Zyxel Network Devices, Apple Silicon Processors, Bitwarden (positive)
Risk 1: Medium
Issue: A flaw was found Zyxel CPE series networking devices. Zyxel has acknowledged that the vulnerability has been deployed since July and was only located when the vulnerability was exploited by malicious actors. There is not a timeframe for correction.
Resolution: It is strongly recommended that anybody using a Zyxel CPE device (CVE 2024-40891) stop usage immediately and migrate to another device.
Risk 2: High
Issue: Alright, folks, this is a crazy one. There is a vulnerability in modern Apple Silicon processors. If you use one of the devices listed below AND either Safari or Chrome, your browser may be inadvertently leaking sensitive data.
If an unexpected result is reached while using javascript on these browsers, your individual data may be released instead. This could extend to any client data you submitted previously through your browser.
Resolution: If you use either Safari or Chrome and one of the above processors, it is recommended you halt usage until Apple deploys an update. As a temporary alternative, you may use Firefox.
Risk 3: Low
Issue: There is something positive to note here and this is really cool. One of the problems faced in our industry is that not all sites we use support MFA, even though we are required to. Bitwarden, a password manager, now has the option to require an internal MFA solution through e-mail. What does this mean? If you have site XYZ that doesn’t support MFA, you have to authenticate a code through e-mail before the login credentials are sent. This is not a replacement, but is an added feature on top of an already complicated scenario.
Resolution: No response needed.
Announced Data Breaches
Contec (Healthcare devices - the devices, not the company)
Financial Guardians is a proud member of InCite, the recently launched online community exclusively for tax professionals, bookkeepers, and accountants. InCite members receive a 30% discount.
