Cyber Security Headlines: Get Meta out of Your Life, GoDaddy Slapped, TikTok Could Stay Alive

Hosted by CISO Series | Released on January 16, 2025

In the latest episode of Cyber Security Headlines by CISO Series, host Sara Lane and her co-contributors delve into several pressing issues in the information security landscape. From the complexities of deleting Meta accounts to significant cybersecurity breaches and geopolitical implications affecting major tech platforms, this episode provides a comprehensive overview of the most critical developments in the field.

1. Deleting Meta Accounts: A Comprehensive Guide

Sara Lane opens the discussion by addressing the growing desire among users to remove their presence from Meta’s suite of applications, including Facebook, Messenger, Instagram, and WhatsApp. She outlines the straightforward yet distinct processes required for each platform:

• Facebook & Instagram: Users are granted a 30-day grace period to reactivate their accounts before permanent deletion ensues.
• Messenger: Deletion requires the mobile app, emphasizing the platform's integration with mobile device functionalities.
• WhatsApp: The process necessitates the input of a phone number, adding an extra layer of verification.

Sara emphasizes the irrevocability of deletion:

"Deleting means no going back. Facebook and Instagram offer a 30 day grace period, but once it's done, your data is gone." (00:06)

For those wishing to retain Messenger while removing other Meta services, deactivating Facebook alone suffices.

2. GoDaddy Faces FTC Allegations Over Security Lapses

The episode shifts focus to GoDaddy, which is currently under scrutiny by the Department of Federal Trade Commission (DFTC). Accusations highlight GoDaddy's neglect of basic security protocols, leaving millions of customer websites susceptible to cyber threats. Key allegations include:

• Ignoring Software Patches: Delayed or overlooked updates that are critical for maintaining security integrity.
• Bypassing Multi-Factor Authentication: Reduced layers of security, making breaches more likely.
• Lack of Threat Monitoring: Inadequate surveillance against potential cyber-attacks.

Despite these serious allegations spanning from 2019 to 2022, Sara notes:

"GoDaddy faces no fines under a new FTC settlement. GoDaddy denies fault, but says it's already addressing the issues." (01:27)

However, the settlement warns of substantial penalties for future violations, setting a precedent for stringent enforcement.

3. TikTok's Future in the U.S.: Political Maneuvering and Legal Hurdles

A significant portion of the episode discusses the uncertain future of TikTok in the United States. An unnamed contributor elaborates on the administration's stance:

"Americans shouldn't expect to see TikTok suddenly banned on Sunday," (01:27)

Officials are opting to implement national security laws without immediately enforcing a ban, deferring the decision to the incoming Trump administration. Former President Trump has expressed intentions to preserve TikTok's operations and appointed Attorney General nominee Pam Bondi has not committed to enforcing a potential ban.

Legal challenges persist, primarily centered around free speech and ownership concerns. The episode reflects on Trump's previous attempts to ban TikTok during his first term and his campaign promise to save the platform in 2024.

4. DJI Removes Geofencing Restrictions: Implications for Drone Safety

Sara reports on DJI's controversial decision to eliminate geofencing restrictions in the U.S., which previously prevented drones from operating in sensitive areas such as airports, nuclear plants, and wildfire zones. While the company's app will issue warnings, DJI places the onus of safety on drone operators, citing tools like remote ID for enforcement.

However, this move has sparked safety concerns, especially after an incident where a DJI drone damaged a firefighting plane in Los Angeles. Critics, including DJI's former policy head, argue that:

"The decision undermines aviation safety and shifts all accountability to users." (02:17)

The removal of geofencing could lead to increased risks in highly regulated airspaces, highlighting the delicate balance between user freedom and public safety.

5. Microsoft's January 2025 Patch Tuesday: A Record-Breaking Update

Microsoft's latest Patch Tuesday addressed 161 vulnerabilities, marking the highest number since 2017. Among these, 11 were rated critical. Noteworthy patches include:

• Windows OLE Vulnerability: This critical flaw allows remote code execution via specially crafted Outlook emails, though the preview pane itself isn't exploitable.
• RDP Flaws: Two critical Remote Desktop Protocol vulnerabilities were patched, both permitting remote, unauthenticated code execution.

Sara underscores the importance of these updates:

"A serious Windows OLE vulnerability also stood out, enabling remote code execution via specially crafted emails in Outlook." (02:17)

IT professionals are strongly advised to apply these updates promptly to safeguard against potential exploits.

6. Illinois Launches Digital IDs via Apple Wallet: Enhancing Convenience and Security

Illinois is set to introduce digital IDs accessible through Apple Wallet and Apple Watches by the end of the year, with plans to integrate Google Wallet support subsequently. Secretary of State Alexei Giannales emphasized the commitment to rigorous testing to ensure privacy and security:

"It's the first step in a cutting-edge mobile ID program." (03:17)

This initiative aligns Illinois with ten other states and territories already offering mobile IDs, while New Jersey also advances its own mobile driver's license (MDL) system. Officials aim to enhance user convenience without compromising governmental oversight, dispelling myths about increased surveillance:

"Officials stress that MDLs don't enable government tracking." (03:17)

7. Russia’s Rusheltorg Suffers Massive Cyber Attack by Ukrainian Hacker Group

In a severe cybersecurity incident, Russia's Rusheltorg platform, used for government and corporate procurement, confirmed a cyber-attack initially attributed to maintenance issues. Ukrainian hacker group Yellow Drift later claimed responsibility, asserting that they deleted 550 terabytes of data, including critical emails and backups. The aftermath sees:

• Infrastructure Restoration Efforts: Rusheltorg has managed to restore affected systems, though the website remains offline.
• Client Concerns: Major corporations and government agencies are grappling with potential financial losses and operational delays.

Sara adds context, noting this attack is part of a broader campaign targeting Russian entities:

"This attack is part of a broader wave targeting Russian entities." (05:30)

The incident underscores the escalating cyber conflicts intertwined with geopolitical tensions.

8. UN Security Council Addresses the Menace of Commercial Spyware

The United Nations Security Council convened its first meeting dedicated to the dangers of commercial spyware, focusing on its misuse and implications for global security and human rights. Key points include:

• Support for Stricter Controls: The US and 15 other nations advocate for more rigorous regulations.
• Dismissals by Russia and China: Both nations downplayed concerns, with Russia accusing the US of hypocrisy and China emphasizing other international security priorities.

Experts like John Scott-Ralton from Citizen Lab highlighted the alarming proliferation of spyware, particularly in Europe, prompting countries like Poland and Greece to implement local reforms in response to spyware scandals:

"Citizen Lab's John Scott-Ralton warned of spyware's proliferation, citing Europe as a hotspot." (05:43)

This global dialogue reflects the urgent need to address the ethical and security challenges posed by commercial spyware.

9. The Role of CISOs in Sales Engagements

Towards the episode's conclusion, Sara and an unnamed contributor discuss the evolving dynamics between Chief Information Security Officers (CISOs) and sales teams. They explore whether CISOs should dictate the nature of these relationships:

"CISOs want to be approached, but should they dictate the entire relationship?" (06:34)

This segment emphasizes the importance of balanced interactions, ensuring that CISOs can maintain control over security strategies without hindering beneficial collaborations with sales professionals.

Conclusion

The January 16, 2025 episode of Cyber Security Headlines offers an in-depth look into critical cybersecurity issues, from corporate negligence and geopolitical cyber-attacks to technological advancements in digital identity management. By highlighting these diverse topics, the episode provides valuable insights for professionals and enthusiasts aiming to stay informed about the ever-evolving landscape of information security.

For more detailed stories behind these headlines, visit CISOseries.com.