Threads out in Turkey, Palo Alto backdoor, Microsoft’ security overhaul
Meta to close Threads in Turkey
Last month, the Turkish Competition Authority found that Meta abused its market position by not providing an opt-in for combining newly created Threads profiles with Instagram accounts. In response to an interim injunction based on that finding, the social network giant said it will “temporarily” shut down its Threads service in Turkey as of April 29th. Ahead of the shutdown date, Meta will notify Turkish Threads users and give them the option to delete or deactivate their accounts, the latter will allow them to bring back an account if the service becomes available in the future.?
(Meta, TechCrunch)
Palo Alto fixes backdoor zero-day
Late last week, Palo Alto networks warned that threat actors began exploting a maximum severity zero-day impacting its PAN-OS firewalls, with attacks seen since March 26th. The flaw allows for a low-complexity command injection to gain root access without any user interaction, or as its known in the industry, “bad.” The security firm Volexity tied the attacks to suspected state sponsored threat group it calls UTA0218. Now the company released a hotfix for the most vulnerable OS versions, with a full rollout expected in the coming days. Users can also disable device telemetry features as a mitigation.?
Details on Microsoft’s security overhaul?
After the US Cyber Safety Review Board issued a report critical of Microsoft’s security policies, the company committed to a large-scale security overhaul, pledging to speed remediation of cloud vulnerabilities, harden credentials, and mandate MFA for employees. Microsoft security chief Charlie Bell said the company is “ground zero” for state sponsored attackers due to its dominance in productivity and desktop OS markets. Bloomberg’s Andrew Martin and Dina Bass note Microsoft faced similar security criticism in the early 2000s, which saw the company halt Windows development for six-months to focus on a more security-minded culture. Given the constant drumbeat of Windows updates and its race to dominate the emerging LLM market, a similar pause seems highly unlikely.?
Daixin claims credit for Omni attack
Back on April 2nd, Omni Hotels confired a cyberattack cause a massive IT outage across its hotel network. The Daixin team now claims credit for the attack, listing Omni on its leak site. So far it did not publish any proof of this claim, claiming to will leak stolen data soon. The group claims it obtained information on all visitors to the hotel chain since 2017. This markets a bit of a change for Daixin. CISA warned in late 2022 that the group targets the Healthcare and Public Health sector, typically gaining access through vulnerable VPN servers.?
Huge thanks to our sponsor, Conveyor
Nexperia confirms cyberattack
The Chinese-owned chipmaking giant confirmed it suffered a cyberattack in March 2024. It did not release details on any data loss or suspected attackers. However the Dunghill ransomware group previously listed Nexperia on its leak site, claiming it stole roughly 1 terabyte of data, including chip designs, customer and employee information. The Dutch broadcaster RTL confirmed that samples of leaked data from Dunghill belong to Nexperia.?
Smishing somehow makes tolls worse
The FBI issues a PSA warning of a new smishing campaign monitored since March across three states. This campaign sends out fraudulent SMS messages asking victims to pay small outstanding toll amounts to avoid a larger fine. The message shows actual toll agency names and phone numbers appropriate for a person’s location, but points to a further phishing site. The FBI warned users to look up a tolling authorities legitimate information and contact them directly if there is any question on unpaid tolls.?
Lighttpd finds out CVEs matter
Back in August 2018, the open-source web server project Lighttpd (pronounced “Lighty”) fixed an out-of-bounds read vulnerability that could allow exfiltration of sensitive data to bypass other security systems. However the flaw never project never received a CVE identifier or sent out an advisory on the issue. As a result, the security firm Binarly discovered Intel and Lenovo shipped a vulnerable version of Lighttpd on baseboard management controllers for years. Adding to the issue, hardware that shipped with the vulnerable version have now reached end-of-life, with no plans to patch it now.?
Stanford releases AI Index Report
This marks the seventh edition of the AI Index. The university found AI currently surpasses human performance on image classification, visual reasoning, and English comprehension, but lags in planning, commonsense reasoning, and advanced mathematics.? Unsurprisingly investment in generative AI octupled since 2022 to $25.2 billion, with so-called frontier models becoming increasingly expensive to train. Google’s Gemini Ultra model cost $191 million in training compute costs as an example. It also found a lack of serious standardized evaluations for AI responsibility across the industry. The index also highlighted research showing productivity gains using AI and as a potential way to bridge the skills gap between workers.?
(Stanford)
Windows learns new tricks
It’s been a good couple of days for old things to get Windows updates. First up, Microsoft rescinded a compatibility block on Windows 11 upgrades, impacting some Intel 11th Gen Core CPUs with Intel Smart Sound Technology drivers. These systems saw blue screens of death when upgrading to Windows 11 21H2. Microsoft resolved the driver issue and lifted the upgrade block over the weekend. In other news, YouTuber MattKC documented his process of backporting .NET 2.0 to Windows 95. The code for the backport is available on GitHub, with a simple .exe to install. MattKC plans to eventually bring .NET 3.5 support to the venerable OS.?