Tor browser anonymity cracked by German police: Cyber Security Today for Monday, September 23, 2024

Share post:

Apple’s latest OS update has issues with security tools, Disney may be dumping Slack after a recent data breech, a sophisticated GitHub hack threatens security for users and German police claim to have broken the anonymity of Tor users. 

Welcome to Cyber Security Today, I’m your host Jim Love. 


Apple’s latest macOS update, Sequoia (version 15), is causing significant compatibility issues with major security tools, raising concerns for IT professionals and individual users alike.

Several security vendors, including CrowdStrike, SentinelOne, ESET, and Microsoft, report their tools are inoperable on macOS Sequoia.

The update is causing firewall-related and DNS issues, affecting network connections and even some browser functionalities.

Most affected companies are advising users not to update to Sequoia until the issues are resolved.

IT professionals managing macOS environments may want to delay updating to macOS Sequoia until your security vendors confirm compatibility.

That may also involve disabling auto-updates for major OS releases to prevent unexpected issues.

This situation, following on the recent CrowdStrike issues make a good case for companies toImplement a testing process for any new OS releases using dev and beta builds before wide deployment.

And as much as there is a move to reduce the number of tools used in cyber security this may force companies to buck that trend and consider a multi-layered security approach to reduce reliance on single tools or vendors.

For individual users, you may want to hold off on updating to Sequoia if you use third-party security software. Regarding the official fixes, stay informed through your security vendors’ channels. Do not leverage third party sites for fixes as these situations are often exploited by hackers. 

Sources include: Hackread.com and security researcher reports on social media.

https://www.technewsday.com/2024/09/22/macos-update-has-compatibility-issues-with-major-security-tools/

Disney is reportedly dumping messaging appSlack following a massive data breach in July, highlighting the ongoing challenges companies face in securing their internal communications.

Reports are that the Walt Disney Company is transitioning away from Slack after a threat actor known as ‘NullBulge’ stole 1.1TB of confidential data from nearly 10,000 Slack channels.

The stolen information reportedly includes details on upcoming projects, financial data, and IT information.

According to CNBC, Disney plans to complete the migration to new “streamlined enterprise-wide collaboration tools” by the end of their next fiscal quarter.

Similar breaches have also affected other major companies like Uber and Activision. When selecting and implementing collaboration tools, organizations must prioritize robust security measures and regularly reassess their effectiveness. 

As companies increasingly rely on digital platforms for internal communication, balancing convenience, communication and collaboration with data protection remains a critical challenge for IT and security teams.

Sources include: BleepingComputer and CNBC.

https://www.technewsday.com/2024/09/22/disney-reported-to-be-dumping-slack-following-1-1-terabytes-data-theft/

There’s a report in security journal Bleeping Computer that details a  sophisticated phishing campaign is exploiting GitHub to distribute malware to unsuspecting developers and contributors. Dubbed “GitHub Scanner,” the attack leverages GitHub’s legitimate notification system to lure victims.

Attackers have signed up for GitHub accounts and use these to  create issues on other  open-source repositories, falsely claiming security vulnerabilities. Users then receive official GitHub email alerts about these issues, adding credibility to the scam. 

Victims are directed to a fake “github-scanner.com” website, which uses a deceptive CAPTCHA to trick users into loading and running malicious code. The malware, identified as Lumma Stealer, can steal credentials, cookies, and sensitive data from infected devices.

It’s a simple but powerful way of leveraging GitHub to get even sophisticated users to let down their guard. 

And the  campaign highlights the evolving tactics of cybercriminals, who are now exploiting trusted platforms like GitHub to conduct supply chain attacks. 

IT professionals should warn their teams about this threat and emphasize the importance of verifying any alerts – even security alerts, and even from seemingly legitimate sources.

Sources include: BleepingComputer and Ax Sharma’s report.

https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/

German police claim they have unmasked Tor users

The Tor network, long considered a reliable tool for protecting online anonymity, faces a significant challenge. German law enforcement has reportedly developed a technique to unmask Tor users, raising concerns about the network’s effectiveness and future.

Contrary to long-held beliefs, de-anonymizing Tor users appears possible. German police successfully identified at least one criminal user during the “Boystown” investigation, marking the first documented cases of this technique. This breakthrough challenges the assumption that Tor provides near-impenetrable anonymity.

The method, known as “timing analysis,” involves law enforcement operating their own Tor nodes. By monitoring multiple nodes, they can track the timing of individual data packets as they move through the network. Despite Tor’s multiple layers of encryption, correlating these timing patterns allows investigators to trace connections back to their origin, effectively unmasking the user.

This method led to the dismantling of Boystown, a dark web platform for child sexual abuse material with over 400,000 users. That apparently happened in April of 2021, but the story has only just come to light.

The Tor Project’s response has been measured but concerned. They acknowledge the potential threat while emphasizing that Tor remains the best privacy solution for most users. The project is actively seeking more technical details to investigate and potentially address the vulnerability. While no one would be opposed to dismantling a site that exploits children, privacy advocates warn that this technique could be misused by authoritarian regimes to target dissidents and journalists, and are urging the Tor Project to enhance its anonymity protections.

For those who depend on the Tor browser for legitimate protection of privacy, the recommendations are:

  1. Always use the latest Tor Browser version
  2. Disable JavaScript in the browser settings
  3. Avoid installing browser add-ons
  4. Utilize bridges and pluggable transports
  5. Never use personal information or accounts linked to your real identity

And of course, outdated software and increased scrutiny of specific exit nodes may contribute to vulnerabilities

https://www.technewsday.com/2024/09/22/german-police-claim-to-have-unmasked-users-of-anonymous-tor-browser/

Sources include: Security Affairs and NDR.

That’s our show for today. You can find our show notes at technewsday.com 

I’m your host, Jim Love, thanks for listening. 

SUBSCRIBE NOW

Related articles

Exploring the 2024 CDW Canadian Hybrid Cloud Report with K J Burke, Field CTO for CDW Canada

In this episode of Hashtag Trending, the weekend edition, host Jim Love delves into the evolution and current...

Leverage best research and psychology to increase cyber security training results: Cyber Security Today, the Weekend for October 5, 2024

Unveiling the Truth: Insights into Cyber Security Awareness and Phishing In a special crossover episode of Cyber Security Today...

OpenAI raises big money. But can it ever make money? Hashtag Trending for Friday, October 4, 2024

Hi, it’s Jim.  One more reminder about CDW Canada Tech Talks. If you’re passionate about technology and innovation,...

National Vulnerabiity Database facing a huge backlog, update on CIRA study and more: Cyber Security Today for Friday, October 4, 2024

Hi, it’s Jim. Before we get into today’s episode, I want to tell you about another fantastic podcast:...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways