Hello Cybersecuriters! 🍩

This is what you missed this week

• 💻 Multiple Chinese APTs are attacking European targets, EU cyber agency warns

• 📈 Activision confirms data breach exposing sensitive employee information and game info

• 🚨 Cybercriminals Leverage Fake ChatGPT Apps to Spread Malware

• 🚨GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

• ⚖️ NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

• 🎙 Podcast Recommendations Smashing Security: EP 308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches

Enjoy this weekly newsletter.

💻 Malware and Vulnerabilities

Apple Updates Advisories as Security Firm Discloses New Class of Vulnerabilities

• Apple has updated its recent security advisories to include new vulnerabilities affecting iOS and macOS, including a new class of bugs. These vulnerabilities can allow attackers to bypass code signing on these systems and gain access to sensitive information or spy on users. Trellix, the company that reported two of the vulnerabilities, warns that these bugs have opened a huge range of potential vulnerabilities that they are investigating. Apple has taken steps to prevent exploitation, but researchers have discovered that the mitigations could be bypassed. These vulnerabilities pose a risk to users as attackers could gain unauthorized access to their personal information. [read more]

Coinbase Employees Targeted by SMS Phishing Attack

• Coinbase, a popular cryptocurrency exchange, was targeted by a smishing attack where attackers used social engineering tactics to try and access the company's internal network. Although one employee fell for the initial text message and logged in with their credentials, the multi-factor authentication (MFA) feature prevented the attackers from accessing any sensitive data. In the second phase of the attack, the attacker called the employee and claimed to be a member of Coinbase's IT team, but the employee grew suspicious and prevented any damage. Coinbase has urged its employees to remain vigilant against phishing attempts and is offering resources and training to recognize and respond to potential threats. [read tweet]

📈 Breaches and Incidents

GoDaddy Discloses Multi-Year Security Breach Causing Malware Installations and Source Code Theft

• GoDaddy has suffered a multi-year security breach in which attackers stole source code and installed malware on its servers. The company believes the breach is part of a larger campaign by a sophisticated threat actor group targeting hosting services. Previous breaches disclosed in November 2021 and March 2020 are also linked to this campaign, which has affected over 1.2 million customers [read more]

Activision confirms data breach exposing sensitive employee information and game info

• Hackers breached Reddit's internal systems by tricking an employee into divulging their credentials through a phishing attack. Following the attack, the hackers accessed internal documents, source code, and dashboards, but there is no indication that they accessed production systems that run the website. Reddit stated that limited contact information for company contacts and current and former employees was stolen, along with some details about the company's advertisers, though passwords, credit card information, and ad performance data were not accessed.

• The phishing attack on Reddit is similar to one on Riot Games, where hackers stole source code for its multiplayer online battle arena game, League of Legends, along with the Teamfight Tactics auto battler game and a legacy anti-cheat platform. [read more]

🚨 Threat Intel & Info Sharing

Multiple Chinese APTs are attacking European targets, EU cyber agency warns

• ENISA is warning that multiple Chinese APTs are attacking European targets. They include APT27, APT30, Ke3chang, GALLIUM, and Mustang Panda, and all of them have been tied to China's PLA or some form of Chinese government. “Recent operations pursued by these actors focused mainly on information theft, primarily via establishing persistent footholds within the network infrastructure of organizations of strategic relevance." [read more]

Cybercriminals Leverage Fake ChatGPT Apps to Spread Malware

• Hackers are using fake ChatGPT apps to spread malware on Windows and Android. They create fake versions of the app and spread them through various channels, enticing victims into downloading the rogue apps by promising uninterrupted, free access to the premium version of ChatGPT. Once installed, these malicious apps can cause tremendous damage, ranging from stealing sensitive information and cryptocurrency from compromised devices to complete system takeovers in some cases. To avoid falling prey to this scam, remember that the ChatGPT service is exclusively online and doesn’t currently provide any official desktop or mobile client. [read more]

📊 Trends, Reports, Analysis ​

Scientists use Wi-Fi routers to see humans through walls

• Get ready for a new level of surveillance: scientists from Carnegie Mellon University have found a way to sense humans through walls using two Wi-Fi routers to image a person's 3D shape and pose. The researchers used a deep neural network called DensePose that maps Wi-Fi signals to UV coordinates. DensePose can accurately map multiple subjects' poses with off-the-shelf Wi-Fi antennas rather than expensive RGB cameras, LiDAR, and radars.

• The system could be applied to home healthcare, where patients may not want to be monitored with a camera in places like the bathroom or with other sensors and tracking devices. It's privacy-preserving, cheap, and uses equipment that most people have at home already. Wi-Fi signals could serve as a ubiquitous substitute for RGB images for human sensing in certain instances, and protect individuals' privacy, according to the researchers. [read report]

⚖️ Laws, Policy, Regulations

NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

• The National Institute of Standards and Technology (NIST) is updating its Cybersecurity Framework (CSF) to address emerging threats and make it easier for organizations to adopt.

• The new framework, CSF 2.0, is set to include a sixth "govern" function, expanded coverage of cyber-supply chain risk management, and updated guidance on implementation. NIST also plans to work with the cybersecurity community to allow mapping of the CSF 2.0 to other frameworks.

• The CSF has become a common taxonomy for organizations to create cybersecurity programs and align with their risk tolerance, enabling continuous improvement and facilitating communication using a common lexicon. Adoption of a minimum level of security is crucial for organizations, according to CISA Director Jen Easterly, who praised NIST's work in updating the framework. [read more]

🎙 Podcast Recommendations

Smashing Security: EP 308: Jail after VPN fail, criminal messaging apps, and wolf-crying watches

• When Ubiquiti suffered a hack the world assumed it was just a regular security breach, but the truth was much stranger… why are police happy that criminals keep using end-to-end encrypted messaging systems… and why is the Apple Watch being accused of crying wolf? All this and much much more is discussed in the latest edition. [listen here]

😊 Picture of the week

We hope you enjoyed your weekly digest! ☕🥮

If you liked our content, be a part of our Cybersecurity journey, then you can join our communities below or go to The Cybersecurity Club for resources.

Signing off! Stay safe and we’ll see you soon.