In the second post on Tech Talk, we continue to explore the latest and most critical cybersecurity issues. This week we focus on new threats, regulatory actions and security challenges from both government and private actors.
Followed by CVE-2024-30078
The recently discovered Wi-Fi vulnerability (CVE-2024-30078) in Windows continues to make headlines. Researchers have identified a flaw in the “Dot11Translate80211ToEthernetNdisPacket()” function in the Windows Wi-Fi driver (nwifi.sys). This allows attackers to exploit the buffer overflow by sending specific frame constructs. Exploit code for the vulnerability has been reported to sell for $5000 on the dark web. An interesting aspect is that compromised routers can be used to attack vulnerable devices over large distances, allowing the threat to spread globally. Updating is critical for all Windows users. LINK
USA Bans Kaspersky Software
The US Department of Commerce has announced a blanket ban on Kaspersky Lab’s software, citing national security concerns. The ban means that Kaspersky is not allowed to sell its products or provide updates to US customers. The decision is based on concerns that the Russian government could use the company to collect and weaponize US user data. Kaspersky has objected to the decision and intends to appeal. This ban also affects international cooperation in cyber security. https://www.bbc.com/news/articles/ceqq7663wd2o
EU Privacy Authority Reports Google for Privacy Sandbox
A European privacy organization, NOYB, has filed a complaint with the Austrian data protection authority against Google’s new Privacy Sandbox technology. The organization claims that Google misleads users into activating a so-called “privacy feature” that actually tracks users. Google has defended itself by claiming that the Privacy Sandbox aims to improve user privacy by phasing out third-party cookies. This debate highlights the complex issues surrounding digital privacy and tracking. LINK
Dark History of Password Generators
An interesting story about an old flaw in RoboForm’s password generator has surfaced. A user, who lost the password to his Bitcoin wallet worth millions, managed to regain access thanks to a flaw in the software’s pseudo-random number generator. The password generator used the system’s current time and date, making passwords predictable. This emphasizes the importance of using reliable and transparent tools for security-critical tasks. LINK
Kremlin Extends Ban on Foreign IT Security Services
In response to the US measures, the Kremlin has extended its ban on Russian authorities and critical organizations using IT security services from “hostile” countries. This ban will take effect on January 1, 2025 and is part of the ongoing cybersecurity conflict between major world powers. LINK
