Welcome to this edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age.
Explore the highlights from this week’s news and stay up to date with the latest trends. Our curated content covers various topics from hackers stealing Signal, WhatsApp data with fake Android app, to Meta will now seek consent for behavioural ads to users in the EU and to Microsoft facing severe criticism for its security practices. Check out these short summaries of the week below. 
1. Malicious npm packages found exfiltrating sensitive data from developers
Cybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information. The packages were published by an npm user and believed to be part of a targeted campaign. These malicious packages exfiltrate valuable information to a remote server. The motive for these attacks are centred around extraction of source code or environment-specific configuration files. There have been incidents of open source repositories being used to distribute malicious code. Developers should be cautious of packages they use in projects.
| Date: | Aug 4, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Software Security, Malware |
2. Credentials account for over half of Cloud compromises
Google Cloud’s latest Threat Horizon report has revealed that more than half (55%) of public cloud instances have been compromised due to missing or weak passwords. Misconfiguration accounted for 19% of the incidents that are usually linked to exposure of sensitive UIs or APIs. Cross-project abuse of access token generation privileges were another top risk that led to compromise in Google Cloud environments. Followed by replacing existing compute disks or snapshots. The report also highlighted how threat actors are evading detection of malware in the Google Play Store using popular tactics like “versioning.” To mitigate these risks, Google recommends a defence-in-depth approach and the use of strong passwords.
| Date: | Aug 4, 2023 |
|---|---|
| Source: | Infosecurity Magazine |
| Author: | Phil Muncaster |
| Tag: | Cloud Security, Vulnerability |
3. Microsoft comes under blistering criticism for “grossly irresponsible” security
Microsoft is facing severe criticism for its security practices of Azure and other cloud offerings. The CEO of security firm Tenable called Microsoft “grossly irresponsible.” This criticism follows recent incidents in which Chinese government-backed hackers stole thousands of emails from cloud customers and gained a powerful encryption key that allowed access to data and apps managed by Azure AD. Cybersecurity researchers such as Tenable and Sygnia have found security vulnerabilities or vectors impacting Azure Fabric and Azure AD Connect accounts. Microsoft has been heavily criticised for not disclosing these incidents, which have raised cybersecurity concerns.
| Date: | Aug 3, 2023 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Dan Goodin |
| Tag: | Vulnerability, Tech |
4. Meta loses battle in EU, will ask for consent to show personalised ads
After five years of legal wrangling, Meta has agreed to seek consent from Instagram and Facebook users in the EU before providing highly-personalised ads. Instead of users in the EU consenting to invasive data collection or opting out by filling out a long form, they’ll soon be able to opt in or out with a simple “yes” or “no.” Meta has also now agreed to comply with GDPR, which requires this consent for data collection. These changes are expected by the end of October or early next year. Privacy advocates feel that Meta’s decision is a major victory in the area of data collection.
| Date: | Aug 2, 2023 |
|---|---|
| Source: | Ars TECHNICA |
| Author: | Ashley Belanger |
| Tag: | Data Privacy, Data Protection |
5. European bank customers targeted in SpyNote android trojan campaign
An aggressive campaign by an Android banking Trojan, known as SpyNote or SpyMax, was detected in June and July 2023. It targets various European customers of different banks. The spyware is distributed through email phishing or smishing campaigns and uses both Remote Access Trojan (RAT) capabilities and vishing attacks. Victims are tricked into installing a banking app via a fake SMS message that redirects them to a legitimate TeamViewer Quick Support app. The Trojan spies on users, steals sensitive data, and performs banking fraud. It is therefore, imperative to be aware before downloading any apps.
| Date: | Aug 1, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | THN |
| Tag: | Mobile Security, Spyware |
6. Hackers steal Signal, WhatsApp user data with fake Android chat app
Hackers are using a fake Android app called ‘SafeChat’ to infect devices with spyware that steals call logs, texts, and GPS locations from phones. The spyware is believed to be a variant of “Coverlm,” which steals data from communication apps such as Signal, WhatsApp, Telegram, and others. Researchers speculate that the Indian APT hacking group “Bahamut” is behind the attack, with links to a particular state government, using spear-phishing messages on WhatsApp. The spyware gains permission and sends stolen data to attackers’ servers encrypted with RSA, ECB and OAEPPadding and using a “letsencrypt” certificate to avoid detection. Targets of this attack are mainly in South Asia.
| Date: | Jul 31, 2023 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Bill Toulas |
| Tag: | Malware, Cyber Risk/Cyber Threats |
Conclusion
That’s it for ‘This Week in Cybersecurity’. We hope you’ve enjoyed reading these short summaries and these incidents have shed some light on the ever-growing importance of safe guarding our digital world.
Don’t hesitate to share any interesting articles you come across in the ‘In the News’ category of the Passbolt community forum. 
We handpick the most interesting article/articles of the week to be featured in our monthly video edition of “This Month in Cybersecurity” 
Cast your vote below for the article(s) you’d like to see featured in the video: 
npm packages
Cloud compromises
Microsoft security
Meta consent for personalised ads
SpyNote
SafeChat