welcome to the sixth edition of Tech Talk! This week, we’re covering some of the latest and most critical cybersecurity issues and updates:
Cellebrite unlocks the killer’s phone
After the failed assassination attempt on Donald Trump, the FBI hired Cellebrite to unlock the perpetrator’s Android phone. Within hours, Cellebrite provided the necessary assistance to unlock the device, revealing vital data about the shooter’s motives, contacts and digital footprints. This incident highlights the ongoing challenges and capabilities of smartphone forensics, raising questions about privacy, security and the balance between law enforcement needs and individual rights. LINK
Cisco Critical Vulnerability
Cisco has disclosed a critical CVSS 10.0 vulnerability (CVE-2024-20419) affecting their Smart Software Manager On-Prem. This flaw allows unauthenticated remote attackers to change the password of any user, including administrators, by sending crafted HTTP requests. The vulnerability is due to insufficient validation of input data, making it a high-priority issue that could potentially allow attackers to gain control of critical systems. Cisco has released patches and immediate application of these is critical to mitigating this serious security risk. LINK
Entrust’s Future Plans
Following Google’s decision to stop relying on Entrust’s TLS certificates after October 31, 2024, Entrust has announced a strategic partnership with SSL.com to ensure continued certificate services. This partnership aims to address regulatory compliance issues and maintain confidence in their certificate services. Entrust is also investing in improving its security practices and compliance framework to prevent future breaches. This action is essential to reassure their customers and partners of their commitment to maintaining high security standards. LINK
Google loses fight against third-party cookies
Google has decided to keep third-party cookies in Chrome after facing significant opposition from regulators and industry players. Despite efforts to phase out third-party cookies in favor of the Privacy Sandbox initiative, the decision marks a setback for privacy advocates. The debate highlights the complexity of balancing user privacy with the need for an ad-supported internet model. This ongoing issue underscores the challenges technology companies face as they try to implement privacy measures that satisfy both regulatory requirements and business interests. LINK
CrowdStrike Massive Outage
A botched configuration update from CrowdStrike led to a global IT outage affecting 8.5 million Windows devices. The update, which was intended to improve security features, caused a logic error that resulted in widespread system crashes and operational disruptions. The incident has led to a review of their update testing protocol and highlights the need for rigorous testing and validation of software updates. It also highlights the potentially wide-ranging impact that software failures can have globally and emphasizes the importance of robust incident management strategies. LINK