June 9, 2023
Microsoft Compromised, Google Chrome Zero Day Exploited, TikTok Updates
In this Episode:
Breaking news: Microsoft Compromised! OneDrive Services Targeted
?? Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗
OneDrive outage investigated by Microsoft
Microsoft Investigating OneDrive Outage | CRNe
Google Chrome Zero Day Actively Being Exploited
?? Katy Craig, San Diego, California ↗
TikTok ban on federal devices formalized with update to Federal Acquisition Regulation | FedScoop
This Day in Tech History
Hey, it’s 5:05 on Friday, June 9th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Trac Bannon in Camp Hill, Pennsylvania, Edwin Kwon in Sydney, Australia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri.
Let’s get to it.
On Thursday, June 8th, 2023, Microsoft confirmed that they were investigating a OneDrive outage that resulted in users being unable to sign in and receiving a non-descript message, “Sorry, an error has occurred.”
A threat actor grouped called “Anonymous Sudan” is claiming credit, asserting they’ve executed a DDoS attack. DDoS stands for distributed denial of service, and it’s when hackers flood a network with malicious traffic, so much so that the site can no longer communicate. The extreme traffic load drives everything to a standstill.
Hello, this is Trac Bannon reporting from Camp Hill, Pennsylvania.
Microsoft’s Service health portal is currently displaying a banner that reads, “We’re having issues, but we’re working on it.” The OneDrive service is up and running. Microsoft has not completed forensics and root cause analysis though as of 9:00 AM June 9th, they reported that they have applied load balancing mitigations, and that telemetry is showing that the OneDrive service is stable. This news sent a shockwave through social media on Thursday as all those who follow cybersecurity watched closely to find out the cause and who was impacted.
We should all take pause to consider whether or not we have all of our eggs in a single big tech basket, so to speak. The three biggies, AWS. Microsoft and Google, all have massive suites of services that have amassed much of our personal and professional data as we continue our migration to the cloud and have a growing dependency on the cloud hosted services.
Those impacted were limited to web browser users and did not impact desktop clients, the synchronization agents, or MS. Office clients.
The group “Anonymous Sudan” appears linked to Russia and potentially to Iran. The 780th Military Intelligence Brigade, which is known as the Army’s only offensive cyberspace operations brigade, posted this announcement on Twitter.
Perhaps even more disconcerting is the message posted by Anonymous Sadan. “Microsoft. You think we forgot you. We are motivated to teach you liars a very good lesson in honesty that none of your parents ever taught you.” Wow, there is an absolute bitterness in those words that go beyond corporate espionage for financial or commercial gain.
For now, Microsoft will “continue to apply further mitigations” and closely monitor the service. For now, I will run a local backup on my NAS. Considering the other services provided by Microsoft include the ever popular OpenAI’s ChatGPT and DALL-E models, it’s only a matter of time until we see bigger outages and more nefarious results.
Something to noodle on.
This is Edwin Kwan from Sydney, Australia.
There’s a new Google Chrome zero-day vulnerability that’s actively being exploited in the weild. It’s CVE-2023-3079, and it allows attackers to execute arbitrary code to take complete control of the system remotely. The fix is inversion 114.0.5735.106 for Mac and Linux and version 114.05735.110 for Windows.
All Google Chrome versions prior to those versions are vulnerable to the high severity type Confusion vulnerability. Technical details are currently restricted until most users are updated with the fix. Chrome users are strongly recommended to immediately update their web browsers to prevent exploitation.
A former executive from ByteDance, the company behind TikTok, has made a bombshell claim. According to this insider, the Chinese Communist Party had access to TikTok’s user data in Hong Kong.
This is Katy Craig in San Diego, California.
Earlier this week, the Department of Defense General Services Administration and NASA issued an interim rule known as the No TikTok on Government Devices Act, which prohibits the use of TikTok and any successor app developed by ByteDance on government devices.
This rule, which has the force of a federal acquisition regulation requirement applies to all contract solicitations issued on or after June 2nd. For contracts awarded after June 2nd, the organizations must amend their solicitations to comply with the rule by July 3rd, 2023.
The ban extends to any presence or use of TikTok or its successor apps on government owned or managed information technology. Contractors are also required to adhere to this restriction unless granted an exception by the Office of Management and Budget.
As we navigate this complex landscape, it’s crucial to prioritize the protection of sensitive data. The US government and its agencies are taking steps to safeguard user information and maintain the integrity of their systems.
This is Katy Craig. Stay safe out there.
This is Marcel Brown, the most trusted name of technology with your technology history for June 9th and June 10th.
June 9th, 1993. The motion picture Jurassic Park premiers in Washington, DC. The highest grossing film in history at the time, the contributions of Jurassic Park to the field of special effects is perhaps as important as the original Star Wars movie 16 years prior.
During the production of the movie, the decision was made to incorporate the use of computer generated imagery, CGI for short, in a large scale. By interweaving the use of CGI and animatronics, the movie’s special effects were of a realism unprecedented at the time, and for many still to this day.
Jurassic Park jumpstarted a wave of movies that made heavy use of CGI throughout the rest of the nineties and at present, the use of CGI pioneered by the movie is now entirely commonplace.
On a personal note, Jurassic Park is one of my favorite movies, not just because of the dinosaurs, but in fact because I believe the movie is a microcosm of the technology industry at the time and going in the future. It also serves as a warning for future entrepreneurs and business owners to not take their technology lightly.
I mean, seriously, the park is fully automated with technology and he spared no expense on everything, except the person running his technology systems.
The lesson being, if you don’t take your technology seriously, you’re going to get eaten by dinosaurs.
June 10th, 1858. Two ships head out to begin work on what will become the first operational transatlantic cable. Previous attempts at laying a transatlantic cable had failed. Designed for telegraph operation, the cable run is completed on August 5th, and the first test message is set on August 12th. However, after being used to send a total of 400 messages, Including between us President James Buchanan and England’s Queen Victoria, the cable fails on September 18th and repair was not possible at the time.
While this short-lived experiment seemingly ended in failure, it proved that it was possible to manufacture, lay, and operate a transatlantic cable, setting up the feasibility of future global communications.
That’s your technology history for today. For more, tune in next week and visit my website ThisDayInTechHistory.com.
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Trac Bannon, Edwin Kwan, Katy Craig, Marcel Brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm. This is Pokie Huang. See you next Monday… at 5:05.