June 7, 2024 at 11:33AM
SecurityWeek provides a weekly summary of cybersecurity developments, including the delay of SEC cyber disclosures, the exploitation of a TikTok zero-day vulnerability, a data breach impacting Shell through a third party, and the launch of an AI threat intelligence tool by OmniIndex. Other stories cover cyberattacks, leaked databases, mobile browser vulnerabilities, and a security flaw in RISC-V architecture.
From this week’s meeting notes, I have extracted the following key takeaways:
1. SEC cyber disclosures delayed in several cases:
– Government has delayed public disclosure of cyber incidents multiple times since December 2023.
2. TikTok zero-day:
– High-profile TikTok accounts were hijacked due to a ‘zero-day’ exploit triggered by opening a malicious DM.
– TikTok claims to have patched the vulnerability but has not shared technical details.
3. Shell impacted by data breach at third party:
– Shell launched an investigation into a cybersecurity incident where data was obtained from a third party but Shell’s systems were not affected.
4. OmniIndex launches AI threat intelligence tool:
– OmniIndex’s AI solution, LoggerBC, identifies threats and vulnerabilities in fully encrypted log files stored in a private blockchain.
5. Azure vulnerability leads to firewall rules bypass:
– Tenable warns of a vulnerability in Azure allowing attackers to bypass network controls and access internal APIs.
6. $305 million in crypto stolen from DMM Bitcoin:
– DMM Bitcoin suffered a cyberattack resulting in the theft of over $300 million in assets.
7. Cyberattack hits Germany’s main opposition party:
– The Christian Democratic Union (CDU) fell victim to a serious cyberattack ahead of elections, likely involving ransomware.
8. Leaked Google database reveals privacy incidents:
– Internal Google database reportedly showed privacy incidents, including collecting children’s voice data and using deleted search histories.
9. Address bar spoofing flaws in mobile browsers:
– Vulnerabilities identified in mobile versions of Safari, Microsoft Edge, and DuckDuckGo browsers could confuse users about the legitimacy of visited URLs.
10. Vulnerability in RISC-V open source chip architecture:
– Major vulnerability in RISC-V open source chip architecture could allow attackers to bypass security protections and steal sensitive information.
11. Security of 100 free Android VPN apps tested:
– Top10VPN found significant security and privacy issues in 100 popular free VPN applications in the Google Play store.
Let me know if you need any further details or analysis on any of the mentioned stories.