This week’s cybersecurity updates highlight several significant incidents and developments affecting both users and organizations. We summarize the key news that we haven’t covered in depth. Click on the headlines to access the full stories, and remember to prioritize your safety online.
In a notable shift, users of the uBlock Origin Chrome extension may soon find themselves facing increased online advertising. Google has initiated the rollout of new extension standards, known as Manifest V3, which will deactivate the older version of uBlock Origin typically used by many. While there are concerns that this move—encouraged by Google’s prominent role in the digital advertising ecosystem—will compel users to see more advertisements, a more compliant version of the extension, dubbed uBlock Origin Lite, has been introduced. However, it is important to note that this newer iteration may not effectively block as many ads as its predecessor. According to a Google representative, users have alternatives, as popular content filtering extensions like AdBlock, Adblock Plus, and AdGuard are also adapting to the new standards. All users will need to transition to a revised extension in the near future.
In a separate incident, US federal authorities have charged Eric Council Jr., a 25-year-old Alabama resident, with hacking the SEC’s account on the X platform. Prosecutors allege that Council acquired personal details from co-conspirators to produce a counterfeit ID belonging to the individual managing the @SECGov account. This fake identification facilitated a SIM swapping attack, wherein Council allegedly deceived AT&T staff into issuing him a new SIM card, allowing him to seize control of the targeted phone account. The hackers subsequently accessed the SEC’s account and published a fraudulent announcement involving Bitcoin regulations, causing a sudden increase in Bitcoin’s value by $1,000. The charges against Council include conspiracy to commit aggravated identity theft and access device fraud, raising serious implications around identity and account security, potentially underpinned by MITRE ATT&CK techniques such as initial access and credential dumping.
Kroger, the grocery chain, has been in the spotlight recently due to its operational practices amid growing concerns regarding its electronic shelving labels (ESLs). Rumors circulating about the potential integration of facial recognition technology have led company spokespeople to clarify that such technology is not currently employed in their stores and there are no existing plans to implement it. Kroger did conduct a trial of a facial recognition system named EDGE in one location back in 2019, but no further steps were taken afterward. Various US lawmakers, including Rashida Tlaib, Elizabeth Warren, and Robert Casey, have expressed unease regarding the implications of Kroger’s ESLs for potential price manipulation and customer surveillance.
In another significant announcement, Microsoft notified customers about the loss of over two weeks’ worth of security logs from key cloud services, including Microsoft Entra, Sentinel, Defender for Cloud, and Purview. This incident, which occurred between September 2 and September 19, was initially reported by Business Insider and stems from a malfunction in internal monitoring agents caused by a software bug during the upload of log data. This gap in logging could hinder security monitoring and incident investigations, as such logs are vital for identifying breaches and malicious activities. The 2020 SolarWinds hack, in which Russian hackers compromised US government networks, underscored the importance of strong logging protocols, especially since many agencies lacked the necessary premium features to access full logging capabilities. The recent incident could lead to similar implications for organizations relying on Microsoft’s cloud services and their security postures, raising concerns about operational resilience against potential adversaries using MITRE ATT&CK techniques like exploitation of public-facing applications and software vulnerabilities.
