October 2024 News & Tips | Cybersecurity News Roundup

October 2024 News & Tips | Cybersecurity News Roundup

Month's Cyber News in Review

Welcome back to the monthly TCE Strategy newsletter! From TikTok redactions to Intel in the crosshairs of the Chinese government, October has delivered some very significant and actionable cybersecurity news. Let’s see how this month’s cybersecurity news can help us make better decisions about what is Secure Enough for us, the companies we work for, and our families.

If you are going to redact content, be sure to actually redact it. 

In a story that is as ironic as it is humorous, we have a new development in the battle between TikTok and 14 USA States that claim TikTok is designed specifically to addict young people to it. Authorities in those states entered into confidentiality agreements with TikTok, so the internal documents, research, etc. that TikTok provided to various State Attorneys General were redacted before being provided to the public. Well, whomever did the redactions simply put black boxes over the redacted text, so a simple copy/paste of all data from the redacted document into a new document undid the redactions. When Kentucky Public Radio published excerpts of the information that was redacted (which was particularly damning to TikTok’s case), a Kentucky State judge sealed the entire lawsuit. There was a lot of talk online about the ethics behind this. Is it right for a news source to publish data that two parties both agreed to keep secret? Is it right for two parties to agree to keep things secret that impact a very public court case? This isn’t an ethics newsletter so I’ll stay out of that end of things. The cybersecurity takeaway here is obvious: If data is to be redacted, the data must not exist in the document/spreadsheet/database/etc. that will be shared with anyone else. Putting a black square over it isn’t a redaction. Making the text the same color as the background isn’t a redaction. If version control is active for a document, even deleting the data in question isn’t a redaction, as reverting to a previous version of the document will bring the data back. If you or your team need to redact certain data, educate yourself on the type of electronic format being used to store that data, and make sure that you are permanently deleting the data you want to delete.

When cybersecurity and politics collide.

Politics and cybersecurity have hit head on several times in the past, but October brought us a new round of government/private sector sparring. The CyberSecurity Association of China publicly stated that the computer chip manufacturer Intel is a national security threat. Given that Intel makes over 25% of its sales in China, this could have huge implications for the company. It seems to me that this isn’t overly surprising, as the USA government has put out warnings or outright bans on several Chinese companies, such as Huawei, Hikvision, and DJI. Last year, the Chinese government put the chip maker Micron under a cybersecurity microscope, and then directed large parts of China not to buy from Micron. 

Speaking of Intel, critical BIOS updates were released for all 13th and 14th generation Intel chips.

Intel began shipping 13th generation computer processors in late 2022, and TCE Strategy was one of the many companies that bought computers with these processors in them. Our experience has been extremely poor with the Dell computers we bought in early 2023: reliability, stability and performance issues plague these computers. It turns out that at least part of the stability/reliability problem may be due to an issue with the code used to talk to the processor itself, called the BIOS (Basic Input Output System). Intel has released BIOS updates for most motherboards that is supposed to fix a problem with the processors receiving too much voltage, and burning themselves out in some cases. It is important to apply all available BIOS updates to any computer you have purchased since late 2022. To be honest, updating the BIOS of all computers is a good idea from a cybersecurity standpoint, generally speaking.

The UHG (Change Healthcare) breach tops 100 million victims

TCE Strategy covered the Change Healthcare (owned by United Health Care, or UHG) breach as part of the March and April newsletters, where people across the USA were unable to get prescriptions or other types of healthcare as a result of a weeks-long disruption of Change Healthcare’s services. UHG paid a $22 million dollar ransom, but it’s cybersecurity woes only started there. A second gang called RansomHub decided that they didn’t get their cut of the payment so they demanded more money, which UHG decided not to pay. So, RansomHub chose to sell patient data on the dark web. Fast forward to last week, when a letter came into my mailbox about one of my children’s medical records, diagnoses, medicines, financial/banking information and social security number being leaked as part of this attack. Cybersecurity gets a lot more real when your offspring are part of the collateral damage.

This is the current state of affairs of our data. The only way to stop this is to make it in companies’ financial best interest to stop it. Outside of laws/regulations that are properly enforced and have sufficient penalties for breaking them, I don’t see a better avenue to stop these types of attacks from becoming more frequent.

Takeaway: Freeze your credit with the three major credit reporting companies (Equifax, Experian and Trans Union). Vote for government officials that are likely to put laws in place that will require companies to take securing your data more seriously than they do today.

Until next month, stay safe!


Upcoming Speaking Events

Here is a list of the cities that I will be in over the next several months. Please reach out if you have an event in mind!

December 2-6, Key West, FL

February 11-15, 2025 Las Vegas, NV

March 25-31, 2025 Oklahoma City, OK

April 1-4, 2025 New Orleans, LA

April 15-18, 2025 Las Vegas, NV

May 26-30, 2025 Las Vegas, NV

July 3, 2025 Brainerd, MN

July 8-20, 2025 Dublin, Ireland

October 13-17, 2025 Waikiki, HI


Cybersecurity Tip of the Month

National Cybersecurity Awareness Month

October is National Cybersecurity Awareness Month and even though it’s nearly over, now is a great time to reflect on some general best practices for improving the strength of your personal cybersecurity, courtesy of CISA (Cybersecurity & Infrastructure Security Agency):

  • Use Strong Passwords: Strong passwords are 15+ characters long, unique (different passwords for different accounts) and are difficult to guess. Password managers are a powerful tool to help you create strong, randomly generated passwords for each of your accounts and will encrypt passwords, securing them for you!
  • Turn on MFA: You need more than a password to protect your online accounts and enabling MFA makes you significantly less likely to get hacked. Enable MFA on all your online accounts that offer it, especially email, social media and financial accounts.
  • Recognize and Report Phishing: Be cautious of unsolicited messages asking for personal information. Avoid sharing sensitive information or credentials with unknown sources. Report phishing attempts and delete the message.
  • Update Your Software: Ensuring your software is up to date is the best way to make sure you have the latest security patches and updates on your devices. Regularly check for updates if automatic updates are not available.

Be sure to check out the CISA website linked below for additional cybersecurity resources and follow them for more content related to National Cybersecurity Awareness Month! https://www.cisa.gov/cybersecurity-awareness-month


To view or add a comment, sign in

Insights from the community

Others also viewed

Explore topics