Cyber 332 Weekly Blog

 Telecom companies have been the prime targets for cyber criminals because of their massive volumes of sensitive customer data and interconnected systems. In today's world, most firms transition from legacy infrastructure to cloud-based SaaS applications to handle different functions like HR, Billing, call management, and roaming agreements they face. External partners often need access to a SaaS application, which can increase misconfiguration and unauthorized data exposure. A high volume of employees can add another vulnerability layer, and automated provisioning systems may revoke access from some applications but remain accessible via manual logins. As a result, telecommunications must enhance their SaaS posture by adopting SaaS security posture management (SSPM)solutions that constantly monitor configuration, detect threats, identify orphaned accounts, and provide remediation guidance. These measures help maintain confidence in using SaaS tools throughout the enterprise. ...

 Security researcher "brutecat" discovered a vulnerability in Google's old username recovery system that allows attackers to brute-force users' recovery phone numbers in seconds. To do this, they'd disable JavaScript and use the recovery password method. Additionally, by browsing Looker Studio document sharing, attackers can reveal users' information, including name and phone number, which shows the last digit, allowing them to bypass CAPTCHA and brute-force the remaining number. As the article shows, a Singaporean phone number can be uncovered in seconds, while a U.S.-based number can take around 20 minutes. This type of vulnerability poses a significant risk, including unauthorized account access and SIM swapping attacks. After Google learned about this attack, they responded by removing the vulnerable form and awarded the researcher a $5,000 bug bounty. This incident highlights how even the simplest thing can lead to a major attack. Companies shouldn't ...

 Today, countries are competing to lead in technology, innovation, and other cutting-edge ideas. The US is working to stay ahead of China in artificial intelligence, but it's crucial not to lose focus on security. While innovation and business influence are key to success, the US must also be mindful of the potential for AI tools to be misused by government officials for surveillance and military purposes.  There are numerous efforts to regulate AI exports, and rules have been created to control them, but these efforts are often inconsistent and can be overturned by subsequent administrations. The US faces some difficulties with AI technologies that are exported from abroad, creating uncertainty. Some US tech companies have partnered with countries in the Far East, raising national security concerns. Both countries advanced the system in the military, which caused a dual-use concern. Achieving AI dominance is about building a system that is both safe and responsible. ...