CyberSecurity Knuggets

Feb 24, 2024

I just heard about Google’s latest security feature in Chrome 122, which aims to reduce the browser’s attack surface by allowing users to disable Just-In-Time (JIT) compilation for V8, the engine inside Chrome that processes JavaScript and WebAssembly code. This is a significant win for browser security, as V8 and its JIT compiler have been the source of numerous vulnerabilities and zero-day attacks in the past. The move was inspired by Microsoft Edge’s Super Duper Secure Mode, which proved successful in enhancing security.

Additionally, there are reports of several high-profile data breaches, ransomware attacks, and privacy violations, such as the Tangerine data breach, the PSI Software ransomware attack, and fines imposed on companies like DoorDash and Avast. The Biden Administration has also issued an executive order to strengthen cybersecurity at US ports, accompanied by a significant investment in port infrastructure. However, there are concerns about potential cyber threats to US water systems, espionage activities in the European Parliament, and fears of China using its dominance in the battery energy storage system market to sabotage the US power grid.

Furthermore, there are reports of ongoing cybercrime activities, such as the exploits of vulnerabilities in ConnectWise SmartConnect and multiple high-severity vulnerabilities across various products from Atlassian, VMware, and Zyxel. These issues require immediate attention to prevent further cyber threats and protect sensitive data and infrastructure. Today’s news highlights several critical cybersecurity issues that require immediate attention. First, there’s a cyberattack on Optum Solutions’s Change Healthcare platform, disrupting prescription processing at pharmacies across the US. The attack, suspected to be associated with a nation-state threat actor, has prompted recommendations for healthcare organizations to consider disconnection from Optum until it’s safe to reconnect. UnitedHealth Group, the parent company, is working to restore the affected systems, but the duration and extent of the disruption remain uncertain.

Another concerning development is the exploitation of critical flaws in ConnectWise’s ScreenConnect product by ransomware actors. Multiple attacks involving ScreenConnect have been reported, leading to the deployment of various malware, ransomware, and other malicious tools. The volume of attacks targeting ScreenConnect has more than doubled since the publication of a proof-of-concept exploit, underscoring the urgency for users to patch vulnerable servers and clients and check for signs of compromise.

Stay Well!