Welcome to this week’s edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age.
This week we’ve curated interesting articles like the MOVEit mass-hacks which has affected many enterprises, to a whooping fine for Microsoft for illegally collecting data and many more. So sit back, relax and enjoy these short summaries. Stay informed, stay secure! 
AI browser extensions are a security nightmare
There are many security risks associated with AI-powered browser extensions. It is seen that some extensions are actually malware disguised as AI tools, posing a significant threat to user data. Even legitimate AI browser extensions have security risks, such as the potential for sensitive user data to be incorporated into training data and viewed by others, leading to possibility of data breaches and copyright infringement issues.
| Date: | Jun 9, 2023 |
|---|---|
| Source: | Kolide |
| Author: | Elaine Atwell |
| Tag: | AI, Data breach |
iOS 17 automatically removes tracking parameters from links you click on
Apple’s iOS and macOS Sonoma comes with enhanced privacy features for web browsing. Link Tracking Protection is a new feature automatically activated in Mail, Messages, and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs, and automatically removes them.
| Date: | Jun 8, 2023 |
|---|---|
| Source: | 9to5Mac |
| Author: | Benjamin Mayo |
| Tag: | New Features, Enterprise |
Microsoft will pay $20M to settle US charges of illegally collecting children’s data
Microsoft will now have to pay a fine of $20million to the Federal Trade Commission on charges that it illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents’ consent. The FTC claimed that Microsoft violated the Children’s Online Privacy Protection Act (COPPA), the federal law that governs the online privacy protections for children under the age of 13 which requires obtaining parents’ consent and deleting data when its not necessary. Microsoft failed to meet those criteria.
| Date: | Jun 7, 2023 |
|---|---|
| Source: | Security Week |
| Author: | Associated Press |
| Tag: | Data Privacy, Data Protection |
Outlook.com hit by outages as hacktivists claim DDoS attacks
On June 6, 2023 Outlook.com suffered a series of outages with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service as a protest to the US government involving in the Sudanese internal affairs. This outage has caused a disruption in Outlook services worldwide, preventing users from accessing or sending emails and using the mobile Outlook app. Microsoft in response, cited that they are aware of the impact and are working on its mitigation process.
| Date: | Jun 6, 2023 |
|---|---|
| Source: | Bleeping Computer |
| Author: | Mayank Parmer |
| Tag: | Cyber Risk/Cyber Threats, Software Security |
Over 60K adware apps posing as cracked versions of popular apps target android devices
Cybersecurity company Bitdefender have discovered that over 60K apps for Android are found to masquerade as cracks or modded versions of popular apps to redirect users to other types of malware that steal credentials information or ransomware. The apps, once installed, have no icons or names to evade detection. It is worth noting that none of the apps are distributed through the official Google Play Store. Therefore, stay vigilant and exercise caution in downloading any apps.
| Date: | Jun 6, 2023 |
|---|---|
| Source: | The Hacker News |
| Author: | Ravie Lakshmanan |
| Tag: | Mobile Security, Malware |
Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward
Security researchers have linked a new wave of mass-hacks targeting a popular file transfer tool to the notorious Clop ransomware. The hackers exploited the vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to share large files over the internet, to gain unauthorised access to the affected server’s database. Microsoft security attributed the cyberattacks to a group as “Lace Tempest”. The confirmed victims are BBC, British Airways, Zellis and the government of Nova Scotia.
| Date: | Jun 5, 2023 |
|---|---|
| Source: | Tech Crunch |
| Author: | Carly Page |
| Tag: | Cyber Risk/Cyber Threats, Ransomware |
Conclusion
We hope you’ve enjoyed reading our curated weekly news where we’ve covered various cybersecurity issues. It is important to be vigilant in the digital world, keeping your software up to date, using a strong password and exercising caution when downloading any unknown attachments/apps.
Feel free to contribute any news article of the week that is not on the list and we’ll share it in the ‘In the News’ category of passbolt community forum.
Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. 