Tuesday Morning Threat Report: May 28, 2024
Where the news is always bad, but the analysis is always good.
Good morning all and happy Tuesday!
Courthouse software has a backdoor, India’s government suffers a data breach, and the FCC considers a $6M fine against the political consultant who deepfaked Biden. Let’s dive in!
Top Stories:
This week’s biggest headlines. Analysis section below.
Court Software Has Backdoor: An audio and visual software that is used by 10,000+ court rooms was discovered to have a backdoor. The vulnerability is so severe that upgrading the software is not enough. Systems that have been infected will need to be entirely reimaged.
Indian Police and Military Biometric Data Leak: An unsecured database leaked 500 GB of fingerprints, facial scans, military personnel records, and police officer data. The database, which was discovered by a cybersecurity researcher, did not even have a password.
Cloud Providers Vulnerable: Fluent Bit, a logging software used by the three major cloud providers (Amazon, Microsoft, and Google), is vulnerable to denial of service attacks. Companies using Fluent Bit need to quickly upgrade it to the latest version, which contains a patch.
Wyndham Hotel Spyware: A spyware application has been discovered on numerous Wyndham hotel check-in systems. The spyware took screenshots of hotel guest information and posted the images publicly on the internet.
SEC Changes Data Breach Requirements: The Securities and Exchange Commission have changed the reporting requirements for data breaches within financial organizations. Financial organizations now need to report any breaches that occur within 30 days.
CyberArk Buys Venafi: CyberArk, a market leader in Privileged Access Management (PAM), bought Venafi from Thoma Bravo for $1.5 billion. Venafi specializes in protecting machine identities and was acquired to bolster CyberArk’s product line.
Zoom Unveils Post-Quantum Encryption: Zoom has rolled out end-to-end encryption for its video conferencing software that it claims will be able to resist decryption attacks from future, super-powerful quantum computers.
Shots Fired: Google Hits Microsoft: Google published a security review of Microsoft and excoriated them for security failures. Google concluded that Microsoft might not be able to protect itself from future cyberattacks and promoted Google Workspace as a more secure alternative.
My Takeaways
Analysis based on this week’s news and my experience in the industry. More headlines below in the Lower Echelon.
On the Offensive: Microsoft 365 is far more common at large organizations than Google Workspace. 85% of the Fortune 500 use Microsoft Outlook as their email service (Outlook comes with 365). Moreover, government organizations and the public sector also overwhelmingly use Microsoft tools. Despite Google’s best efforts, Google Workspace has not yet caught on with large clients.
However, Google sees an opportunity and is trying to change that narrative. Due to a series of high-profile Microsoft breaches, Google has published a 14-page white paper directly criticizing Microsoft’s security failures and promoting Google Workspace as a more secure alternative. The report detailed that Microsoft still does not know how it lost its encryption key, which resulted in the U.S. government’s emails being stolen. It also emphasized that Microsoft still has not publicly corrected erroneous statements it made in the past. The white paper then contrasted Microsoft’s approach with Google’s cloud-first strategy. Google highlighted that its strategy allows corporate data to always be protected with the latest security patches and a zero-trust architecture.
It is worth noting, Google’s attack on Microsoft may partially be due to Google’s lack of success with AI. Google’s AI model, Gemini, has been the heel of many jokes because of its numerous inaccuracies, including generating images of African American George Washington and Asian Nazis. While Google has been floundering with AI, Microsoft has found success. Microsoft is a 49% owner of ChatGPT’s parent OpenAI, and has used OpenAI’s tech to turbocharge its Bing search engine and power its Copilot efficiency tools. Many view Microsoft as winning the AI war, which has put Google on the defensive. Through that lens, publishing this white paper could be viewed as a counterattack. Google is “striking while the iron is hot,” and going after Microsoft for their security failures, particularly while the scathing report issued by the U.S. government regarding Microsoft’s weak security culture is fresh in the zeitgeist. If this technique works, Google might be able to reframe the public discourse away from AI and towards security. Microsoft has a much higher market share to protect, so Google has a lot to gain in this conflict if it can successfully position itself as the stronger cyber option.
The Lower Echelon:
Interesting cybersecurity news that didn’t quite make the cut to be a top story.
Political Consultant Charged For Biden Deepfake: The FCC is considering fining Steven Kramer, the political consultant who admitted to creating a deepfake of Biden telling people not to vote, $6 million for election misinformation and illegal call spoofing.
Local AI: Windows 11 comes natively with “Copilot,” Microsoft’s AI assistant. These AI features rely heavily on the cloud today, but PC makers are planning for new computers that have AI chips, which will allow the AI to run locally without the reliance on the cloud.
Ransomware Using Bitlocker: Bitlocker is a software built into Windows that allows users to encrypt their files. A newly discovered ransomware, ShrinkLocker, is using Bitlocker to encrypt victims’ systems.
Ivanti Vulnerable (Again): Ivanti’s Endpoint Management solution is suffering from yet another vulnerability. The vulnerability allows for remote code execution with a SQL injection attack.
Simulated Phishing Does Not Work?: Many companies send fake phishing emails and require employees who click the link to take cybersecurity trainings. Matt Linton, a cybersecurity manager at Google, argues this practice is ineffective and counterproductive.
Cloud Leveraged for SMS Attacks: Researchers have found that Amazon’s and Google’s cloud services have been used for scam SMS attacks. Sending messages with links to reputable sites like Amazon and Google allow the attackers to bypass firewalls that catch malicious links.
Incognito Market Leader Arrested: The leader of Incognito Market, a cybercrime forum that conducted over $100 million in narcotics sales, was arrested. Rui-Siang Lin, who is just 23 years old, was arrested by the U.S. Department of Justice at JFK airport.
YouTube Growing Threat Vector: Avast announced that its software had protected four million users from YouTube scams during 2023. Scammers have turned to video lures as user generated content is harder to defend against.
On the right side of this page, you can follow and subscribe to receive this newsletter to your inbox weekly (no Medium account needed, just sign in with Google)!
Thanks for reading! See everyone next week!
About the author: Mark is a cybersecurity architect and consultant for leading cybersecurity consultancy Aujas.
