Good Morning, Security Enthusiasts! – Thursday, December 7th, 2023, brings a plethora of significant updates in the cybersecurity world. The week's highlights include a tribute to the late Steven Katz, the world's first Chief Information Security Officer (CISO), and various critical cybersecurity incidents and advancements impacting global security.
Honoring Steven Katz, the First CISO - The cybersecurity community mourns the loss of Steven Katz, the pioneer CISO appointed by Citicorp in 1995. Katz's contributions to the industry have been invaluable, shaping the role of CISOs in modern organizations.
Government Surveillance Alert - U.S. Senator Ron Wyden has raised concerns about government agencies globally requesting mobile phone notification records from Apple and Google, potentially spying on users. This revelation underscores the thin line between government surveillance and potential misuse by threat actors.
Austal USA's Cyber Attack - Austal USA, a key contractor for the U.S. Department of Defense and Homeland Security, confirmed a cyber attack. Although no classified information was reportedly compromised, the incident raises questions about the security of critical defense infrastructure.
Nissan's Data Breach Investigation - Nissan is probing a cyber attack on its Australian and New Zealand systems, with personal information of customers possibly at risk. The auto giant's proactive approach highlights the growing concern of data security in the corporate sector.
New CPU Attack - SLAM - Researchers at VU Amsterdam University have uncovered a new attack method, named SLAM, targeting modern CPUs from Intel, AMD, and ARM. This finding emphasizes the ongoing challenges in safeguarding against hardware vulnerabilities.
Atlassian Patches Critical RCE Flaws - In a proactive security move, Atlassian has patched critical remote code execution flaws across multiple products. This step reflects the importance of continuous vigilance and updating in cybersecurity.
CVE-2023-22522: Template injection flaw allowing authenticated users, including those with anonymous access, to inject unsafe input into a Confluence page (critical, with a 9.0 severity score). The flaw impacts all Confluence Data Center and Server versions after 4.0.0 and up to 8.5.3.
CVE-2023-22523: Privileged RCE in Assets Discovery agent impacting Jira Service Management Cloud, Server, and Data Center (critical, with a 9.8 severity score). Vulnerable Asset Discovery versions are anything below 3.2.0 for Cloud and 6.2.0 for Data Center and Server.
CVE-2023-22524: Bypass of blocklist and macOS Gatekeeper on the companion app for Confluence Server and Data Center for macOS, impacting all versions of the app prior to 2.0.0 (critical, with a 9.6 severity score).
CVE-2022-1471: RCE in SnakeYAML library impacting multiple versions of Jira, Bitbucket, and Confluence products (critical, with a 9.8 severity score).
CISOs Anticipate Reduced Headcounts - A new report indicates that nearly 50% of CISOs plan to cut down their security teams in 2024. This surprising trend, amidst a backdrop of increasing cyber threats, suggests a shift towards automation and more efficient security strategies.
Bluetooth Flaw Endangers Multiple Devices - A newly discovered Bluetooth flaw, CVE-2023-45866, presents a significant threat to Android, iOS, Linux, and macOS devices. This vulnerability could allow attackers to take control over devices, demonstrating the ever-evolving nature of cyber threats.
Shadow Banning Concerns - The podcast also touched upon the issue of shadow banning on major platforms, highlighting the challenges of content visibility and platform regulations in the digital space.
Looking Ahead - The week's events underscore the dynamic and ever-changing landscape of cybersecurity. As we head towards the end of the year, the field continues to face new challenges and breakthroughs, emphasizing the need for constant vigilance and adaptation in the digital age.
Stay tuned for more updates in the world of cybersecurity. Stay safe and informed!
Story Links:
https://thehackernews.com/2023/12/new-bluetooth-flaw-let-hackers-take.html
Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel!
Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact
******
Listen here: https://linktr.ee/cyberhubpodcast
SubStack:
******
Website: https://www.cyberhubpodcast.com
Youtube: https://www.youtube.com/c/TheCyberHubPodcast
Rumble: https://rumble.com/c/c-1353861
Facebook: https://www.facebook.com/CyberHubpodcast/
Linkedin: https://www.linkedin.com/company/cyberhubpodcast/
Twitter: https://twitter.com/cyberhubpodcast
Instagram: https://www.instagram.com/cyberhubpodcast
The Hub of the Infosec Community.
Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Share this post