This Month in Cybersecurity - January 2024

Welcome to “This Month in Cybersecurity - January 2024” edition.

This month, we’ve witnessed some significant developments that remind us of the importance of our collective effort in safeguarding our digital world. From challenging legal precedents to high-severity vulnerabilities, the events of January 2024 highlight why staying informed isn’t just a choice, but a necessity. Let’s jump in!

1. Meta ignores the users’ right to easily withdraw consent

In the news1024×1024 81.7 KB

Meta is facing a GDPR complaint for requiring users to pay up to €251.88 per year to withdraw consent for tracking on Facebook and Instagram, a process that contradicts GDPR rules which state withdrawing consent should be as easy as giving it. The complaint, filed by NOYB in Austria, challenges Meta’s approach and calls for an easier, fee-free method of consent withdrawal, potentially leading to fines for GDPR violations. This case could set a legal precedent on charging for privacy, and a decision against Meta could significantly impact its operations in the EU, one of its major markets.

2. Urgent: GitLab releases patch for critical vulnerabilities - Update ASAP

In the news512×512 78.9 KB

GitLab released critical updates for CVE-2023-7028, a severe email verification flaw allowing account takeovers, and CVE-2023-5356, preventing command execution via Slack/Mattermost integrations. Users are urged to update GitLab latest versions immediately and enable 2FA for enhanced security.

3. GitHub rotates keys after high-severity vulnerability exposes credentials

In the news512×512 256 KB

GitHub resolved a high-severity vulnerability (CVE-2024-0200) exposing credentials, prompting the rotation of key credentials including GitHub Actions and Codespaces keys. Users are required to import new keys. Another flaw in GitHub Enterprise Server and a separate privilege escalation issue (CVE-2024-0507) were also addressed, continuing GitHub’s proactive cybersecurity measures.

4. Accepting a calendar invite in Outlook could leak your password

In the news512×512 130 KB

Varonis researchers have disclosed a Microsoft Outlook vulnerability (CVE-2023-35636) that leaks hashed passwords through malicious calendar invites with just one click. Patched in December 2023, this was one of three security flaws identified, with the other two involving Windows Performance Analyzer and Windows File Explorer, requiring more complex interactions and not classified as vulnerabilities by Microsoft. Varonis advises using Kerberos over NTLM for authentication and urges regular software updates and vigilance against phishing tactics.

5. Mother of all breaches reveals 26 billion records: what we know so far

In the news512×512 563 KB

A colossal data leak named the Mother of all Breaches (MOAB) has been uncovered, containing a massive 12 terabytes of data with over 26 billion records from platforms like LinkedIn and Twitter. Discovered by cybersecurity researcher Bob Dyachenko and the Cybernews team, the MOAB poses a severe threat, potentially enabling identity theft, phishing attacks, and unauthorized access to personal accounts. Users are advised to check for exposure and enhance cybersecurity practices, including using strong passwords and enabling multi-factor authentication.

Conclusion

And that wraps up our January 2024 edition of “This Month in Cybersecurity.” We hope this update has provided you with valuable insights and contributed to the ongoing dialogue around cybersecurity and data privacy.

Your engagement is valuable to us so don’t hesitate to share any interesting article or news update in the “In the News” section of the passbolt community forum: In the news - Passbolt community forum

Stay safe! Stay secure!