- InfoSecSam's Newsletter
- Posts
- US Ban, Evil Extensions, ULEZ vigilantes, Project Resources + More
US Ban, Evil Extensions, ULEZ vigilantes, Project Resources + More
InfoSec Sam
June 23, 2024
This week's newsletter
Recent News
Car Trouble
A recent cyberattack has caused chaos in the automotive industry in the US and Canada. The target this time was CDK Global, a software provider for car dealerships. The attack has disrupted systems storing customer records and automating sales and service paperwork
CDK Global is actively working with cybersecurity experts and law enforcement to recover and restore services. However, the full extent of the breach and the timeline for recovery is still unclear. Another ransomware attack maybe?
US Ban Kaspersky
The US government has banned the use of Kaspersky software in federal agencies, citing national security concerns. This decision follows warnings from security experts about potential risks posed by Kaspersky's ties to the Russian government.
Kaspersky Lab is a prominent Russian cybersecurity firm (you may have come across their AV products).The ban aims to protect sensitive data and critical infrastructure from potential cyber threats. Federal agencies have been instructed to remove Kaspersky products from their systems immediately. Is this warranted or over the top?
Patch Patch Patch
Microsoft has released its latest Patch Tuesday updates for June 2024. And this time, they come with a fix for a zero-click Outlook vulnerability that could lead to remote code execution.
This highlights the importance for us cybersecurity professionals to ensure users and organisations we help protect keep their systems up to date with the latest patches.
Evil Extensions
A trio of researchers just published a paper about recent Chrome Web Store data that suggest the risk posed by browser extensions is far greater than Google admits to.
Browser extensions potentially have access to sensitive information making them a huge security concern. To make matters worse, the researchers found that the Google store rating system doesn't appear to be effective at separating good extensions from bad ones.
The good news is that Google is taking steps to address the risks identified by the research report but won’t be fully realised until 2025.
Other News
Car CAN Criminals - Researchers have found that thieves are stealing cars using CAN injection attack. This is by pulling off the bumper and unplugging the headlight cables to reach wires connected to an electronic control unit responsible for the vehicle’s smart key.
Mysterious Monolith - A monolith was found about 20 miles north of Las Vegas, eliciting memories of similar discoveries around the world in 2020.
ULEZ OutLawZ - Vigilante’s are cutting down the new ULEZ carbon tracking cameras in London. The ULEZ campaign has faced massive backlash resulting in some committing these actions.
Career Development
This week I am sharing several links to resources you can use to help build your project portfolio to enhance your profile and chances of landing a role.
You should do your own research and look into projects that fit your skill level and the roles you want to get into but hopefully these resources will give you somewhere to start.