When AI goes offline.
ChatPGT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.
Today is Thursday December 12th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.
ChatPGT and Meta face widespread outages.
OpenAI’s ChatGPT faced a global outage on Thursday morning, impacting millions of users and businesses relying on its services. The disruption lasted nearly three hours and also affected OpenAI’s API and Sora platforms. Frustrated users flooded social media with complaints about errors and degraded performance. Over 28,000 reports were logged on Downdetector. OpenAI quickly acknowledged the issue on X (formerly Twitter) and worked to resolve it, restoring full functionality by mid-morning IST.
The outage highlighted growing reliance on AI tools and the operational challenges posed by such disruptions. Meanwhile, Meta experienced a similar issue the day before, with widespread outages affecting Facebook, Instagram, WhatsApp, and Threads for hours. Both incidents underline vulnerabilities in digital infrastructure and the cascading effects on global users. While OpenAI’s swift response was appreciated, it emphasized the need for robust reliability as AI becomes central to modern life.
Trump advisors explore splitting NSA and CyberCom leadership roles.
Advisers to President-elect Donald Trump are revisiting plans to separate U.S. Cyber Command (CyberCom) and the National Security Agency (NSA), currently led under a “dual-hat” structure. This idea, previously explored during Trump’s first term, has resurfaced within the transition team and right-wing think tanks. Proponents argue the roles are too vast for one leader, while critics warn of operational inefficiencies and risks to NSA’s intelligence-gathering integrity.
The arrangement, established in 2010, has sparked debates across administrations, with President Biden’s 2022 review favoring its retention. Legal hurdles exist, but Trump could bypass Congress with executive actions.
A split would raise complex restructuring questions and could dilute CyberCom’s and NSA’s effectiveness. Lawmakers remain skeptical, emphasizing the need for clear justification. Critics also highlight the irony of Trump’s anti-bureaucracy stance driving a move that could create new administrative challenges. For now, the dual-hat structure remains intact.
A critical vulnerability in Apache Struts 2 has been disclosed.
A critical vulnerability in Apache Struts 2, CVE-2024-53677, has been disclosed with a near-maximum severity score: 9.5 (CVSSv4) and 9.8 (CVSSv3). This flaw allows remote code execution via malicious file uploads and lacks a workaround, making patching to Struts 6.4.0 or higher essential. Applications not using the deprecated File Upload Interceptor are unaffected. Updating requires rewriting actions for compatibility. Despite alternatives, Struts 2 remains popular, with significant downloads monthly. The vulnerability underscores risks, recalling Struts’ role in the 2017 Equifax breach.
“AuthQuake” allowed attackers to bypass Microsoft MFA protections.
Oasis Security revealed details of a critical vulnerability in Microsoft’s multi-factor authentication (MFA) system, dubbed “AuthQuake,” which allowed attackers to bypass MFA protections. Reported in June, the flaw was temporarily patched within days, with a permanent fix issued in October. Exploiting the flaw required only the target’s username and password, enabling access to sensitive services like Outlook, OneDrive, Teams, and Azure.
The attack method allowed repeated attempts to guess six-digit MFA codes within three-minute validity windows. By launching multiple simultaneous sessions, attackers could achieve over a 50% success rate within 70 minutes, without alerting victims. Oasis highlighted the severity given Microsoft’s 400+ million Office 365 seats.
Microsoft’s fix implemented stricter rate limits, halting attempts after several failures for approximately half a day, mitigating brute-force risks.
Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware.
Security researchers from ANY.RUN have identified Nova, a sophisticated variant of the Snake Keylogger malware, showcasing advanced data-stealing and evasion capabilities. Built in VB.NET, Nova employs techniques like process hollowing to inject payloads into suspended processes, alongside heavily obfuscated code using tools like Net Reactor Obfuscator. It targets credentials, captures screenshots, monitors clipboards, and exfiltrates data via Telegram, FTP, and SMTP. Spreading through phishing campaigns, Nova also employs geolocation tracking and browser password decryption.
Adobe addresses critical vulnerabilities across their product line.
Adobe has released security updates addressing critical vulnerabilities across various software, including Acrobat, Photoshop, Illustrator, and Substance 3D. Flaws like buffer overflows, out-of-bounds writes, and use-after-free vulnerabilities could enable remote code execution or privilege escalation. Affected products include Substance 3D Painter, Animate, FrameMaker, Connect, and others, impacting both Windows and macOS. Users are urged to update to patched versions, as no workarounds are available. These vulnerabilities, with CVSS scores up to 9.3, highlight the importance of timely updates to ensure security.
Chinese law enforcement has been using spyware to collect data from Android devices since 2017.
Cybersecurity firm Lookout reports that Chinese law enforcement has been using spyware, dubbed EagleMsgSpy, to collect extensive data from Android devices since 2017. Developed by Wuhan Chinasoft Token Information Technology Co., the tool requires physical access to unlocked devices for installation. The spyware collects SMS messages, app communications, call logs, contacts, and GPS data, and records screens and audio. Data is stored in a hidden directory, encrypted, and sent to a command-and-control (C&C) server with an admin panel.
While linked to local Chinese police bureaus, EagleMsgSpy’s source code suggests a potential connection to surveillance tools like CarbonSteal, previously used to monitor minorities such as Uyghurs and Tibetans. An iOS version hasn’t been found.
A new report highlights the gaps in hardware and firmware security management.
A report from HP Wolf titled Securing the Device Lifecycle: From Factory to Fingertips, highlights critical gaps in hardware and firmware security management across global organizations. Based on a survey of 6000 workers and 800 IT and security decision-makers (ITSDMs), the findings reveal that procurement processes rarely involve IT security teams, with 52% of ITSDMs admitting limited collaboration with procurement to verify supplier security claims. Over 79% acknowledge major gaps in hardware and firmware knowledge, leaving organizations vulnerable throughout device lifecycles.
Key issues include weak BIOS password practices, delays in firmware updates, and blind spots in hardware threat detection. Additionally, over 60% of ITSDMs struggle to detect or remediate hardware vulnerabilities, while frustrated employees sometimes resort to unauthorized repairs. Endpoint risks persist at device retirement, with 70% of employees keeping old devices, risking data leaks. The report underscores the need for prioritizing hardware and firmware security to enhance resilience, sustainability, and cost efficiency.
Krispy Kreme cyberattack creates a sticky situation.
Krispy Kreme experienced a cyberattack on November 29, 2024, disrupting its online ordering system in the United States but leaving in-person orders and deliveries unaffected. The company immediately engaged cybersecurity experts to contain and investigate the breach, though the full scope and nature remain unclear. Digital sales, which account for 15.5% of Krispy Kreme’s revenue, are significantly impacted, leading to a “reasonable” financial loss from decreased revenue and recovery costs. The company’s stock fell 2% following the disclosure. Krispy Kreme has not confirmed whether ransomware was involved, and no groups have claimed responsibility. The company continues to restore operations while working to mitigate further impact. Despite the disruption, global operations and partnerships, such as with McDonald’s, remain unaffected. Recovery efforts are ongoing, but no timeline for resolution has been provided.
Even doughnuts can’t escape the sticky fingers of cybercriminals. Is nothing sacred?
On our interview segment, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC about cryptographic agility. And hear how FireFox backtracks…We’ll be right back.
Welcome back. You can find a link to the FS-ISAC’s white paper in our show notes.
Do Not Track bids a fond farewell.
And finally, in a bittersweet farewell, Firefox has decided to retire its Do Not Track (DNT) feature in version 135, signaling the final unraveling of an idealistic privacy movement born over a decade ago. Once hailed as the browser world’s equivalent of a “No Trespassing” sign, DNT was meant to give users a simple way to say “hands off” to advertisers. Sadly, it turns out that advertisers didn’t read the sign—or they just ignored it.
Mozilla championed DNT early on, hoping the advertising industry would voluntarily respect user privacy preferences. But like a New Year’s resolution to go to the gym, compliance waned. Other browsers like Chrome and Edge still offer the setting, though they admit it’s mostly symbolic. Meanwhile, Apple abandoned DNT years ago, pointing out it did more to enable tracking via “fingerprinting” than to stop it.
Why the failure? No teeth. Without enforcement, DNT was a polite suggestion in a world of ruthless data mining. Advertisers preferred to define their own “privacy-friendly” practices, and even industry pledges fizzled. Eventually, newer technologies like Global Privacy Control emerged, while users turned to VPNs and cookie blockers to navigate the tracking minefield.
Mozilla’s move to ax DNT is less a tragedy and more a long-overdue acknowledgment of reality. While people clearly value privacy—hello, Apple’s anti-tracking success—they’ve learned they can’t rely on advertisers to protect it. The dream of Do Not Track may be dead, but the fight for privacy continues, just with sharper tools.
And that’s the CyberWire.
For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.
We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com
We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.