Supreme Court shields Twitter from liability and leaves Section 230 untouched
It was a good day for Silicon Valley on Thursday as the Supreme Court protected online platforms from two lawsuits that could have had dire consequences for the internet in general. The decisions preserve social media companies avoid lawsuits stemming from terrorist-related content. In Twitter v. Taamneh, the Supreme Court ruled that “Twitter will not have to face accusations it aided and abetted terrorism when it hosted tweets created by the terror group ISIS.” The court also dismissed Gonzalez v. Google, leaving the protections put in place through Section 230 of the Communications Decency Act intact.
Montana governor bans TikTok
One month almost to the day, after lawmakers in Montana passed bill SB419, Montana Gov. Greg Gianforte signed it on Wednesday, officially banning TikTok in the state. This, he said in a Tweet, is to “to protect Montanans’ personal and private data from the Chinese Communist Party,” officially making it the first state to ban the social media application. The bill will take effect in January, and specifically names TikTok as its target. It prohibits the app from operating within state lines, and set up potential fines of $10,000 per day for violators, including app stores who host the app.
Millions of smartphones distributed worldwide with preinstalled ‘Guerrilla’ malware
Trend Micro is warning of a threat actor who may have control over millions of smartphones worldwide due to preinstalled malware. The group behind the campaign is named the Lemon Group and the preloaded malware is called Guerrilla. Lemon has since changed its name to Durian Cloud SMS. The group’s main business involves analyzing big data to generate marketing opportunities for its clients, but “this allows it to monitor customers that can be further infected with other apps to build on,” Trend Micro added.
Congress looks to expand CISA’s role to satellites and open source
The Senate Homeland Security and Governmental Affairs Committee on Wednesday passed a bill that would “require CISA to maintain a commercial public satellite system clearinghouse and create voluntary cybersecurity recommendations for the space sector.” It further put forward legislation that would require CISA to create a “pilot civilian cyber reserve program to respond to incidents.” The House Homeland Security Committee also proposed legislation to CISA to work with the open source community in order to better secure open source. These moves represent the Biden administration’s mission of managing security risks, although many Republicans in both the House and Senate scoffed at giving CISA more responsibilities and authorities.
Thanks to this week’s episode sponsor, Hunters
Critical flaws in Cisco Small Business switches could allow remote attacks
Cisco has released updates to address flaws in its Small Business Series Switches. “These vulnerabilities are due to improper validation of requests that are sent to the web interface,” Cisco said. Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system and they could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. A list of the affected devices is available in the Hacker News link below.
Microsoft investigates slow Windows VPN speeds after May updates
Major speed issues are affecting L2TP/IPsec VPN connections after recent Windows 11 update installations. “According to reports from Windows users and administrators, the connection bandwidth issues were first caused by the optional April 2023 non-security update,” writes Bleeping Computer, continuing, “Redmond rolled the same fixes and improvements bundled in the KB5025305 preview update into the mandatory KB5026372 cumulative update released during this month’s Patch Tuesday, causing the connection issues to be experienced by a larger number of Windows users.” Microsoft is looking into the problem.
Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown
Earlier this month, the Oklahoma Institute of Allergy Asthma and Immunology stated it would be closing immediately due to a “cybersecurity event.” Dr. Amy Liebl Darter told KFOR that the problem started in February, when “she and her husband downloaded an iPhone app that created issues with all of the clinic’s technology – from phones to email and electronic medical records.”
Lacroix Group shuts down three facilities after a targeted cyberattack
The French electronics manufacturer that designs and manufactures electronic equipment automotive, aerospace, industrial, and health sectors, shut down facilities in France, Germany, and Tunisia in response to a cyberattack. Currently, no ransomware gang has claimed responsibility for the attack, but it does come just one week after Swiss multinational company ABB, a leading electrification and automation technology provider, was the victim of a Black Basta ransomware attack.