Week 6th March - 10th March 2023

:tada:Welcome to this week’s newsletter, where we explore a common subject that affects us all: cybersecurity and privacy in the digital age. :heart:
In this week’s newsletter we’ve scoured important news ranging from potential google cloud platform’s attack to LastPass hack, to Facebook ads for social engineering attempts to new AI DuckAssist service. So sit back, have a coffee, relax and we’ve got you covered with the latest trends.

Experts reveal Google Cloud Platform’s blind spot for data exfiltration attacks

A news report from Mitiga suggests that malicious actors can potentially exploit the Google Cloud Platform (GCP) to exfiltrate sensitive data. The report states that there is not enough transparency in GCP’s storage access log in regard to file access and read events but instead grouped them as a single “Object Get” activity. As a result, this could enable an attacker to get access (through social engineering methods) without being detected as there is no difference between malicious and genuine user activity. Google provided some mitigation recommendations which ranges from Virtual Private Cloud (VPC) to using organisation restriction headers to limit cloud resource requests.

Date: Mar 6, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Social engineering, Cloud Computing, Data breach

LastPass hack caused by an unpatched Plex software on an employee’s PC

LastPass disclosed that the ‘second attack’ following the August security breach was caused by the failure to update Plex software on the home computer of one of its devOps engineer. The attacker hacked by exploiting the deserialization flaw in Plex Media Server on Windows. The vulnerability, tracked as CVE-2020-5741, allows the attacker to execute arbitrary python code. This incident proves the importance of patch management. Making sure that you regularly update software and applications is a way to protect yourself against vulnerabilities and security threats.

Date: Mar 7, 2023
Source: Security Affairs
Author: Pierluigi Paganini
Tag: Hack, Data breach

SYS01stealer: New threat using Facebook ads to target critical infrastructure firms

Cybersecurity researchers have found a new information stealer dubbed as SYS01stealer targeting government employees, businesses and other sectors. The threat actors used Google ads and fake Facebook accounts to lure victims into downloading malicious files. The attack is designed to steal sensitive information like login data, cookies, business account information, etc. Therefore it is imperative to verify before downloading any files, check for phishing attempts and be alert to better protect ourselves against such attacks.

Date: Mar 7, 2023
Source: The Hacker News
Author: Ravie Lakshmanan
Tag: Social engineering, Data breach, Hack, Cyber Risk/Cyber Threats

Acer confirms server intrusion after miscreant offers 160GB cache of stolen files

Acer has confirmed an incident of unauthorised access after a miscreant put up a sale of 160GB database of Acer’s confidential information on a hacking forum. The company spokesperson confirms it suffered a breach in one of its document servers. The threat actor took screenshots as proof and said they were selling to the highest bidder in exchange for a hard-to-trace cryptocurrency Monero (XMR). However, Acer states that no customer data is affected in any way.

Date: Mar 8, 2023
Source: The Register
Author: Jessica Lyons Hardcastle
Tag: Data breach, Hack, Cyber Crime

DuckDuckGo’s new Wikipedia summary bot: “We fully expect it to make mistake”

DuckDuckGo announced DuckAssist, an AI-powered factual summary service powered by technology from Anthropic and OpenAI. It provides brief summaries of information sourced from Wikipedia and other related sites. These “instant answers” are available as a wide beta test for DuckDuckGoo’s browser extension and browsing apps. From a privacy standpoint, DuckDuckGo says that DuckAssist is “anonymous” and will not share search and browsing history with anyone. The company also notes that DuckAssist may produce erroneous results and it may occasionally make mistakes.

Date: Mar 9, 2023
Source: ars TECHNICA
Author: Benj Edwards
Tag: Tech, AI, Enterprise

How the FBI proved a remote admin tool was actually a malware

The FBI has announced that it seized a website worldwiredlabs.com, used to sell a malware called NetWire by marketing it as a legitimate remote administration tool. The site is used to commit international money laundering, fraud and computer crimes. The FBI, in their experiment, confirmed that the owners of NetWire never bothered to check that its customers were using it for legitimate purposes on computers they owned or controlled. This malware is designed to spy on computers and cellphones.

Date: Mar 10, 2023
Source: Tech Crunch
Author: Lorenzo Franceschi-Bicchierai
Tag: Cyber Risk/Cyber Threats, Cyber Crime

Any other interesting news of the week? Share it below. We’d love to include it in our weekly newsletter.
Share your thoughts and experiences, add relevant cybersecurity news, ask questions, and connect with others who are passionate about online security. :partying_face: :tada: