Security News Update for Week Ending July 5, 2024
Speculative Execution Raises its Ugly Head Again
Speculative execution is a type of attack that exploits bugs or features in Intel, AMD and Arm processors that try to squeeze that last ounce of juice out of that processor in your computer or phone. This family of attacks has been around for years. A famous one is called Spectre and dates back to 2018, which is an eon in Internet time. Some of these attacks only work on some of the processor families while others work on all of them. Sometimes new security fixes turn out not to be fixes at all, as is the case with TikTag, which affects Linux systems including Android phones. These attacks are a bit of a cat and mouse game and since they are often hardware based, often they cannot be fixed in existing chips. Learn more from The Register.
Large West Coast Credit Union Hit by Ransomware – Customers Confused
Patelco Credit Union has $9 billion in assets and 500,000 members but right now, they can’t access their accounts online and the CEO said that the next days and weeks may present challenges for our members. No one is suggesting that people will lose their money, but not being able to access is a problem for most people. And, apparently, their messaging is a bit confusing. If that is the only account you have, that might mean that you can’t buy groceries or gas for your car. The credit union said you can still write a check – assuming you even have any and the store will accept one. OUCH! The NCUA, which insures credit unions, issued a rule, effective last September 1, requiring credit unions to notify them within 72 hours if they are hacked. They received close to 150 notices in the first month! Not only is hacking a credit union profitable (are they going to reissue 500,000 debit cards plus however many credit cards and close and reopen 500,000 customers checking and savings accounts ?) but it creates fear and chaos – very useful from Russia and China’s point of view. Credit: The Record
Car Dealers Lost Over $600 Million Due to CDK Breach – so Far
Direct losses to car dealers impacted by the CDK software outage could reach a billion dollars and current estimates are that ongoing operational disruptions will cost them $944 million if the outage extends into this weekend. Money that, likely, CDK will be sued to recover. That does not include the money that CDK is spending to fix the problem. This will be a multi-billion dollar problem for CDK. Credit: Foxbusiness
EU Hosting Provider Says They Have to Fight 840 Mbps DDoS Attacks
Denial of service attacks are getting bigger – quickly. OVH, the French hosting provider who is a competitor to Amazon web services, especially in Europe, said they are fighting 500 megabit per second attacks regularly and sometimes 600 Mbps and 800+ Mbps attacks. In the most recent case they said the attack came from just 5,000 infected routers, two thirds of which came from just four Internet Points of Presence, all in the United States. If your business depends on your servers being available, you need to have a plan to mitigate attacks like these (these attacks are for extortion, so either pay up or get nuked). If you need help, contact us. Credit: Bleeping Computer
Brazil’s Data Protection Authority Bans Meta from Processing Users’ Data
As AI apps continue on their insatiable diet of user’s information, more folks are getting upset. In this most recent turn of events, Brazil has told Meta that it does not have a sufficient “basis” for processing personal data and that their processing is based on an inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects and risks to children and adolescents. Other than that, Zuck is good to go.