In today’s cybersecurity news…
Microsoft resets Recall plans
Following up on a story that dogged the industry last week, Microsoft announced on Friday that its new feature Recall will not be released as active by default, but will instead be an opt-in feature. The feature, which had been designed as a visual timeline, capturing screenshots of users, screens every five seconds to be analyzed and parsed was immediately decried by security experts for its potential as a gaping security lapse, with WIRED’s Andy Greenberg going so far as to call it “unrequested, pre-installed spyware.” Microsoft has responded by pointing out Recall’s security features and how a user remains in total control of its functionality. Researcher Kevin Beaumont whose warnings were instrumental in getting Microsoft to change course on the product did add later, “There are obviously going to be devils in the details…but there’s some good elements here. Microsoft needs to commit to not trying to sneak users to enable it in the future.”
LastPass says 12-hour outage caused by bad Chrome extension update
According to representatives from the company, an outage that occurred on Thursday was a result of “a bad update to its Google Chrome extension,” which put too much stress on its servers. This left users with a 404 Not Found message when attempting to access their accounts, even in offline mode. The bad update to Chrome. The problems for users started after LastPass launched an update on June 6. Lawrence Abrams, writing in BleepingComputer suggests that “the extension was creating too many requests, essentially DDoSing the platform.”
New York Times source code stolen using exposed GitHub token
“Basically all source code belonging to the New York Times Company, 270GB.” This was the ad headline placed on a 4chan forum post, referring to data stolen from the company’s GitHub repositories in January 2024. This stolen data included “IT documentation, infrastructure tools, and source code, allegedly including the viral Wordle game.” The Times, in a statement described it as “when a credential to a cloud-based third-party code platform was inadvertently made available.”
And now a word from our sponsor, Vanta
Angry Club Penguin hackers allegedly steal Disney data
4chan was not only the site of the New York Times data breach; it also hosted a link to Internal Club Penguin PDFs, a breach file that not only contained old information about Club Penguin – the popular multiplayer online game that was shuttered in 2017 – reported also contained information, from as recently as this month, about “Disney+, corporate strategies, advertising plans, links to Disney’s internal websites, and its internal developer tools Helios and Communicore, all allegedly stored on Disney’s Confluence server.
(Gizmodo)
Eye care management services company Panorama announces breach
Colorado-based Panorama Eyecare “owns or provides services to dozens of optometry or ophthalmology offices in the Rocky Mountain region. Its systems manage IT departments, HR, payroll, marketing and capital improvements for equipment and facilities.” In a report submitted to regulators in Maine and Massachusetts, it disclosed that a cyberattack that happened in June 2023 resulted in the theft of PII and some financial and medical information of almost 378,000 current and former patients and employees had been stolen. The company did not mention whether the event was a ransomware attack, however last July, the now-defunct LockBit gang claimed credit for the attack.
Expert warns of Akira as next big thing in ransomware
The director of cyber threat intelligence at Tidal Cyber, Scott Small, has stated in an interview that although Akira’s activity is currently low key, its crew are “very much a skilled group.” It uses tools that are less commonly deployed by other groups, such as using FTP to exfiltrate files, and they also like to pursue smaller organizations with the goal of using them to access larger targets. Small warns, “the gang’s ‘intent and capability’ should get the attention of CSOs.”
PHP vulnerability a threat to Windows servers
According to security researcher Orange Tsai at Taiwan-based DEVCORE, this new critical security flaw impacting PHP could be exploited to achieve remote code execution under certain circumstances. The vulnerability, which has a CVE number, is being described as “a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system.” Although a fix has been made available, DEVCORE warns that “all XAMPP installations on Windows are vulnerable by default when configured to use the locales for Traditional Chinese, Simplified Chinese, or Japanese.” The company also recommends that administrators move away from the outdated PHP CGI altogether and opt for a more secure solution such as Mod-PHP, FastCGI, or PHP-FPM.” This is not the same as the ThinkPMP vulnerability that we reported on on Friday.