Welcome reader to your CybersecurityHQ report.

Headlines

A critical Bluetooth security flaw has been identified (CVE-2023-45866) by security researcher Marc Newlin. The issue poses an enormous risk to a wide range of devices — that includes Android, Linux, macOS, and iOS. It’s an authentication bypass vulnerability, allowing attackers to connect to vulnerable devices without user confirmation. Once accomplished, attackers can inject keystrokes by connecting as a Bluetooth keyboard. This allows for running arbitrary commands and installing apps.

No specialized hardware is needed, and only a standard Bluetooth adapter is needed. Given the low barrier to entry and the wide range of devices that are vulnerable, this is a major risk for digital threats. In response, Google released an advisory highlighting the potential for remote escalation of privilege without additional execution privileges.

Meta has finally implemented default end-to-end encryption for all personal calls and messages in its widely popular Messenger — announced by CEO Mark Zuckerberg. The parent company of multiple major platforms, including Facebook and WhatsApp, this will be a major security upgrade to one of the most used apps in the world. Previously, Messenger offered optional end-to-end encryption. But with this change, Meta has made encryption the default setting using the Signal protocol. The move aligns Messenger with WhatsApp, another Meta platform already known for its encrypted messaging.

The announcement comes after a long development timeline (a process the company claims required them to rebuild the app more or less from scratch). Meta also has plans to bring end-to-end encryption to Instagram direct messaging following the rollout of this feature across Messenger.

Healthcare tech and product distribution enterprise Henry Schein recently informed almost 30,000 employees about the scope of a recent data breach — revealing nearly all of their personal details were stolen. This follows last month’s announcement that an ALPHV/BlackCat ransomware attack made a significant data breach. This notorious cartel has since made statements criticizing Henry Schein for its lack of “professionalism.

The breach notification submitted to the Maine Attorney General indicates that 29,112 individuals, primarily employees and their dependents, were affected. The data breach includes names, addresses, phone numbers, photographs, dates of birth, demographic and background information, government-issued ID numbers (like Social Security, driver’s licenses, and passport numbers), financial data (bank account and credit card information, loans), medical history, treatment and insurance details, employment details (such as job title and compensation), and IP addresses.

Interesting Read

In the last two generations, cybersecurity has fully arrived as the "fifth battlefield" — a phenomenon that this Forbes article dives into. The evolving landscape of digital warfare is proving to be a major piece of any strategic puzzle, and it plays a central role in all of the world’s major conflicts. 

This piece by Kevin Lunch sheds light on the strategies, challenges, and implications of cybersecurity in global security dynamics. It’s a look into the realities of combat in our digital age.

For the latest openings in cybersecurity careers, check CybersecurityHQ.

Stay Safe, Stay Secure.

The CybersecurityHQ Team