Apple security, Snowflake, Microsoft testimony, data Breaches, AI Risks, and Emoji-Controlled Malware.

6/9-16/2024

Welcome to this week's cybersecurity update, where we explore the latest threats and trends impacting our digital world. In the next week, we are about to publish a free book report for Q1&2. If you are interested in a sponsorship, please let us know - Emma.

Highlights

• Apple WWDC announcements for iphone and mac for AI safety and security.

• Snowflake's investigation for customer data sold in a darkweb (Review)

• Microsoft president testifies on cybersecurity failure before the house. (Review)

Ransomware's Evolution: The New Brutality

The fight against ransomware continues, but experts are raising concerns about its escalating brutality. WIRED reports that ransomware gangs are becoming more aggressive in their tactics, including threatening victims with real-world violence and targeting sensitive data to increase pressure. This week's news highlights the urgency for businesses and individuals to prioritize ransomware protection and response strategies. (https://www.wired.com/story/state-of-ransomware-2024/)

Vulnerability Exploits: PHP and Wi-Fi

This week saw the weaponization of a critical vulnerability in PHP, CVE-2024-4577, by the TellYouThePass ransomware gang, impacting thousands of servers. The vulnerability, which has a severity rating of 9.8, allows attackers to execute arbitrary code on vulnerable systems. (https://www.helpnetsecurity.com/2024/06/13/cve-2024-4577-exploited/)

A new Wi-Fi vulnerability in Windows, CVE-2024-30078, also emerged, allowing attackers to gain remote code execution without any user interaction. This vulnerability poses a significant risk in public environments like hotels and trade shows, emphasizing the need for prompt updates. (https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/)

Phishing and Data Breaches: LA County and JPMorgan Chase

The L.A. County Department of Public Health was hit with a phishing attack that potentially exposed the personal information of over 200,000 residents. (https://www.latimes.com/california/story/2024-06-14/la-county-public-health-data-breach-possibly-affects-200-000-are-you-one-of-them) T

A class-action lawsuit accuses JPMorgan Chase of leaking customer data through Facebook transmissions, underscoring the importance of safeguarding sensitive information even in seemingly secure channels. (https://dailyhodl.com/2024/06/15/jpmorgan-chase-accused-of-leaking-customers-personal-information-and-social-security-numbers-in-secret-facebook-transmissions-class-action-lawsuit/)

The Rise of Emoji-Based Malware: DISGOMOJI

A new Linux malware, DISGOMOJI, leverages emojis sent from Discord to control infected devices, demonstrating the evolving methods used by cybercriminals. This malware targets government agencies in India, raising concerns about nation-state cyberattacks. (https://www.bleepingcomputer.com/news/security/new-linux-malware-is-controlled-through-emojis-sent-from-discord/)

AI Security: Apple's Solution

Apple Security Research unveiled Private Cloud Compute (PCC), a new cloud intelligence system designed for private AI processing. PCC aims to extend Apple's existing security and privacy protections to the cloud, ensuring user data remains secure. (https://security.apple.com/blog/private-cloud-compute/) However, it still does not address the core issues of LLM and other vulnerabilities. Further can be read here. https://www.darkreading.com/cyber-risk/apple-intelligence-could-introduce-device-security-risks

Stay informed, stay protected. These developments highlight the ever-evolving nature of cybersecurity threats and the importance of staying informed and taking proactive measures to protect ourselves and our data.