Week 3rd April - 7th April 2023

:tada: Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week ‘In the News’ we’ve curated interesting news articles on cybersecurity and data privacy ranging from Western Digital data breaches to Italy banning ChatGPT to a fresh perspective on the RESTRICT Act and a crackdown on the Genesis Market. As technology becomes more advanced and businesses move online, the risk associated with cybersecurity and data protection is becoming more prominent. It is more important than ever to stay up-to-date with the latest trends. Our purpose is to provide you with informative and valuable resources that will help you stay informed and safe online. We hope you enjoy reading these news articles.

Phishing emails from legit YouTube address hitting inboxes

Phishers are now targeting YouTube content creators with phishing emails from an official YouTube email address. The phishing email informs the target of a new monetisation policy and prompts them to open a video file. They are also required to open a password protected document and they have 7 days to respond. Therefore, it is important to be alert when it comes to opening any unsolicited emails from unknown senders, double-check URL, enable 2FA and stay safe online to mitigate against such attacks. Cybersecurity Youtuber John Hammond has recently released a video on this. You can check that out here.

Date: Apr 7, 2023
Source: Helpnet Security
Author: Helga Labus
Tag: Email Security, Cyber Crime

Operation Cookie Monster: Genesis Market seized, 120 suspects arrested

The FBI, along with its international partners, in its sting operation called Cookie Monster, has taken down the notorious Genesis Market which is an invitation-only, dark web forum which steals credentials, including usernames and passwords, sold digital fingerprints, stealer malware and web vulnerability kits. According to the US Department of Justice, the market is estimated to have offered up over 1.5 million computers compromised around the world containing over 80 million account access credentials.

Date: Apr 6, 2023
Source: Cybernews
Author: Stefanie Schappert
Tag: Cyber Crime, Data Protection

Open garage doors anywhere in the world by exploiting this “smart” device

The Nexx Smart Garage Controller, a device used to open and close garage doors and control home security, is riddled with severe security and privacy vulnerabilities according to researcher Sam Sabetan. The device employs the same easy-to-find universal password to communicate with Nexx servers. This resulted in broadcasting the unencrypted email address, first name, etc. Sabetan estimates that more than 40,000 devices are impacted, and more than 20,000 individuals have active Nexx accounts. He advises anyone using the device to immediately disconnect it until fixed.

Date: Apr 5, 2023
Source: Ars TECHNICA
Author: Dan Goodin
Tag: Data breach, Cyber Risk/Cyber Threats

The broad, vague RESTRICT Act is a dangerous substitute for comprehensive data privacy legislation

RESTRICT Act, also known as TikTok Ban, would authorise the executive branch of the US to block “transactions” and “holdings” of “foreign adversaries” that involve “information and communication technology” and pose a risk to national security. The proposed legislation would give power in removing restrictions on the Foreign Intelligence Services Act and Berman Amendments. The EFF opposes the bill citing the need for comprehensive consumer data privacy legislation. EFF says that the bill is not clear it will result in TikTok ban but has the potential to punish people for using VPN to access TikTok if it is restricted and it is vague and broadly written.

Date: Apr 4, 2023
Source: Electronic Frontier Foundation
Author: Jason Kelley and David Greene
Tag: Data Privacy, Data Protection

Microsoft tightens OneNote security by auto-blocking 120 risky file extensions

Microsoft announced plans to automatically block embedded files with “dangerous extension” in OneNote following reports that the note-taking service is continuously used for malware delivery. The update of version 2304 is expected to be rolled out later this month only impacts OneNote for Microsoft 365 on devices running Windows. It does not affect other platforms, including macOS, Android, and iOS, as well as OneNote versions available on the web and for Windows 10.

Date: Apr 4, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Malware, Cyber Risk/Cyber Threats

French video game leaked user passwords

Cybernews researchers discovered that French web-based games ‘Play Glory’ and ‘Play Astra’ accidentally spilled 50,000 users’ information, including their username, passwords, security questions, and other credentials. The leaked credentials were stored in plaintext format, making it vulnerable for malicious attacks. The leaked database was hosted by Hetzner, a data-center operator in Germany. To mitigate credential-stuffing attacks, it is important to store passwords in hashed and salted format, use strong passwords and store unique credentials in a secure password manager.

Date: Apr 3, 2023
Source: Cybernews
Author: Paulina Okunytė
Tag: Data breach, Password Manager, Cyber Risk/Cyber Threats

Italian watchdog bans OpenAI’s ChatGPT over data protection concerns

The Italian data protection watchdog, Garante per la Protezione dei Dati Personali (aka Garante), has imposed a temporary ban of OpenAI’s ChatGPT service in the country, citing data protection concerns. Garante intends to investigate OpenAI over the unlawful processing of data which is in violation of EU General Data Protection Regulation (GDPR) laws. In response to the order, OpenAI has blocked users with Italian IP addresses and stated that it is in compliance with GDPR. ChatGPT is blocked in China, Iran, North Korea and Russia.

Date: Apr 3, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Data Privacy, ChatGPT, AI

Western Digital says hackers stole data in ‘network security’ breach

The California-based data storage company, Western Digital has confirmed that hackers exfiltrated data from its system during a “network security incident” last week. Such an incident is deemed to be ransomware. The company notes that the attack has caused disruption in its operations particularly downed its My Cloud network-attached storage (NAS) services, which allow customers to access their files from the internet. The company is implementing proactive measures to secure its business.

Date: Apr 3, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Ransomware, Data breach


Thank you for reading this week’s curated news articles focusing on cybersecurity. As always, our goal is to keep you informed and up-to-date with the latest trends on the security and data privacy issues. We hope our coverage has been useful and able to create valuable resources. We encourage you to stay vigilant online, adopt secure measures, use strong passwords, and take proactive steps to protect your data online.

In case we’ve missed out on adding any interesting articles, don’t hesitate to share it in the ‘In the News’ category of Passbolt community forum. We love to hear from the community and connect more with others who are passionate about online security. :partying_face: :tada:

1 Like