May 2024 - Latest Cyber Security News

Written By Steve Sharer

Each month we post a round-up of cyber security news that we find insightful and contributes to a more up-to-date understanding of the world of cyber security.

New Mobile Device Threat Detection Capabilities

Google recently introduced new AI-powered tools to Android devices to help protect sensitive data if the device is stolen. The tools can automatically lock a phone if the device detects that it has been snatched out of a person’s hand. These updates are definitely welcome - recent statistics from one major European city report that a mobile device is stolen every six minutes. 

Thieves target the ubiquitous mobile devices in an effort to resell them to an unsuspecting buyer, use their access to conduct fraud against the contacts in the phone, as well as to access banking information. 

Similar features were added to Apple devices earlier this year as a part of the stolen device protection system. [Source]

The White House & Industry Leaders Push For Safe Software

The White House’s Office of the National Cyber Director (ONCD) published a report that encourages software developers to take specific steps to improve the security of their software. 

The primary recommendation is to use what is called “memory-safe” programming languages which help to protect the software and the computer running that software from attacks. Many significant data breaches and cyber attacks can be attributed to vulnerabilities relating to memory safety, from the Morris worm of 1988, the Slammer worm of 2003, the Heartbleed vulnerability in 2014, the Trident exploit of 2016, to the Blastpass exploit of 2023, all of which caused significant harm to networks and systems.. 

The other recommendation is that software developers should adopt principles of creating software that is secure by design. In this paradigm, security is built into the software development process instead of being considered as an afterthought. [Source]

Update Now: Critical-Severity Google Chrome Vulnerabilities

Google has identified and patched several recent critical-severity flaws in its Google Chrome web browser that are being actively exploited by hackers. RipRap Security recommends that you ask your team to update their Chrome browsers as soon as possible. For instructions on how to update Google Chrome, please visit this link.

This vulnerability also affects other Chromium-based browsers, including Microsoft Edge, Brave, and Opera. [Source]

Steve Sharer
Previous

Tech How-To: Building A Hacker Toolbox
Next

Three Best Practices For Protecting Your Nonprofit’s Critical Data