Class-Action Lawsuit against Google’s Incognito Mode

Read Time:1 Minute, 0 Second

The lawsuit has been settled:

Google has agreed to delete “billions of data records” the company collected while users browsed the web using Incognito mode, according to documents filed in federal court in San Francisco on Monday. The agreement, part of a settlement in a class action lawsuit filed in 2020, caps off years of disclosures about Google’s practices that shed light on how much data the tech giant siphons from its users­—even when they’re in private-browsing mode.

Under the terms of the settlement, Google must further update the Incognito mode “splash page” that appears anytime you open an Incognito mode Chrome window after previously updating it in January. The Incognito splash page will explicitly state that Google collects data from third-party websites “regardless of which browsing or browser mode you use,” and stipulate that “third-party sites and apps that integrate our services may still share information with Google,” among other changes. Details about Google’s private-browsing data collection must also appear in the company’s privacy policy.

I was an expert witness for the prosecution (that’s the class, against Google). I don’t know if my declarations and deposition will become public.

Read More

The role of access controls in preventing insider threats

Read Time:4 Minute, 47 Second

The content of this post is solely the responsibility of the author.  AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.

If you’ve ever worked in an IT department, you know how easily a single misclick can lead to data breaches and system compromises. Preventive efforts are critical since there’s no reliable way to truly eliminate insider threats. Can robust access controls protect your organization?

The impact of insider threats on organizations

Insider threats are a prominent danger regardless of the industry you’re in. In fact, 98% of U.S. organizations report being slightly to extremely vulnerable to them. This figure reveals how many are unconfident in their existing deterrents, highlighting the importance of preventative efforts.

Even if you don’t believe anyone at your workplace would intentionally cause damage, you should still be wary — insider threats aren’t always malicious. Negligent employees are responsible for 60% of data breaches, meaning carelessness is a more common driver.

Unfortunately, the fact that negligence is the primary driver of insider threat attacks isn’t a good thing — it means a single misclick could put your entire organization at risk. Robust access controls are among the best solutions to this situation since they can prevent careless employees from leaking data or unintentionally escalating an attacker’s permissions.

Access control mechanisms are crucial for threat mitigation

The main way robust access control mechanisms are crucial for addressing insider threats is through unauthorized access mitigation. Employees, whether acting negligently or with ill intent, won’t be able to do any damage to your organization when their permissions limit them from retrieving or editing sensitive data storage systems.

No matter how long you’ve spent in the IT department, you know how irresponsible some employees are when dealing with sensitive data, intellectual property or identifiable details. Access control mechanisms keep information assets out of reach of most of the people in your organization, safeguarding them from being tampered with or exfiltrated.

If an attacker successfully enters your organization’s systems or network, robust access control mechanisms restrict their lateral movement. Since they aren’t authorized personnel, they aren’t granted meaningful permissions. This act minimizes the damage they can do and prevents them from compromising anything else.

Even if an attacker has one of your colleague’s lost or stolen devices, access controls block them from being able to do anything meaningful. Authentication measures prevent them from accessing your organization’s systems and exfiltrating sensitive data. It also helps keep them from escalating their privileges, minimizing their impact.

With robust access control mechanisms, you can quickly identify indicators of compromise (IOCs) to stop threats before they become an issue. For example, spotting concurrent logins on a single user account means an attacker is using legitimate credentials, indicating a brute force, phishing or keylogging attack.

Which access control systems should you implement?

Although insider threats pose an issue regardless of your industry or organization’s size, you can find ways to prevent them from doing any damage. You should consider implementing access control systems to detect and deter unauthorized action, mitigating data breaches and system compromises.

A standard system to consider is the principle of least privilege, as it safeguards your organization by providing employees with the bare minimum permissions to do their jobs. You can redirect your resources toward high-value targets with broader access.

You should also consider implementing real-time log monitoring to identify and eliminate threats as soon as they appear. This approach provides details on every request a user makes — like its source and destination, for example — for improved detection of IOCs.

Whichever combination of access control systems you implement, make sure to leverage permission maintenance procedures. When you clear inactive user accounts, you prevent attackers from silently slipping into your organization’s systems unnoticed. Also, you prevent them from using an unrestricted test account to escalate their privileges.

The importance of integrating user behavior analytics

As the value of data rises, insider threats increase in frequency. In fact, seven in 10 organizations believe these attacks are becoming more common. While consistently preventing them may seem adequate to you, it isn’t enough. You must identify and eliminate the source if you want a more permanent solution.

Logs alone can’t provide insights into who the insider threat actually is. If you want specifics, behavior analytics is one of the best tools. Using it to elevate your access control mechanisms will help you pinpoint and respond to suspicious activity more effectively.

When you integrate behavior analytics into access control tools, you can compare the logs of their actions to previous cybersecurity incidents. In other words, you can identify the insider threat’s goal, enhancing your incident response.

Behavior analytics can reveal when user accounts are compromised, even when activity appears legitimate at first glance. This approach helps you flag hidden abnormal activity patterns that don’t align with a person’s or device’s usual actions. From there, you can tell whether they’re acting maliciously or carelessly. Either way, you eliminate the source of the threat.

Accelerating your threat identification and response time improves your business outcomes and minimizes your organization’s losses. When you implement robust access control systems, your chance of preventing data breaches and mitigating system compromises increases.

Eliminate insider threats with robust access controls

Since insider threats will likely remain an issue regardless of new hiring protocols or online safety awareness campaigns, it’s in your best interest to be proactive and leverage access controls. You can detect and prevent IOCs before they do damage, safeguarding your organization from data breaches, user account takeovers and system compromises.

Read More

LSN-0102-1: Kernel Live Patch Security Notice

Read Time:1 Minute, 22 Second

It was discovered that a race condition existed in the io_uring subsystem
in the Linux kernel, leading to a use-after-free vulnerability. A local
attacker could use this to cause a denial of service (system crash) or
possibly execute arbitrary code.(CVE-2023-1872)

Lonial Con discovered that the netfilter subsystem in the Linux kernel
contained a memory leak when handling certain element flush operations. A
local attacker could use this to expose sensitive information (kernel
memory).(CVE-2023-4569)

It was discovered that the TLS subsystem in the Linux kernel did not
properly perform cryptographic operations in some situations, leading to a
null pointer dereference vulnerability. A local attacker could use this to
cause a denial of service (system crash) or possibly execute arbitrary
code.(CVE-2023-6176)

It was discovered that a race condition existed in the AppleTalk networking
subsystem of the Linux kernel, leading to a use-after-free vulnerability. A
local attacker could use this to cause a denial of service (system crash)
or possibly execute arbitrary code.(CVE-2023-51781)

Jann Horn discovered that the TLS subsystem in the Linux kernel did not
properly handle spliced messages, leading to an out-of-bounds write
vulnerability. A local attacker could use this to cause a denial of service
(system crash) or possibly execute arbitrary code.(CVE-2024-0646)

Notselwyn discovered that the netfilter subsystem in the Linux kernel did
not properly handle verdict parameters in certain cases, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.(CVE-2024-1086)

Read More

Microsoft PlayReady deficiencies / content key sniffing on Windows

Read Time:23 Second

Posted by Security Explorations on Apr 02

Hello All,

It’s been 1.5 years since Microsoft got a notification about PlayReady issues
affecting Canal+ VOD service in Poland [1].

Per information received from Microsoft back then:
1) “to maintain the integrity of the PlayReady ecosystem, the company takes
reports such as (ours) very seriously” (Oct 7, 2022),
2) the STB manufacturer committed to mitigate the incident (Nov 18, 2022).

However, as of late Mar 2024, no change…

Read More