Peter Makohon’s Post

Twilio's Authy, a popular multi-factor authentication (MFA) app, has fallen victim to a significant security breach. Hackers exploited an unsecured API endpoint to verify and compile a list of 33 million phone numbers associated with Authy accounts[1]. The breach was revealed when a threat actor named ShinyHunters leaked a CSV file containing 33,420,546 rows of data, including account IDs, phone numbers, account statuses, and device counts[1]. Twilio confirmed that this data was obtained through an unauthenticated API endpoint, which has since been secured[1]. While no sensitive data like passwords were compromised, this breach poses potential risks for Authy users. The exposed phone numbers could be used for SMS phishing (smishing) attacks or SIM swapping attempts, particularly if cross-referenced with data from other breaches[1]. In response, Twilio has released security updates for both Android (v25.1.0) and iOS (v26.1.0) Authy apps. Users are strongly advised to update their apps and remain vigilant against potential phishing attempts[1]. To protect yourself: 1. Update your Authy app immediately 2. Be wary of suspicious SMS messages 3. Secure your mobile account against unauthorized number transfers 4. Consider using alternative MFA methods where possible This incident serves as a stark reminder of the importance of API security and the potential consequences of leaving endpoints unsecured[1]. Sources [1] Hackers abused API to verify millions of Authy MFA phone numbers https://lnkd.in/guQ8mMkh

OpenAI's ChatGPT Mac App: A Privacy Concern Addressed In a recent development, OpenAI's ChatGPT application for Mac was found to have a significant security vulnerability. The app was storing user conversations in plain text format, potentially exposing sensitive information to anyone with access to the device[1]. This flaw was discovered by Pedro José Pereira Vieito, who demonstrated how easily another application could access and reveal ChatGPT conversations immediately after they occurred. The lack of encryption raised concerns about user privacy and data protection[1]. Upon being notified of this issue, OpenAI acted swiftly. They promptly updated the ChatGPT app to encrypt the stored records, significantly enhancing the protection of users' conversations[1]. It's worth noting that while OpenAI retains the ability to review ChatGPT conversations for safety and model training purposes, the accessibility of these conversations in plain text posed a potential risk if exploited by unauthorized parties[1]. This incident serves as a reminder of the importance of robust security measures in AI applications. As AI technology continues to advance, maintaining user trust through stringent data protection practices remains paramount. Sources [1] OpenAI’s ChatGPT Mac app was storing conversations in plain text https://lnkd.in/ghcZzpMT

A sophisticated hacking group known as "Velvet Ant" has been discovered exploiting a previously unknown vulnerability in Cisco's networking devices. This Chinese state-sponsored group has been actively targeting organizations across various sectors, including government, energy, and manufacturing https://lnkd.in/gTjntvc6 https://lnkd.in/gY9Ni-iJ

TeamViewer, the popular remote access software company, has reported a breach in its corporate network on June 26, 2024. The company detected an "irregularity" in its internal corporate IT environment and immediately activated its response team and procedures[1]. TeamViewer has assured users that its internal corporate IT environment is completely separate from the product environment, and there is currently no evidence suggesting that customer data or the product environment has been affected[1]. However, investigations are ongoing, and the company's primary focus remains on ensuring the integrity of its systems. The breach is particularly concerning due to TeamViewer's widespread use, with over 640,000 customers worldwide and installations on more than 2.5 billion devices[1]. Any compromise could potentially provide attackers with full access to internal networks of numerous organizations and individuals. Reports from cybersecurity firms suggest that this breach may be the work of an Advanced Persistent Threat (APT) group. The NCC Group Global Threat Intelligence team has warned of a "significant compromise" of the TeamViewer platform by an APT group[1]. Additionally, Health-ISAC, a community for healthcare professionals, has issued an alert stating that the Russian hacking group APT29, also known as Cozy Bear, is actively exploiting TeamViewer[1]. APT29, linked to Russia's Foreign Intelligence Service (SVR), has a history of high-profile attacks, including recent breaches of Western diplomats and Microsoft's corporate email environment[1]. While TeamViewer has promised transparency throughout the investigation, it's worth noting that the company's "IT security update" page contains a meta tag preventing search engines from indexing it, potentially limiting its visibility[1]. As the situation develops, users of TeamViewer are advised to remain vigilant. Health-ISAC recommends reviewing logs for any unusual remote desktop traffic, as threat actors have been observed leveraging remote access tools[1]. TeamViewer has not provided additional details about the attack as they continue their investigation. The cybersecurity community will be watching closely for further updates on this significant breach. Citations: [1] https://lnkd.in/gFCBXjSZ

Urgent Security Update for Google Pixel Phones The US government has issued a critical warning to Pixel phone users, urging them to update their devices immediately to address a serious security vulnerability[1]. This zero-day exploit in the Android operating system could leave devices open to targeted cyberattacks, prompting swift action from authorities. Key points: 1. Government employees must update their Pixel phones by July 4 or cease using the devices[1]. 2. The vulnerability affects the Android firmware and allows for privilege escalation[1]. 3. While the mandate specifically targets Pixel phones, other Android devices may also be affected[1]. 4. The fix will be included in the upcoming Android 15 update, scheduled for August[1]. The exploit takes advantage of a flaw in the firmware-based fastboot mode, potentially allowing malicious actors to access previous OS memory[1]. This vulnerability, identified as CVE-2024-32896, is part of a larger security issue (CVE-2024-29748) that requires immediate attention. To protect your device: 1. Manually update your Pixel phone through the settings app. 2. Stay vigilant for updates if you use other Android devices. 3. Follow official guidance from your device manufacturer or IT department. Given the severity of this exploit and the US government's involvement, it's crucial for all Pixel users – and potentially all Android users – to take this warning seriously and update their devices as soon as possible[1]. Citations: [1] https://lnkd.in/gfxTAk5B [2] https://lnkd.in/gY4pbeSC [3] https://lnkd.in/gUFU5fcT [4] https://lnkd.in/g-Be9-VJ [5] https://lnkd.in/gTApDiHQ

Optiv Report Highlights Significant Increase in Information Security Budgets Amid Rising Cyber Threats The latest report from Optiv underscores this urgency with a nearly 60% increase in security budgets as most organizations report experiencing cyber breaches and incidents. The 2024 Threat and Risk Management Report, based on an independent survey by the Ponemon Institute, reveals several critical insights into the current state of cybersecurity: 1. **Increased Security Budgets**: There has been a 59% year-over-year increase in cybersecurity budgets. Organizations with more than 5,000 employees have allocated an average of $26 million to cybersecurity investments in 2024[2]. 2. **Prevalence of Cyber Incidents**: A significant 61% of respondents reported experiencing a data breach or cybersecurity incident in the past two years. Furthermore, 55% of respondents faced four or more incidents within the same timeframe, highlighting the persistent and pervasive nature of cyber threats[2]. 3. **Top Investment Areas**: The primary areas of investment for 2024 include internal security assessments (60%), identity and access management (IAM) programs (58%), and the acquisition of additional cybersecurity tools (51%)[2]. 4. **Security Tool Overload**: Despite increased investments, 40% of respondents believe they have too many security tools, which can hinder overall effectiveness. Only 29% feel they have the right number of tools, indicating a need for a more strategic approach to cybersecurity investments[2]. 5. **Adoption of Advanced Technologies**: The use of security orchestration automation and response (SOAR) technology is on the rise, with 73% of respondents leveraging SOAR to automate incident response activities. Additionally, artificial intelligence (AI) and machine learning (ML) are becoming focal points, with 44% of respondents using AI/ML to prevent cyberattacks[2]. The Optiv report provides a comprehensive overview of the current cybersecurity landscape, highlighting the significant increase in security budgets and the ongoing challenges organizations face. As cyber threats continue to evolve, it is imperative for organizations to adopt a strategic and integrated approach to cybersecurity, ensuring they are well-equipped to protect their digital assets and maintain resilience against potential attacks. Citations: [1] https://lnkd.in/g3p-rztM [2] https://lnkd.in/gf58YmFm [3] https://lnkd.in/gxBf-TT4 [4] https://lnkd.in/gJRB3kpp [5] https://lnkd.in/gpNWBrxP

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released a report examining 172 key open-source projects for their susceptibility to memory flaws. This research, conducted in collaboration with the FBI and cybersecurity agencies from Australia and Canada, reveals significant concerns about the use of memory-unsafe code in critical open-source software[1]. Key findings from the report include: 1. 52% of the analyzed critical open-source projects contain code written in memory-unsafe languages[1]. 2. 55% of the total lines of code across these projects are in memory-unsafe languages[1]. 3. Larger projects are disproportionately affected, with the ten largest projects having at least 26% of their code in memory-unsafe languages[1]. 4. The median proportion of memory-unsafe code in large projects is 62.5%, with four projects exceeding 94%[1]. 5. Even projects primarily written in memory-safe languages often depend on components using memory-unsafe code[1]. Notable examples of projects with high percentages of unsafe code include: - Linux (95%) - Tor (93%) - MySQL Server (84%) - glibc (85%) - Redis (85%) - SystemD (65%) - Chromium (51%) - Electron (47%)[1] CISA acknowledges that developers often face challenges that necessitate the use of memory-unsafe languages, particularly for low-level functionalities like networking, cryptography, and operating system functions. Performance requirements and resource constraints are cited as primary factors[1]. To address these issues, CISA recommends: 1. Writing new code in memory-safe languages such as Rust, Java, and Go[1]. 2. Transitioning existing projects, especially critical components, to memory-safe languages[1]. 3. Following safe coding practices[1]. 4. Carefully managing and auditing dependencies[1]. 5. Performing continuous testing, including static analysis, dynamic analysis, and fuzz testing[1]. This report underscores the ongoing challenges in software development and the importance of prioritizing memory safety in critical open-source projects to enhance overall cybersecurity. Citations: [1] https://lnkd.in/gBpinEeJ [2] https://lnkd.in/eu9ZfXZx [3] https://lnkd.in/gV2yyEgA [4] https://lnkd.in/gKqqUgTW [5] https://lnkd.in/g4sEYwqu

Apple has released an important security update for AirPods users, addressing a critical Bluetooth vulnerability that could potentially allow attackers to execute arbitrary code with kernel privileges[1]. This flaw, identified as CVE-2024-32859, affects various AirPods models including AirPods Pro (1st and 2nd generation), AirPods (2nd and 3rd generation), and AirPods Max. The vulnerability stems from a memory corruption issue in the Bluetooth stack. If exploited, it could give malicious actors the ability to run unauthorized code with the highest system privileges, potentially compromising the security and privacy of affected devices. To protect users, Apple has promptly released firmware version 6A321 for the impacted AirPods models. This update is crucial for maintaining the security of your AirPods and connected devices. Users are strongly advised to ensure their AirPods are updated to the latest firmware version as soon as possible. To check your AirPods' firmware version and update if necessary: 1. Connect your AirPods to your iPhone or iPad 2. Go to Settings > Bluetooth 3. Tap the "i" icon next to your AirPods 4. Look for the "Version" number AirPods typically update automatically when connected to an iOS device. However, to encourage an update, keep your AirPods in their case, connected to a power source, and near your paired iOS device with an internet connection. This security patch underscores the importance of keeping all your devices, including accessories like AirPods, up-to-date to protect against potential security threats. Sources [1] apple-patches-airpods-bluetooth.html https://lnkd.in/g7BDWYNi [2] En Liten Podd Om It on Apple Podcasts https://lnkd.in/gbw67HrG [3] French Diplomatic Entities Targeted in Russian-Linked Cyber Attacks https://lnkd.in/g8Q3ugjn [4] International : l'actu du Jour - No Hack Me https://lnkd.in/grDp9NMf [5] Mac News, Mac Videos, Mac Links, Mac OS X, Macbook Pro ... https://lnkd.in/gP6FaTjV

WordPress Security Alert: Backdoor Discovered in Popular Plugins A serious security issue has been uncovered affecting multiple WordPress plugins with over 35,000 combined installations. Security experts at Wordfence have identified a supply chain attack compromising five plugins from the official WordPress.org repository[1]. The affected plugins include: - Social Warfare (30,000+ active installations) - Blaze Widget - Wrapper Link Element - Contact Form 7 Multi-Step Addon - Simply Show Hooks The malicious code injected into these plugins allowed attackers to create unauthorized administrator accounts and inject SEO spam across compromised websites. The initial compromise is believed to have occurred on June 21, 2024, with ongoing updates by the attackers[1]. Wordfence's Threat Intelligence team detected the issue on June 24, 2024, after the WordPress.org Plugin Review team reported the compromise of the Social Warfare plugin. Versions 4.4.6.4 to 4.4.7.1 of Social Warfare were found to be creating users with administrative privileges[1]. In response, the compromised plugins have been delisted from the WordPress.org repository. The Plugin Review Team has released a clean updated version (4.4.7.3) of Social Warfare, and website administrators are strongly advised to update immediately[1]. If you're using any of the affected plugins, take immediate action: 1. Initiate incident response mode 2. Review administrative accounts for unauthorized access 3. Conduct thorough malware scans 4. Update to patched versions or remove the plugins entirely. Sources [1] Backdoor found in WordPress plugins with 35,000+ installations https://lnkd.in/gXg5Fqxc [2] Backdoor Found in WordPress Plugin With More Than 200,000 ... https://lnkd.in/g84FnECX [3] Backdoor found in WordPress plugins with 35000 installations https://lnkd.in/gsYk5vSU [4] Hacker News - All | Search powered by Algolia https://lnkd.in/gK8C8v93 [5] Alex Ivanovs (@stackdiary) / X https://lnkd.in/gsPqpz3x

OpenAI, the company behind ChatGPT, has made waves in the tech world with its recent acquisition of Multi, a startup that specializes in advanced screensharing and collaboration tools[1][3]. This move has sparked both excitement and concern among industry observers and users alike. Multi, formerly known as Remotion, was founded in 2019 and focused on creating multiplayer collaboration software for remote teams[1][3]. The startup's key features included simultaneous screen sharing for up to 10 users, automatic deep links for code, and customizable shortcuts[1]. These capabilities allowed for seamless collaboration among software engineering teams, essentially making desktop computers "inherently multiplayer"[4]. The acquisition has led to speculation about how OpenAI might integrate Multi's technology into its existing AI systems, particularly the ChatGPT desktop app[4]. Some industry watchers suggest that this could enable ChatGPT to perform actions directly on a user's computer, such as drawing on the screen or editing code[4]. This potential for AI to "take over" a user's computer based on text or voice prompts has generated significant buzz in the tech community[3]. However, the prospect of an AI system having direct control over a user's computer has also raised concerns about security and privacy[4]. As AI continues to evolve and integrate more deeply into our daily lives, these issues will likely become increasingly important topics of discussion. It's worth noting that OpenAI has been on an acquisition spree lately, having recently purchased database technology firm Rockset as well[1][3]. These moves suggest that OpenAI is looking to expand its capabilities beyond generative AI chatbots and into the enterprise online collaboration market[1]. While the full implications of this acquisition remain to be seen, it's clear that OpenAI is positioning itself at the forefront of AI-driven collaboration and productivity tools. As the company continues to push the boundaries of what's possible with AI, we can expect to see more innovative and potentially transformative developments in the near future. For now, current Multi users have been given a one-month notice to migrate their data before the service is shut down[1][3]. The Multi team, including co-founders Alexander Embiricos and Charley Ho, will be joining OpenAI to work on future projects[1][3]. Citations: [1] https://lnkd.in/gAW9gXz3 [2] https://lnkd.in/gq3eRAsv [3] https://lnkd.in/gvXdGtYS [4] https://lnkd.in/gW7pkNYj [5] https://lnkd.in/g6eaWUgC