign by an Android banking Trojan, known as SpyNote or SpyMax, was detected in June and July 2023. It targets various European customers of different banks. The spyware is distributed through email phishing or smishing campaigns and uses both Remote Access Trojan (RAT) capabilities and vishing attacks. Victims are tricked into installing a banking app via a fake SMS message that redirects them to a legitimate TeamViewer Quick Support app. The Trojan spies on users, steals sensitive data, and performs banking fraud. It is therefore, imperative to be aware before downloading any apps.

Date: Aug 1, 2023
Source: The Hacker News
Author: THN
Tag: Mobile Security, Spyware

6. Hackers steal Signal, WhatsApp user data with fake Android chat app

Hackers are using a fake Android app called ‘SafeChat’ to infect devices with spyware that steals call logs, texts, and GPS locations from phones. The spyware is believed to be a variant of “Coverlm,” which steals data from communication apps such as Signal, WhatsApp, Telegram, and others. Researchers speculate that the Indian APT hacking group “Bahamut” is behind the attack, with links to a particular state government, using spear-phishing messages on WhatsApp. The spyware gains permission and sends stolen data to attackers’ servers encrypted with RSA, ECB and OAEPPadding and using a “letsencrypt” certificate to avoid detection. Targets of this attack are mainly in South Asia.

Date: Jul 31, 2023
Source: Bleeping Computer
Author: Bill Toulas
Tag: Malware, Cyber Risk/Cyber Threats


:tada: That’s it for ‘This Week in Cybersecurity’. We hope you’ve enjoyed reading these short summaries and these incidents have shed some light on the ever-growing importance of safe guarding our digital world.

Don’t hesitate to share any interesting articles you come across in the ‘In the News’ category of the Passbolt community forum. :star2:

:heart: We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity” :video_camera:

Cast your vote below for the article(s) you’d like to see featured in the video: :white_check_mark: :partying_face:

  • :one: npm packages
  • :two: Cloud compromises
  • :three: Microsoft security
  • :four: Meta consent for personalised ads
  • :five: SpyNote
  • :six: SafeChat
0 voters
1 Like