Hold on to your hats folks, because the world of cyber security is far from quiet! We dodged a bullet last week when we discovered vulnerabilities in CUPS that could open the door to remote attacks. Google’s move to Rust is yielding big results by addressing memory-related vulnerabilities in Android.
But it wasn’t all good news – Kaspersky’s forced exit from the US market left users with more questions than answers. And don’t even get me started on the Kia cars that could be stolen with just a license plate!
Let’s unpack these stories and more and arm ourselves with the knowledge to stay safe in this ever-evolving digital landscape.
⚡ Threat of the week
Flaws found in CUPS: A new set of security vulnerabilities has emerged opened in OpenPrinting Common Unix Printing System (CUPS) on Linux systems, which may allow remote command execution under certain conditions. Red Hat Enterprise Linux has marked the issues as Critical, given that the real-world impact is likely to be small due to the prerequisites required for successful use.
🔔 Top news
- Google advertises the transition to Rust: The switch to memory-safe languages such as Rust for Android, caused the percentage of memory-safe vulnerabilities discovered in Android to drop from 76% to 24% over six years. This development comes at a time when Google and Arm’s extended collaboration has uncovered many vulnerabilities and improved the overall security of software/GPU software across the Android ecosystem.
- Kaspersky exits the US market: Russian cybersecurity vendor Kaspersky, which is banned from selling its products in the US due to national security concerns, caused concern after some found their installations were automatically removed and replaced with antivirus software from a lesser-known company called UltraAV. Kaspersky said it began notifying customers about the transition earlier this month, but it didn’t seem clear that the software would be forced to migrate without user action. Pango, which owns UltraUV, said users also had the option to cancel subscriptions directly from Kaspersky’s customer support service.
- Kia cars could only be remotely controlled with license plates: A set of vulnerabilities are now fixed in Kia vehicles that could allow key functions to be remotely controlled simply by using just the number plate. They can also allow attackers to secretly access sensitive information, including the victim’s name, phone number, email address, and physical address. There is no evidence that these vulnerabilities have ever been exploited in the wild.
- US sanctions against Cryptex and PM2BTC: US Govt sanctioned two cryptocurrency exchanges, Cryptex and PM2BTC, for allegedly facilitating the laundering of cryptocurrencies possibly obtained as a result of cybercrime. At the same time, an indictment was filed against Russian citizen Sergey Sergeyevich Ivanov for his alleged involvement in the operation of several money laundering services offered to cybercriminals.
- 3 Iranian hackers charged: In another action by law enforcement agencies, the US government is charged three Iranian nationals, Masoud Jalili, Seyed Ali Aghamiri and Yasar (Yasser) Balaghi, believed to be working for the Islamic Revolutionary Guard Corps (IRGC) for targeting current and former officials to steal sensitive data in an attempt to intervene in the upcoming elections. Iran called the accusations baseless.
📰 Around the cyber world
- Details about mysterious noise storms online: Threat intelligence firm GreyNoise said it has been tracking large waves of “noise storms” since January 2020 containing spoofed Internet traffic that includes TCP connections and ICMP packets, although the exact origin and destination remain unknown. An intriguing aspect of the unexplained phenomenon is the presence of the ASCII string “LOVE” in the generated ICMP packets, which supports the hypothesis that this string may be used as a covert communication channel. “Millions of spoofed IP addresses populate key ISPs like Cogent and Lumen, strategically avoiding AWS — suggesting a sophisticated, potentially organized actor with a clear agenda,” it said. said. “While the traffic appears to originate from Brazil, deeper ties to Chinese platforms such as QQ, WeChat and WePay increase the likelihood of deliberate concealment, complicating efforts to trace the true source and destination.”
- Tails and Tor Merge Operations: The Tor Project, a non-profit organization that maintains software for the Tor anonymous network (The Onion Router), combining efforts from Tails (short for The Amnesic Incognito Live System), maker of a portable Linux-based operating system that uses Tor. “Incorporating Tails into the Tor Project framework allows for easier collaboration, increased resilience, reduced overhead, and expanded training and outreach programs to combat the growing number of digital threats,” the organizations said. Tails OS team leader Intriguery “feels like coming home.” said.
- NIST proposes new password rules: The US National Institute of Standards and Technology (NIST) has outlined new recommendations which suggest that Credential Service Providers (CSPs) stop recommending passwords using multiple character types and stop requiring periodic password changes unless the authenticator has been compromised. Other important guidelines include keeping passwords between 15 and 64 characters long, and allowing ASCII and Unicode characters to be used when setting them.
- PKfail is broader than previously thought: A critical issue in the firmware supply chain known as PC error (CVE-2024-8105), which allows attackers to bypass secure boot and install malware, has now been discovered affect more devicesincluding medical devices, desktops, laptops, game consoles, enterprise servers, ATMs, PoS terminals and even voting machines. Binarly described PKfail as “an excellent example of a supply chain security failure affecting the entire industry.”
- Microsoft Updates Recall: When Microsoft released its AI-powered Recall feature in May 2024, it was met with almost immediate backlash due to privacy and security concerns and the fact that it made it easier for threat actors to steal sensitive data. Company after delay wider deployment pending under-the-hood changes to ensure issues have been resolved. In the composition of new updatesRevocation is no longer enabled by default and may be removed by users. It also moves all screenshot processing to virtualization-based security (VBS) Enclave. Additionally, the company said it has engaged an unnamed third-party security vendor to conduct an independent security design review and penetration test.
🔥 Cyber security resources and information
- Upcoming webinars
- Overwhelmed by magazines? Let’s fix your SIEM: Legacy SIEMs are overcrowded. The answer isn’t in more data… It’s better oversight. Join Zuri Cortez and Seth Geftik as they share how we went from data overload to security simplicity without sacrificing performance. Reserve your spot today and simplify your security with our managed SIEM.
- Strategies to combat ransomware in 2024: Ransomware attacks are up 17.8%, and ransom payments are at all-time highs. Is your organization ready for an escalating ransomware threat? Join us for an exclusive webinar where Emily Laufer, Director of Product Marketing at Zscaler, will share insights from Zscaler ThreatLabz’s 2024 Ransomware Report. Register now and secure your spot!
- Ask an Expert
- Q: How can organizations protect device firmware from vulnerabilities like PKfail, and what technologies or practices should they prioritize?
- A: Firmware security isn’t just about patching – it’s about protecting the very core of your devices, where threats like PKfail hide in plain sight. Think of firmware as the foundation of a skyscraper; if it is weak, the entire structure is at risk. Organizations should prioritize implementing secure boot mechanisms to ensure only trusted firmware is loaded, use firmware vulnerability scanning tools to identify and fix problems, and deploy runtime protections to monitor malicious activity. Partnering closely with hardware vendors for timely updates, adopting a zero-trust security model, and educating employees about firmware risks are also critical. In today’s cyber landscape, firmware-level protection is critical—it’s the foundation of your entire security strategy.
🔒 Tip of the week
Preventing Data Leakage in Artificial Intelligence Services: Protect sensitive data by enforcing strict policies against sharing with external AI platforms, deploying DLP tools to block sensitive transmissions, limiting access to unauthorized AI tools, educating employees about the risks, and using secure proprietary AI solutions.
Conclusion
Until next time, remember that cybersecurity isn’t a sprint, it’s a marathon. Stay alert, stay informed, and most importantly, stay safe in this ever-evolving digital world. Together we can build a safer online future.
