Welcome back to Tech Talk! This week, we continue the discussions from last week’s edition, diving deeper into the evolving cybersecurity landscape:
CrowdStrike Outage: Industry Reactions and Fallout
Following last week’s massive CrowdStrike outage, the cybersecurity community has been abuzz with reactions. Some enterprises are contemplating a switch to alternatives like Microsoft Defender for Endpoint, while others remain loyal to CrowdStrike due to its robust feature set and unparalleled customer support. Despite the disruption, many argue that CrowdStrike’s overall protection still outweighs the recent mishap. This highlights the complex decision-making process for enterprises when evaluating their cybersecurity solutions and the importance of resilience in the face of setbacks.
Entrust’s Strategic Moves After Google’s Decision
Continuing from last week, Entrust has announced a strategic partnership with SSL.com in response to Google’s decision to distrust their TLS certificates after October 31, 2024. This partnership aims to address the compliance issues that led to Google’s decision while ensuring that Entrust’s certificates continue to be trusted by major browsers. This development emphasizes the necessity for rigorous security standards and the ability to adapt quickly to industry shifts. LINK
Firefox and 3rd-Party Cookies: A Closer Look
Building on the conversation about third-party cookies, this week we turn our attention to Firefox. Despite its reputation for strong privacy features, there’s growing concern over Firefox’s handling of third-party cookies. Users have reported that the browser’s “Strict” mode isn’t blocking tracking cookies as effectively as expected, raising questions about whether Firefox can be trusted to fully protect user privacy. As we explore this issue further, we consider the implications for users who rely on Firefox as their go-to browser for privacy.
The Risks of Remote Hiring: A North Korean Case Study
Last week’s discussion on supply chain security segues into this week’s focus on the risks of remote hiring practices. A security training firm recently fell victim to a sophisticated attack where a North Korean hacker posed as a remote software engineer. The hacker managed to get hired and even received a company-issued laptop, which was later found to be infected with malware. This incident underscores the critical need for thorough vetting processes, especially when hiring remote workers, and serves as a cautionary tale for organizations navigating the complexities of remote work. LINK
Platform Key Disclosure: A Widespread Security Failure
Rounding out this week’s continuation is an exploration of a newly uncovered security failure in the firmware supply chain affecting hundreds of PC models. Known as “PKfail,” this issue compromises the root of trust in Secure Boot technology by introducing untrusted Platform Keys in both x86 and ARM devices. This development raises serious concerns about the security of modern computing systems and the integrity of the supply chain, echoing last week’s discussion on the importance of maintaining robust and trusted security infrastructures. LINK