Microsoft patches 57 security flaws, Sola aims to build the ‘Stripe for security’, US council wants to counter China threats
In today’s cybersecurity news…
Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days
Microsoft released patches for 57 security flaws, including 6 actively exploited zero-days affecting Windows Kernel, NTFS, FAT File System, and Microsoft Management Console. Exploits involve use-after-free, integer overflow, and heap-based buffer overflow, with PipeMagic malware used in targeted attacks. Threat actors can chain vulnerabilities to execute remote code via malicious VHD files. The U.S. Cybersecurity and Infrastructure Security Agency – or CISA – has ordered federal agencies to apply fixes by April 1, 2025.
US communications regulator to create council to counter China technology threats
The US Federal Communications Commission? is creating a national security council to strengthen U.S. defenses against Chinese cyber threats and technological competition. Led by Adam Chan, the council will focus on critical technologies like 5G, AI, satellites, and quantum computing while addressing vulnerabilities in telecom networks and supply chains. An early priority is Salt Typhoon, a large-scale Chinese attack on U.S. telecoms. The move reflects a broader U.S. effort to counter China’s influence in technology and national security.
Signal no longer cooperating with Ukraine on Russian cyberthreats, official says
Ukrainian official Serhii Demediuk claims that Signal has stopped cooperating with Ukraine on Russian cyberthreats, which has helped Moscow’s intelligence operations. Russian attackers have been said to be exploiting Signal for phishing and account takeovers. Demediuk says the shift may be tied to U.S. political instability and warned that it threatens Ukraine’s security.
The Linux Foundation’s latest partnership could shake up open-source ecosystems – here’s why
The Linux Foundation and OpenInfra Foundation have announced a merger, with OpenInfra joining as a member foundation. This partnership unites their ecosystems to strengthen open-source solutions, particularly in data centers and infrastructure. OpenInfra was previously the OpenStack Foundation and oversees projects like Kubernetes and PyTorch, while leveraging the Linux Foundation’s governance.
(ZDNet)
Thanks to today’s episode sponsor, Vanta
China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days
Security firm Dragos published a case study revealing that the Chinese hacker group Volt Typhoon infiltrated the U.S. electric grid through a breach at Littleton Electric Light and Water Departments (LELWD) in Massachusetts. The hackers had access to the utility’s network for over 300 days, collecting sensitive operational technology (OT) data, including information on energy grid operations. This data could be used for future targeted attacks. Volt Typhoon, linked to the Chinese government, has been previously associated with espionage and attacks on U.S. critical infrastructure.
Sola emerges from stealth with $30M to build the ‘Stripe for security’
Israeli startup Sola raised $30 million in seed funding to launch a low/no-code platform for building customized cybersecurity apps. Sola is meant to simplify security management for organizations with limited technical teams, and let users create tailored security solutions without extensive coding. The platform integrates with existing security tools and works with AI and big data to streamline operations.?
Clear risks that Sweden’s security situation could get worse, Swedish security police says
Sweden’s security police (SAPO) warned that the country’s security situation is serious and could worsen due to hybrid threats from foreign powers like Russia, China, and Iran. These threats include cyberattacks, espionage, and destabilization efforts targeting Sweden and Europe. SAPO’s head, Charlotte von Essen, emphasized the unpredictability of future risks.
(Reuters)
In Memoriam: Mark Klein, AT&T Whistleblower Who Revealed NSA Mass Spying
Mark Klein, the former AT&T technician who exposed a secret NSA surveillance program, has died. Klein revealed that the NSA had installed a secret room at AT&T’s San Francisco office, where internet data was copied and routed to the government. In 2006, he brought over 100 pages of evidence to the Electronic Frontier Foundation, which led to lawsuits against the NSA and increased public awareness of mass surveillance. Despite threats from AT&T, Klein stood by his claims, inspiring reforms and greater scrutiny of government spying.?
(EFF)