Google this week announced a Chrome 111 update that brings patches for eight vulnerabilities, including seven flaws that were reported by external researchers.

#CoSoSec

https://www.securityweek.com/chrome-111-update-patches-high-severity-vulnerabilities/

While the current campaign targets people in South Korea, the techniques used by Kimsuky can be applied globally, so raising awareness is vital.

North Korean hackers using Chrome extensions to steal Gmail emails

#CoSoSec

more here

https://www.bleepingcomputer.com/news/security/north-korean-hackers-using-chrome-extensions-to-steal-gmail-emails/

Google urges #Android phone users to switch off Wi-Fi calling

Google found multiple security flaws in Samsung Galaxy and other smartphones that could allow hackers access into the devices.

The devices affected are:

Samsung Galaxy phones, including those in the S22, M33, M13, M12, A71, A53, A33, A21, A13, A12 and A04 series
Vivo phones, including those in the S16, S15, S6, X70, X60 and X30 series
Google Pixel 6 and 6 Pro, Pixel 6a, Pixel 7 and 7 Pro

#CoSoSec more here

https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html

1st the pixel

https://counter.social/@ecksmc/110064334304471266

now Windows 11 Snipping tool affected too
Today, software engineer Chris Blume confirmed that the ‘acropalypse’ privacy flaw also affects the Windows 11 Snipping Tool.

#CoSoSec

https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/

BreachForums has reportedly shut down for good, just days after US authorities arrested the online criminal marketplace's alleged chief administrator.

#CoSoSec

"I want to make it clear, that while this initial announcement is not positive, it's not the end. I'm going to set up another Telegram group for those who want to see what follows. You are allowed to hate me, and disagree with my decision but I promise what is to come will be better for us all"

https://www.theregister.com/2023/03/22/breachforums_shut_down/

password managers >> Using a PIN is a convenient option, as it is usually easier to enter the few characters of the PIN than a 30+ length master password

Convenience may sometimes reduce security, and a new analysis of PIN use suggests that Bitwarden vaults, that are protected by a PIN, can be brute forced

#CoSoSec

https://ambiso.github.io/bitwarden-pin/

#ChatGPT's outage on Monday was a bit more problematic than it first appeared.

According to Bloomberg, the AI chatbot was shut down due to a bug that exposed titles of users' chat histories to other users. The titles could be seen in the sidebar on the left, which typically shows user's chat history, but the details of users' conversations with ChatGPT were not visible.

A Reddit user posted a screenshot of what the bug appeared like in their browser

#AI #CoSoSec

https://www.reddit.com/r/ChatGPT/comments/11wkw5z/has_chatgpt_or_me_been_hacked_ive_never_had_these/

NBA Cyber Incident – Fans’ Personal Information Exposed

the association reported that the names and email addresses were accessed and copied by an unauthorized third party. But, in this instance, sensitive information, such as usernames and passwords, was not exposed.

NBA warned fans of phishing attacks

#CoSoSec #NBA

https://gbhackers.com/nba-cyber-incident/

Redmond engineers created a sample PowerShell script to enable enterprises to automatically update WinRE images to protect the Windows devices from a BitLocker security bypass vulnerability tracked as CVE-2022-41099.

#CoSoSec

https://www.theregister.com/2023/03/19/microsoft_fix_bitlocker_bypass/

verified high profile Twitter accounts have been hacked and sending out the same tweets

"Hello twitter family !" begins the tweets posted "I have 10 MacBooks that I will personally sign myself , that you can purchase for $600 and free Shipping ! First come first serve basis , and all proceeds will be going to charity ! MY DMS ARE OPENED IF INTERESTED"

even though some have been hacked for over one week Twitter has been silent on the matter

#CoSoSec

NordVPN makes its Meshnet private tunnel free for everyone

NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN.

#NordVPN #CoSoSec

https://www.bleepingcomputer.com/news/security/nordvpn-makes-its-meshnet-private-tunnel-free-for-everyone/

#Ransomware Group Claims Hack of Amazon's Ring

The group is blackmailing Ring on its site: "There's always an option to let us leak your data," they posted.

#AmazonRing #CoSoSec

https://www.vice.com/en/article/qjvd9q/ransomware-group-claims-hack-of-amazons-ring

BlackLotus Secure Boot Bypass Malware Set to Ramp Up

#BlackLotus is the first in-the-wild malware to exploit a vulnerability in the Secure Boot process on Windows, and experts expect copycats and imminent increased activity.

#CoSoSec #Malware

https://www.darkreading.com/threat-intelligence/blacklotus-secure-boot-bypass-malware-set-to-ramp-up

Cerebral admits to sharing patient data with Meta, TikTok, and Google

The mental health startup says it exposed patient names, birth dates, insurance information, and their responses to mental health self-evaluations.

#CoSoSec

https://www.theverge.com/2023/3/11/23635518/cerebral-patient-data-meta-tiktok-google-pixel

Fake ChatGPT Chrome Extension Targets Facebook Accounts

The hackers who created the extension, according to CyberNews, are closely monitoring people who have prominent Facebook business accounts. This makes sense considering how lucrative LinkedIn and Facebook Business accounts may be, and how frequently attackers target them.

#CoSoSec

https://www.cysecurity.news/2023/03/fake-chatgpt-chrome-extension-targets.html

some people are going to sacrifice safety for convenience.

What the Experts Say About Browser Password Managers

Browser Password Managers Are Convenient But Dangerous

Bottom Line, Get a Real Password Manager
Google Password Manager doesn’t use the zero-knowledge encryption techniques that protect password data from everyone, including the password manager company. It doesn’t even use a master password

#CoSoSec

https://mashable.com/article/google-chrome-manage-passwords-bad-idea-privacy-leaks

Hackers leak personal data of over 16,000 users of buypersonalproxy-com

Data includes full names, email addresses, PayPal email addresses, payment methods used, and even plain text passwords
Hackers have posted the data for free
Data leak reflects on the unreliability of online proxy providers

this breach again shows that using proxy services, whether free or paid, is always a bad idea they usually also have terrible security and even store passwords in plain text.

#CoSoSec

Where are the women in cyber security? On the dark side, study suggests

Also, Royal ransomware metastasizes to other critical sectors, and this week's critical vulnerabilities

(To be fair, Trend Micro's methodology is a bit iffy – and the report itself admits as much. Users on these forums are are largely anonymous, necessitating use of tools like Semrush and uClassify's Gender Analyzer V5 to make what amounts to guesses – at best)

#CoSoSec

https://www.theregister.com/2023/03/06/in_brief_security/

Beware of Bot Malware: Understanding the Dangers and How to Protect Your Computer

Know about bot malware, including how it spreads and infects computers, the dangers it poses, and best practices to stay safe

#CoSoSec #TipsAndTricks

https://www.cysecurity.news/2023/03/beware-of-bot-malware-understanding.html

Two different security companies were tasked by Bitwarden to "reinforce Bitwarden security and help customers comply with enterprise security requirements".

Bitwarden added support for Argon2 KDF recently to its products and also passwordless web vault logins.

Cure53 found no critical or important issues during the analysis of Bitwarden's network and infrastructure.

#CoSoSec

https://bitwarden.com/blog/third-party-security-audit/