In the first Tech Talk post, we dive into some of the most pressing cybersecurity issues and updates. From a critical Wi-Fi vulnerability affecting all versions of Windows to the latest developments in Apple’s cloud computing and DNS provider challenges.
Critical Wi-Fi Vulnerability in Windows (CVE-2024-30078)
A newly discovered Wi-Fi vulnerability (CVE-2024-30078) affects all versions of Windows and allows attackers within Wi-Fi range to take control of unpatched devices. Microsoft has released patches and it is important for all Windows users to update immediately to mitigate this serious security risk. Security Update Guide – Loading – Microsoft
Microsoft’s “Recall” function Delayed
Microsoft has delayed the launch of its “Recall” function for CoPilot+ PCs and chose to test it further within the Windows Insider Program due to security concerns. This feature, which enables extensive historical data recovery, has raised significant privacy and security alarm among experts and users. Update on the Recall preview feature for Copilot+ PCs | Windows Experience Blog
Apple’s Private Cloud Compute
Apple has introduced “Private Cloud Compute” to offload complex AI tasks to secure cloud servers. Cryptographer Matthew Green analyzed this system and highlighted its robust security measures, including Secure Boot and Secure Enclave Processor (SEP). Despite this, concerns about potential vulnerabilities and the transparency of data handling remain. Blog – Private Cloud Compute: A new frontier for AI privacy in the cloud – Apple Security Research
Vulnerability in the WGET tool
A flaw in the WGET command-line tool (up to version 1.24.5) has been reported, with an initially excessive CVSS score of 10.0. The vulnerability involves misinterpretation of semicolons in the userinfo part of the URL. A patch has been released and the actual severity is rated lower, with a more reasonable CVSS score of 5.4. https://nvd.nist.gov/vuln/detail/CVE-2024-38428Warn- und Informationsdienst – Impressum (cert-bund.de)
French Court Decision on DNS Providers
A Paris court has ordered DNS providers Google, Cloudflare and Cisco to block access to 117 pirate streaming domains, following a lawsuit from Canal+. This decision highlights the ongoing tension between legal action and technological capabilities in the fight against online piracy. French Court Orders Google, Cloudflare, Cisco to Poison DNS in Anti-Piracy Crackdown (circleid.com)