Welcome reader to your CybersecurityHQ report.

Headlines

A trilateral meeting in Seoul, the United States, South Korea, and Japan produced new initiatives to counter North Korea's cyber threats. Jake Sullivan, the U.S. National Security Adviser, made the announcement following a meeting between the national security advisers of the three countries. The statement highlighted new initiatives targeting North Korea's cybercrime, cryptocurrency money laundering, and dangerous space and ballistic missile tests. The trio's efforts will also focus on threats of economic coercion, including a supply-chain early warning system in critical minerals and rechargeable batteries.

The meeting also addressed the ties between North Korea and Russia, with concerns over North Korea supplying weapons to Russia for the war in Ukraine. Despite North Korea's denials of hacking and arms transfers to Moscow, international accusations and satellite imagery suggest ongoing activities in these areas. Additionally, the first Next Generation Critical and Emerging Technologies (CET) Dialogue, co-chaired by Sullivan and his South Korean counterpart Cho Tae-yong, focused on cooperation in areas like chips and other critical technologies.

A study commissioned by Apple Inc. and conducted by MIT Professor Stuart E. Madnick reveals a 20% rise in U.S. data breaches in the first nine months of 2023 compared to the entirety of 2022. The study, which interestingly does not include data breaches at Apple itself, underscores the growing frequency of such incidents, advocating the broader use of end-to-end encryption as a key defense mechanism. A striking statistic from the study indicates that 98% of organizations work with at least one technology vendor that has experienced a data breach in the past two years.

End-to-end encryption has created tensions between technology companies and law enforcement agencies, as it prevents the latter from accessing data without user consent. The debate around encryption is timely, as Britain is contemplating a law requiring access to private messages and discouraging tech giants like Meta (which recently added end-to-end encryption to its popular Messenger app) from enhancing their encryption practices.

A recent study has identified 14 security vulnerabilities, collectively named "5Ghoul," in the firmware of 5G network modems from major chipset vendors like MediaTek and Qualcomm. These flaws pose risks to a wide array of devices, including USB and IoT modems and hundreds of smartphone models across Android and iOS platforms. The vulnerabilities, 10 of which directly affect 5G modems, include three high-severity issues that could lead to connection disruptions, system freezes, or downgrades from 5G to 4G.

Approximately 714 smartphone models from 24 brands, including Apple, Google, Samsung, and Xiaomi are impacted. The vulnerabilities were disclosed by the ASSET Research Group at the Singapore University of Technology and Design. The most critical flaw, CVE-2023-33042, enables attackers to downgrade 5G connectivity or cause denial-of-service attacks. MediaTek and Qualcomm have already issued patches for 12 of these flaws, with further details on the remaining vulnerabilities pending due to confidentiality. The complexity of the modem and chipset ecosystem means that fixes can take months to reach end-users.

Interesting Read

This new article in Wired from Andy Greenberg delivers the story of Binance — one of crypto’s leading exchanges. Since its founding in 2017, it’s become known for skirting US laws, but the platform now faces a landmark settlement with the Justice Department. That’s had the effect of reshaping the once renegade company into a model of regulatory compliance.

Now, Binance will open years of crypto exchanges, shredding its appeal as a secure way to trade.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team