Monday, July 8, 2024
Cybersecurity is not a cost of doing business, it's a sine qua non. Inadequate cybersecurity costs businesses dearly. CDK car-dealer software attack may have cost more than $600M
Having serious, layered preventive measures in place is the key to cybersecurity. Also important is having backup redundancy and recovery measures in place well ahead of time.
ChatGPT’s much-heralded Mac app was storing conversations as plain text
"the OpenAI ChatGPT app on macOS is not sandboxed and stores all the conversations in plain-text in a non-protected location," meaning "any other running app / process / malware can read all your ChatGPT conversations without any permission prompt."...
macOS has blocked access to any user private data since macOS Mojave 10.14 (6 years ago!). Any app accessing private user data (Calendar, Contacts, Mail, Photos, any third-party app sandbox, etc.) now requires explicit user access.
OpenAI chose to opt-out of the sandbox and store the conversations in plain text in a non-protected location, disabling all of these built-in defenses.
OpenAI has now updated the app, and the local chats are now encrypted, though they are still not sandboxed. (The app is only available as a direct download from OpenAI's website and is not available through Apple's App Store where more stringent security is required.)"
Et tu, Linux?
Et tu, Linux? Even Linux, the "King of OS's", suffers security risks. Linux and distros have experienced supply-chain attacks and vulnerabilities. Here's another:
"Critical OpenSSH vulnerability threatens millions of Linux systems"
"The discovery is particularly alarming as it represents a regression of a previously patched vulnerability (CVE-2006-5051) from 2006. This regression was inadvertently introduced in October 2020 with OpenSSH 8.5p1, highlighting the critical importance of thorough regression testing in software development.
Affected versions of OpenSSH include those earlier than 4.4p1 (unless patched for CVE-2006-5051 and CVE-2008-4109), and versions from 8.5p1 up to, but not including, 9.8p1. Notably, OpenBSD systems remain unaffected due to a secure mechanism developed in 2001.
The potential impact of this vulnerability is severe. If exploited, it could lead to full system compromise, allowing attackers to execute arbitrary code with root privileges. This could result in malware installation, data manipulation, and the creation of persistent backdoors. Furthermore, compromised systems could be used as a launching pad for network propagation, potentially bypassing critical security mechanisms.
While the vulnerability is challenging to exploit due to its nature as a remote race condition, advancements in deep learning could significantly increase the success rate of attacks in the future.
To mitigate risks, enterprises are advised to:
- Implement immediate patch management
- Enhance access control for SSH
- Employ network segmentation and intrusion detection systems."
Wednesday, June 26, 2024
How small claims court became Meta’s customer service hotline
People are using the courts in a last-ditch attempt to recover their accounts.
Why small claims?
At the heart of these cases is the fact that Meta lacks the necessary volume of human customer service workers to assist those who lose their accounts. The company’s official help pages steer users who have been hacked toward confusing automated tools that often lead users to dead-end links or emails that don’t work if your account information has been changed. (The company recently launched a $14.99-per-month program, Meta Verified, which grants access to human customer support. Its track record as a means of recovering hacked accounts after the fact has been spotty at best, according to anecdotal descriptions.)
Statewide 911 Outage Was Caused By 911 Vendor's Malfunctioning Firewall
"Comtech’s initial review “confirmed that the interruption was not the result of a cyberattack or hack,” but “the exact reason the firewall stopped calls from reaching dispatch centers remains under review,” the state said. A full review is continuing. The 911 outage lasted two hours. Shortly after it began, the State 911 Department alerted local law enforcement and issued a statewide emergency alert to residents advising them to call their local public safety business line directly if they had an emergency. “Although some calls may not have gone through, the system allows dispatch centers to identify the phone number of callers and return those calls. The Department has not received any reports of emergencies impacted during the interruption,” the Massachusetts announcement said. State 911 Department Executive Director Frank Pozniak promised that the department “will take all necessary steps to prevent a future occurrence.” Massachusetts has 204 Public Safety Answering Points that received an average of 8,800 calls, combined, per day in 2023."
[ andrewtetzeli.com/news.html ]
Subscribe to:
Posts (Atom)