Google says sorry when passwords of 15 million users vanish, French authorities are pushing out a “disinfecting solution” to infected computers and is our problem with patch management that it’s just not sexy?
Welcome to Cyber Security Today. I’m Jim Love, sitting in for Howard Solomon.
Google has apologized for a significant bug that caused passwords to vanish for an estimated 15 million Windows users of the Chrome browser. The issue, which started on July 24 and lasted for nearly 18 hours, prevented users from finding or saving passwords in Chrome’s password manager.
The problem affected users of Chrome version M127 on Windows. Google estimates 25% of users received the configuration change, but only 2% of that group were affected which makes the affected group somewhere in the neighbourhood of 15 million users.
Google attributed the issue to “a change in product behavior without proper feature guard,” which sounds a lot like, something in our quality control system screwed up – reminding us of the recent CrowdStrike disruption.
During the outage, users were unable to access previously saved passwords or see newly saved ones.
Google initially provided a complex workaround involving command line flags, but has since fully fixed the issue. Users simply need to restart their Chrome browser for the fix to take effect.
In their apology, Google stated, “We apologize for the inconvenience this service disruption/outage may have caused.” They’ve encouraged users experiencing ongoing issues to contact Google Workspace Support. And if you’ve ever tried that, all I can say is … good luck.
This incident highlights the potential risks of widespread software updates, especially when a single product has a massive market share and a massive impact for any significant error.
Sources include: Forbes
French authorities are taking an unusual step to combat cybercrime by pushing out a “disinfection solution” that automatically removes the PlugX malware from infected devices in France. This operation, led by the French police with support from Europol and cybersecurity firm Sekoia, targets a botnet that has infected nearly 2.5 million devices worldwide.
PlugX, a remote access trojan often used by Chinese threat actors, spread through USB flash drives, infecting up to 100,000 devices daily. While Sekoia had previously sinkholed the botnet’s command and control servers, the malware remained dormant on infected systems, posing a potential security risk.
The clean-up mechanism uses a custom PlugX plugin to issue a self-deletion command, effectively removing the infection. This approach, while intrusive, was deemed necessary by French authorities, especially with the Paris 2024 Olympic Games on the horizon.
Sekoia opted to turn the clean-up mechanism over to police and government authorities. “Given the potential legal challenges… we have resolved to defer the decision on whether to disinfect workstations in their respective countries to the discretion of national Computer Emergency Response Teams, Law Enforcement Agencies, and cybersecurity authorities.”
The operation, which began on July 18, 2024, is expected to continue for several months, potentially until late 2024. But even when removed from devices, the botnet can continue to be spread from USB devices. Users are advised to remain cautious when using USB drives and to scan their devices regularly for potential infections.
Sources include: Bleeping Computer
A shout out to a great opinion piece in the Register this weekend which points out that patch management, which has got our attention after the CrowdStrike debacle, remains an essential function that “nobody wants to own” in many organizations.
Patch management remains a critical yet underappreciated aspect of cybersecurity, with many organizations struggling to keep up. According to Forrester analysts, while companies aim for a 97 to 99 percent patch rate, they typically only manage between 75 and 85 percent.
Despite how necessary it is, the challenges involved haven’t improved much over the past decade. In fact, they may have worsened due to an expanding ecosystem of third-party apps, inadequate endpoint management tools, and architectural issues. The average organization now manages around 2,900 software applications, with 69 percent of IT teams believing it’s impossible to patch them all on schedule.
Erik Nost, a Forrester senior analyst, points out a key issue: “People don’t take jobs in IT operations to sit and update systems all day. They take those jobs to work on cool projects and cutting-edge technology.”
One of the biggest hurdles is the lack of clear ownership for patching responsibilities. Security and IT operations teams often try to pass the buck, leading to inefficiencies and gaps in coverage.
While automation tools could help, many organizations remain hesitant to adopt them fully. As Andrew Hewitt, a Forrester principal analyst, notes, “There are some things you can take a hands-off approach to, especially when they’re smaller updates. But I think this whole CrowdStrike outage is waking a lot of people up to how dangerous it can be to automate updates.”
The message is clear: despite its challenges, effective patch management remains crucial for maintaining robust cybersecurity in today’s threat landscape.
Sources include: The Register
That’s our show. You can find the show notes with links at technewsday.com or .ca – take your pick. Cybersecurity has returned to its three shows a week but Howard will be off for a while longer.
I’ll be sitting in for him until then. I’m your host, Jim Love,
Thanks for listening.
