Week 5th June - 9th June 2023 (Week 23)

:rocket: :heart: Welcome to this week’s edition of ‘This Week in Cybersecurity’ where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:

This week we’ve curated interesting articles like the MOVEit mass-hacks which has affected many enterprises, to a whooping fine for Microsoft for illegally collecting data and many more. So sit back, relax and enjoy these short summaries. Stay informed, stay secure! :newspaper: :partying_face:

AI browser extensions are a security nightmare

There are many security risks associated with AI-powered browser extensions. It is seen that some extensions are actually malware disguised as AI tools, posing a significant threat to user data. Even legitimate AI browser extensions have security risks, such as the potential for sensitive user data to be incorporated into training data and viewed by others, leading to possibility of data breaches and copyright infringement issues.

Date: Jun 9, 2023
Source: Kolide
Author: Elaine Atwell
Tag: AI, Data breach

iOS 17 automatically removes tracking parameters from links you click on

Apple’s iOS and macOS Sonoma comes with enhanced privacy features for web browsing. Link Tracking Protection is a new feature automatically activated in Mail, Messages, and Safari in Private Browsing mode. It detects user-identifiable tracking parameters in link URLs, and automatically removes them.

Date: Jun 8, 2023
Source: 9to5Mac
Author: Benjamin Mayo
Tag: New Features, Enterprise

Microsoft will pay $20M to settle US charges of illegally collecting children’s data

Microsoft will now have to pay a fine of $20million to the Federal Trade Commission on charges that it illegally collected and retained the data of children who signed up to use its Xbox video game console without their parents’ consent. The FTC claimed that Microsoft violated the Children’s Online Privacy Protection Act (COPPA), the federal law that governs the online privacy protections for children under the age of 13 which requires obtaining parents’ consent and deleting data when its not necessary. Microsoft failed to meet those criteria.

Date: Jun 7, 2023
Source: Security Week
Author: Associated Press
Tag: Data Privacy, Data Protection

Outlook.com hit by outages as hacktivists claim DDoS attacks

On June 6, 2023 Outlook.com suffered a series of outages with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service as a protest to the US government involving in the Sudanese internal affairs. This outage has caused a disruption in Outlook services worldwide, preventing users from accessing or sending emails and using the mobile Outlook app. Microsoft in response, cited that they are aware of the impact and are working on its mitigation process.

Date: Jun 6, 2023
Source: Bleeping Computer
Author: Mayank Parmer
Tag: Cyber Risk/Cyber Threats, Software Security

Over 60K adware apps posing as cracked versions of popular apps target android devices

Cybersecurity company Bitdefender have discovered that over 60K apps for Android are found to masquerade as cracks or modded versions of popular apps to redirect users to other types of malware that steal credentials information or ransomware. The apps, once installed, have no icons or names to evade detection. It is worth noting that none of the apps are distributed through the official Google Play Store. Therefore, stay vigilant and exercise caution in downloading any apps.

Date: Jun 6, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Mobile Security, Malware

Microsoft says Clop ransomware gang is behind MOVEit mass-hacks, as first victims come forward

Security researchers have linked a new wave of mass-hacks targeting a popular file transfer tool to the notorious Clop ransomware. The hackers exploited the vulnerability in MOVEit Transfer, a file-transfer tool widely used by enterprises to share large files over the internet, to gain unauthorised access to the affected server’s database. Microsoft security attributed the cyberattacks to a group as “Lace Tempest”. The confirmed victims are BBC, British Airways, Zellis and the government of Nova Scotia.

Date: Jun 5, 2023
Source: Tech Crunch
Author: Carly Page
Tag: Cyber Risk/Cyber Threats, Ransomware


We hope you’ve enjoyed reading our curated weekly news where we’ve covered various cybersecurity issues. It is important to be vigilant in the digital world, keeping your software up to date, using a strong password and exercising caution when downloading any unknown attachments/apps. :partying_face: :heart:

:rocket: Feel free to contribute any news article of the week that is not on the list and we’ll share it in the ‘In the News’ category of passbolt community forum. :rocket:

Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. :tada: