Tuesday Morning Threat Report: Jul 9, 2024
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
Hackers threaten to leak Taylor Swift tickets, Europol complains about privacy technology, and Brazil orders Meta to pause their AI training. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
Hackers Steal Taylor Swift Tickets: ShinyHunters, the hacking gang that breached numerous companies’ Snowflake accounts, claims to have stolen the barcode for thousands of Taylor Swift tour tickets and is demanding millions in ransom to not leak them.
Severe OpenSSH Vulnerability: A new vulnerability was uncovered in OpenSSH, which can give attackers admin permissions on a victim’s computer. This vulnerability also allows attackers to takeover Linux and Unix servers without authenticating.
2023 OpenAI Data Breach Revealed: The New York Times reported that OpenAI suffered a previously unreported data breach during 2023. The attackers were not able to steal any proprietary source code or customer data but could view internal discussions between employees.
Twilio Data Leak: The ShinyHunters ransomware gang has leaked 33 million phone numbers associated with Twilio two-factor authentication. Twilio is a tech-focused communication company that specializes in sending texts and emails.
Affirm Credit Card Breach: Affirm cardholders were urged to stay cautious after a data breach at Evolve Bank, Affirm’s credit card issuer, exposed customer data on the dark web. Affirm is a “buy now, pay later” technology company that offers financing for online purchases.
Another Record Breaking DDoS Attack: Distributed-Denial of Service (DDoS) is a form of cyberattack that seeks to overwhelm a target with so many requests that the victim’s service crashes. OVHCloud reports that they blocked the largest DDoS attack ever attempted, which peaked at 840 million packets per second.
Europol Complains About Privacy Technologies: Europol asked lawmakers to address SMS home routing, a privacy technology complicating criminal investigations. It allows mobile users’ communications to be processed through their home networks when abroad, hindering the police’s ability to track suspects.
Proton Launches Shared Docs Product: Proton, the privacy-focused company that hosts the email service “Proton Mail,” has launched a shareable word doc service. This service, presumably designed to compete with Google Docs, promises end-to-end encryption and that content user’s create will not be used to train AI.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
The Market Working Like It Should: Particularly in the K-12 educational sphere, Google’s services have become inescapable. 68% of K-12 officials surveyed said that Google’s G Suite was the most used platform in their district. Students are given Chromebooks for their laptops, Gmail accounts for email, Google docs for writing essays, and Google Slides for presentations. When the pandemic began, the usage of Google Classroom quadrupled in a matter of weeks. For privacy advocates, this trend was alarming.
In February 2020, New Mexico’s Attorney General Hector Balderas sued Google due to data privacy concerns with Google Classroom. In a letter to Google’s CEO, Balderas wrote that he had found evidence that Google was tracking students in their homes, across all devices, and recording information that had nothing to do with education. Google ultimately ended up settling the case in December 2021, and Google agreed to provisions that would prevent apps in the Play Store from collecting information on children under 13. While this settlement was a step in the right direction, there is more work to be done in protecting the digital privacy of America’s youth.
One of the reasons that Google dominates in the educational space is the lack of viable alternatives. That is why this week’s story about Proton launching a privacy focused docs service is heartening. Google Docs is just one tool in Google’s arsenal, but over time it would be great to see Proton develop an equivalent product for video calls and presentation making. Once parents and school administrators have choices, it will allow the market to behave as it should. Some school districts will choose to stick with Google, but others will opt to go for Proton or other privacy-focused services. A competitive market will bring out the best in both companies, where Proton will be forced to innovate and catch up to Google, and Google may be forced to stop tracking students in an effort to neutralize Proton’s appeal.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
Brazil Suspends Meta’s AI Training: Brazil issued an order to halt Meta from training AI on their citizen’s data in response to a change in Meta’s privacy policy that gave Meta the right to train AI models on Instagram and Facebook posts.
Bug Bounty Issues: Companies host “bug bounty” programs, in which hackers are paid to find vulnerabilities in that company’s products. This thought piece examines flaws with bug bounties, including a recent case where a bug bounty payment dispute has arisen.
Airplane Wi-Fi Hacking Suspect Charged: The Australian police have charged a man who setup a fake Wi-Fi network on a domestic flight and used it to steal other passengers’ credentials and data.
AWS Security Updates: AWS made important security updates, including adding support for passkey authentication. Unlike passwords, passkeys cannot be stolen in phishing attacks. AWS also made multifactor authentication mandatory for root accounts.
Volcano Demon Emerges: A new ransomware group, Volcano Demon, became active during June 2024. Volcano Demon uses malware that steals victim’s files and encrypts them, and then Volcano Demon calls their victims on the phone to coerce them into paying a ransom.
Europol Flags 600 IPs: Europol has released a report of 690 IP addresses that support and distribute Cobalt Strike malware. Identifying these IPs took an international effort and partnership between governments and the private sector.
CocoaPods Vulnerability: For nearly a decade, dependency management software CocoaPods, which is heavily relied upon for iOS and macOS development, contained a severe vulnerability that allowed attackers to easily perform supply chain attacks.
Rockwell Automation Vulnerability: Cybersecurity researchers at Microsoft uncovered vulnerabilities within Rockwell Automation’s PanelView Plus product. The product is widely used for industrial applications, and the vulnerability allows for remote code execution.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
