Apple’s latest OS update has issues with security tools, Disney may be dumping Slack after a recent data breech, a sophisticated GitHub hack threatens security for users and German police claim to have broken the anonymity of Tor users.
Welcome to Cyber Security Today, I’m your host Jim Love.
Apple’s latest macOS update, Sequoia (version 15), is causing significant compatibility issues with major security tools, raising concerns for IT professionals and individual users alike.
Several security vendors, including CrowdStrike, SentinelOne, ESET, and Microsoft, report their tools are inoperable on macOS Sequoia.
The update is causing firewall-related and DNS issues, affecting network connections and even some browser functionalities.
Most affected companies are advising users not to update to Sequoia until the issues are resolved.
IT professionals managing macOS environments may want to delay updating to macOS Sequoia until your security vendors confirm compatibility.
That may also involve disabling auto-updates for major OS releases to prevent unexpected issues.
This situation, following on the recent CrowdStrike issues make a good case for companies toImplement a testing process for any new OS releases using dev and beta builds before wide deployment.
And as much as there is a move to reduce the number of tools used in cyber security this may force companies to buck that trend and consider a multi-layered security approach to reduce reliance on single tools or vendors.
For individual users, you may want to hold off on updating to Sequoia if you use third-party security software. Regarding the official fixes, stay informed through your security vendors’ channels. Do not leverage third party sites for fixes as these situations are often exploited by hackers.
Sources include: Hackread.com and security researcher reports on social media.
Disney is reportedly dumping messaging appSlack following a massive data breach in July, highlighting the ongoing challenges companies face in securing their internal communications.
Reports are that the Walt Disney Company is transitioning away from Slack after a threat actor known as ‘NullBulge’ stole 1.1TB of confidential data from nearly 10,000 Slack channels.
The stolen information reportedly includes details on upcoming projects, financial data, and IT information.
According to CNBC, Disney plans to complete the migration to new “streamlined enterprise-wide collaboration tools” by the end of their next fiscal quarter.
Similar breaches have also affected other major companies like Uber and Activision. When selecting and implementing collaboration tools, organizations must prioritize robust security measures and regularly reassess their effectiveness.
As companies increasingly rely on digital platforms for internal communication, balancing convenience, communication and collaboration with data protection remains a critical challenge for IT and security teams.
Sources include: BleepingComputer and CNBC.
There’s a report in security journal Bleeping Computer that details a sophisticated phishing campaign is exploiting GitHub to distribute malware to unsuspecting developers and contributors. Dubbed “GitHub Scanner,” the attack leverages GitHub’s legitimate notification system to lure victims.
Attackers have signed up for GitHub accounts and use these to create issues on other open-source repositories, falsely claiming security vulnerabilities. Users then receive official GitHub email alerts about these issues, adding credibility to the scam.
Victims are directed to a fake “github-scanner.com” website, which uses a deceptive CAPTCHA to trick users into loading and running malicious code. The malware, identified as Lumma Stealer, can steal credentials, cookies, and sensitive data from infected devices.
It’s a simple but powerful way of leveraging GitHub to get even sophisticated users to let down their guard.
And the campaign highlights the evolving tactics of cybercriminals, who are now exploiting trusted platforms like GitHub to conduct supply chain attacks.
IT professionals should warn their teams about this threat and emphasize the importance of verifying any alerts – even security alerts, and even from seemingly legitimate sources.
Sources include: BleepingComputer and Ax Sharma’s report.
German police claim they have unmasked Tor users
The Tor network, long considered a reliable tool for protecting online anonymity, faces a significant challenge. German law enforcement has reportedly developed a technique to unmask Tor users, raising concerns about the network’s effectiveness and future.
Contrary to long-held beliefs, de-anonymizing Tor users appears possible. German police successfully identified at least one criminal user during the “Boystown” investigation, marking the first documented cases of this technique. This breakthrough challenges the assumption that Tor provides near-impenetrable anonymity.
The method, known as “timing analysis,” involves law enforcement operating their own Tor nodes. By monitoring multiple nodes, they can track the timing of individual data packets as they move through the network. Despite Tor’s multiple layers of encryption, correlating these timing patterns allows investigators to trace connections back to their origin, effectively unmasking the user.
This method led to the dismantling of Boystown, a dark web platform for child sexual abuse material with over 400,000 users. That apparently happened in April of 2021, but the story has only just come to light.
The Tor Project’s response has been measured but concerned. They acknowledge the potential threat while emphasizing that Tor remains the best privacy solution for most users. The project is actively seeking more technical details to investigate and potentially address the vulnerability. While no one would be opposed to dismantling a site that exploits children, privacy advocates warn that this technique could be misused by authoritarian regimes to target dissidents and journalists, and are urging the Tor Project to enhance its anonymity protections.
For those who depend on the Tor browser for legitimate protection of privacy, the recommendations are:
- Always use the latest Tor Browser version
- Disable JavaScript in the browser settings
- Avoid installing browser add-ons
- Utilize bridges and pluggable transports
- Never use personal information or accounts linked to your real identity
And of course, outdated software and increased scrutiny of specific exit nodes may contribute to vulnerabilities
Sources include: Security Affairs and NDR.
That’s our show for today. You can find our show notes at technewsday.com
I’m your host, Jim Love, thanks for listening.