This Week’s Top 5 News June 2023 | 02

With every passing day there are new cybersecurity events that have the potential to impact you or your company. We have rounded up five top cybersecurity news stories to help keep you up to date with cybersecurity issues around the world. From acts of espionage to simple code errors that could leak your private data.
Here are our top five new stories from the past week:

1. Microsoft to Pay $20 Million Penalty for Illegally Collecting Kids’ Data on Xbox

Microsoft has agreed to a $20 million settlement with the U.S. Federal Trade Commission (FTC) over allegations of illegally collecting and retaining children’s data on its Xbox console without parental consent. The proposed settlement, pending court approval, requires Microsoft to update its account creation process for children, obtain parental consent, and delete unapproved information within two weeks. Privacy protections will extend to third-party gaming publishers and biometric information. This follows similar FTC fines on other companies like Epic Games and Amazon for violating privacy laws. Microsoft also anticipates a $425 million fine from the Irish Data Protection Commission for potential GDPR violations concerning LinkedIn users.
For more about this story click here


2. Over 60K Adware Apps Posing as Cracked Versions of Popular Apps Target Android Devices

Since October 2022, thousands of Android adware apps have been discovered, disguised as cracks or modded versions of popular applications. According to a technical report by Bitdefender, the campaign aggressively pushes adware to generate revenue, but threat actors could easily switch tactics to deliver banking Trojans or ransomware. The cybersecurity firm has identified 60,000 unique adware-infected apps, predominantly affecting users in countries like the US, South Korea, Brazil, Germany, and the UK. Notably, these apps are not distributed through the official Google Play Store; instead, users searching for popular apps are redirected to an ad page hosting the malware. The malicious apps evade detection by having no icons or names and remain dormant for the first few days before activating upon device unlock. In related news, cybersecurity firm CloudSEK identified the rogue SpinOK SDK in 193 apps on the Google Play Store, downloaded 30 million times. The trojan appears to engage users with mini-games but secretly steals files and replaces clipboard contents. Additionally, SonicWall Capture Labs Threat Research Team discovered another Android malware strain that impersonates legitimate apps and harvests information from compromised devices by exploiting the OS’s accessibility services.
For more about this story click here


3. The Annual Report: 2024 Plans and Priorities for SaaS Security

The SaaS Security Survey Report reveals a significant increase in SaaS security incidents over the past year with 55% of organizations experiencing an incident in the last 24 months. Incidents include data leaks, malicious third-party applications, data breaches, and SaaS ransomware. The report suggests that current SaaS security strategies, such as Cloud Access Security Brokers (CASBs) and manual audits, are insufficient for comprehensive coverage of the SaaS stack. In response, 80% of security executives are already using or planning to adopt SaaS Security Posture Management (SSPM) tools within the next 18 months to mitigate threats, improve their company’s SaaS posture, and save time managing their SaaS stack. Organizations are also increasing investments in SaaS security tools and personnel to tackle the growing challenges in securing their SaaS assets and data.
For more about this story click here


4. Magento, WooCommerce, WordPress, and Shopify Exploited in Web Skimmer Attack

Cybersecurity researchers have discovered an ongoing Magecart-style web skimmer campaign targeting e-commerce websites to steal personally identifiable information (PII) and credit card data. Unique to this campaign, the compromised sites act as makeshift command-and-control servers, distributing malicious code without the victim sites’ knowledge. Web security company Akamai has identified victims in North America, Latin America, and Europe. The campaign employs evasion techniques like obfuscating with Base64 and masking attacks to resemble popular third-party services, such as Google Analytics. The attackers exploit vulnerabilities in Magento, WooCommerce, WordPress, and Shopify, using the trust established by genuine domains to their advantage and making detection challenging. The skimmer code intercepts and exfiltrates PII and credit card details, with exfiltration happening only once per user during checkout to reduce suspicious network traffic and increase evasiveness.
For more about this story click here


5. Alarming Surge in TrueBot Activity Revealed with New Delivery Vectors

In May 2023, cybersecurity researchers observed a significant increase in TrueBot activity. TrueBot is a downloader trojan botnet associated with the Silence group, which has connections to the infamous Russian cybercrime actor Evil Corp. The malware uses command-and-control servers to collect information from compromised systems and launch further attacks. Recent infections exploited a critical flaw in Netwrix Auditor (CVE-2022-31199) and leveraged Raspberry Robin as a delivery vector. VMware’s analysis revealed that the attack chain begins with a drive-by download of a deceptive software update. Once executed, the malware connects to a Russian-based IP address to retrieve a second-stage executable, which then exfiltrates sensitive information from the host. TrueBot infections can escalate quickly, posing a significant threat to networks. Meanwhile, SonicWall reported a new variant of GuLoader malware, which employs new techniques to hinder analysis and deliver various other malware strains.
For more about this story click here

There are many ways cyber criminals will look to exploit your integral IT systems to access data or create chaos within your business for their own personal gain.
Here at DIESEC, we have experts on hand waiting to help you with all of your cybersecurity needs, from ensuring your system is safe and secure to teaching your employees how not to fall victim to social engineering ploys.

For more information please contact us now!