Follow ISA Cybersecurity on LinkedIn for the latest cybersecurity news
Weekly CyberTip: Automatic updates for mobile devices
Urgent patches this week from Apple and Google serve as a reminder about the importance of keeping our mobile devices patched promptly. Here are the settings to check to confirm that your iOS, macOS, or Android powered devices are set to auto-update:
iOS: Go to Settings > General > Software Update. Tap Automatic Updates, then enable the download, install, and security response sliders.
macOS: On your MacBook, choose Apple Menu, System Settings, then click General in the sidebar. Click Software Update on the right, then set the update options to automate the patching.
Android: Open Settings > System > Advanced > System Update and ensure that it has been turned on.
Head of CCCS calls for Canada/U.S. collaboration on cybersecurity
At the 14th Billington CyberSecurity Summit in Washington DC, Sami Khoury, the head of the Canadian Centre for Cyber Security (CCCS) reminded attendees about the importance of cross-border cooperation in defending Canada and the U.S. from cyber threats.
“It’s in our collective interests, both on the U.S. side and on the Canadian side, that we line up our cybersecurity effort, so that we are on message when we assess the threat,” Khoury said. “It’s the same infrastructure on both sides of the border,” referring to resources like finance, energy, and transportation.
Khoury, also highlighted the dangers faced by small and medium businesses in today’s cyber landscape. He worries that as larger, higher-profile organizations are strengthening their defenses, smaller organizations are unable to keep pace. SMBs “play an important role in society, and it’s important they take cybersecurity seriously,” Khoury said. “In many cases, these cybercriminals will go wherever they can find an opportunity. And if they see an opportunity in exploiting your networks or your operations, they will not hesitate.”
Noting the number of exploits of vulnerabilities that already have fixes available, Khoury warned organizations to avoid complacency, and to keep their systems updated.
“The message has to be repeated,” Khoury said. “We have to constantly push the message out that the threat is real, that companies have to take it seriously, that they have to build resilience and that they have to be vigilant about their networks and their activities.”
Capping a busy week of meetings with U.S. counterparts and appearances on two conference panels (speaking about current threats to global supply chains and about the key role of international collaboration in defending against supply-chain attacks), Khoury also received the 6th Annual Billington International Cybersecurity Award for his contributions to global cybersecurity.
Patch alert: University of Toronto researchers identify Apple OS vulnerabilities
Researchers from the Citizen Lab at The University of Toronto’s Munk School identified several vulnerabilities in recent Apple products. The issues are resolved in the latest versions of Apple operating systems across all platforms, including iPadOS and iOS (version 16.6.1); watchOS (version 9.6.2), and macOS Ventura (version 13.5.2).
Patch alert: Latest Android release addresses over 30 security issues
The Android Security Bulletin for September 2023 includes fixes for 33 security issues, most notably a high-severity vulnerability in the Android Framework that is being actively exploited to gain elevated privileges without user interaction. The bulletin also includes fixes for three critical remote code execution bugs in the Android System and a critical WLAN memory firmware corruption issue in a Qualcomm component. Patch today.
Microsoft releases report on forgery of Outlook access tokens
On September 5, Microsoft released a report on a July incident in which the China-backed criminal gang Storm-0558 used a Microsoft account consumer key to forge tokens to access Outlook.com and Outlook Web Access (OWA). Occasionally technical but fascinating, the report outlines the unfortunate series of events that converged to allow threat actors to access the keys: A “crash dump” generated by an April 2021 system crash contained a consumer key – information that should not be included in a crash dump, but was exposed due to a bug in the application software. The crash dump was subsequently moved to a debugging environment for analysis. At some point afterwards, the account of a Microsoft engineer (who had access to the debugging environment) was compromised, allowing the threat actors to roam through the system where they discovered the data, eventually using it in the July 2023 incident.