November 2024 News & Tips | Cybersecurity News Roundup

Month's Cyber News in Review

Welcome back to the monthly TCE Strategy newsletter! From Nation State cyber threats to patching your Macs, there is a lot to cover. Let’s see how this month’s cybersecurity news can help us make better decisions about what is Secure Enough for us, the companies we work for, and our families.

AI is a double-edged sword

If you haven’t used an AI tool such as ChatGPT, you are missing out. They can genuinely do some cool things, and their usefulness is only going to improve as time goes by. There have been lots of articles written about the dangers of AI, and there are indeed dangers. AI is not inherently bad, though. It’s like a sledgehammer; morally agnostic, genuinely useful, and you have to be careful with it. In this month’s news, we have a great story from Google on how they used AI to find a previously-unknown vulnerability in a piece of software called SQLite. There is no doubt that AI is also being used by bad people to find vulnerabilities and exploit them, but it’s nice to see a positive development in the AI revolution.

Takeaway: AI is like the Internet. It’s going to change how we relate to technology and to each other. It’s worth giving a try, in my opinion.

Cybercriminals are not immune from getting caught

In more cybersecurity good news, two hackers behind the massive Snowflake breach (I was interviewed about this breach and its impact on Ticketmaster a few months ago) have been identified, charged, and one has been arrested as of November 12th. Snowflake is a company that compiles and analyzes data from many companies. The Snowflake breach acted as a treasure trove of information from companies such as AT&T, Ticketmaster, LendingTree, Neiman Marcus, Advance Auto Parts and more. The two hackers made 36 bitcoin as extortions from this breach. I’m hoping they have a hard time spending that money from behind bars.

North Korea is targeting Mac computers

North Korea is one of the only nation states that hacks for monetary gain. Most governments are more interested in influencing elections of foreign governments, stealing military secrets or intellectual property, that sort of thing. North Korea is cash poor, and the cryptocurrency world has made a terrific proving ground for them to turn hacks into cash. In an interesting and unusual hack, North Korea has been accused of developing very novel malware that targets older Mac Operating Systems. It hides bad code in something called “extended attributes,” which is such an unusual way of hacking a computer that the well-known MITRE ATT&CK framework doesn’t have this listed as an attack vector. There was obviously a lot of time/effort that went into developing this exploit.

Takeaway: I get a lot of clients that try to find a way out of patching old systems’ cybersecurity holes, stating that unless the hack involves a Windows computer, it isn’t important. That simply isn’t true. Macs get targeted. Linux machines get targeted. Heck, back in 2017 it was revealed that the CIA was hacking into Samsung TVs to use them as microphones to spy on, well, whomever they wanted to spy on. All Internet-connected devices need care/feeding to keep them safe from cybercriminals.

CISA publishes most-often exploited vulnerabilities in 2023.

On November 12, CISA (along with many other government cyber groups) published a list of the most often exploited vulnerabilities in 2023. While the publication may be a little late, it is an extremely interesting read. Regrettably, some of the vulnerabilities go back years, such as Log4jShell (from December 2021) and Microsoft Netlogon (from 2020). These issues were red-alerts when they began getting exploited, and time does not diminish the criticality of patching Internet-facing systems.

Takeaway: If you have a system facing the Internet, it needs vulnerability scanning and periodic patching. Think of Internet-facing systems like a car: the cost to purchase it is only part of the equation. The necessary care/maintenance/upkeep is imperative, or it can become dangerous to those that depend on it.

Until next month, stay safe!

Upcoming Speaking Events

Here is a list of the cities that I will be in over the next several months. Please reach out if you have an event in mind!

December 2-6, Key West, FL

February 11-15, Las Vegas, NV

March 25-31, Oklahoma City, OK

April 1-4, New Orleans, NV

April 15-18, Las Vegas, NV

May 26-30, Las Vegas, NV

June 3-6, Victoria, BC, Canada

July 3, Brainerd, MN

July 9-21, Dublin, Ireland

October 13-17, Waikiki, HI

Cybersecurity Tip of the Month

The holidays can be?a whirlwind of activity with endless demands on our time and energy—events, shopping, family traditions, and?more. It’s no wonder it can feel overwhelming!

This month, take a moment to ensure your cybersecurity basics are covered: strengthen your passwords, enable multi-factor authentication whenever you can, and make sure your devices are set to automatically update and patch.

After that, consider giving yourself the gift of a digital break. Step away from the screen, even if just for a little while, and focus on being present with the people and moments that matter most.

Wishing you a safe and joyous holiday season!