Cyber Security Headlines: Supreme Court’s 230 ruling, Montana bans TikTok, Guerilla smartphone malware

Supreme Court shields Twitter from liability and leaves Section 230 untouched

The Supreme Court handed Silicon Valley a massive victory on Thursday as it protected online platforms from two lawsuits that legal experts had warned could have upended the internet. The twin decisions preserve social media companies’ ability to avoid lawsuits stemming from terrorist-related content. In Twitter v. Taamneh, the Supreme Court ruled Twitter will not have to face accusations it aided and abetted terrorism when it hosted tweets created by the terror group ISIS. The court also dismissed Gonzalez v. Google, sidestepping an invitation to narrow a key federal liability shield for websites, known as Section 230 of the Communications Decency Act

(CNN and Reuters)

Montana governor bans TikTok

One month almost to the day, Montana Gov. Greg Gianforte signed a bill on Wednesday banning TikTok in the state. This, he said, is to “to protect Montanans’ personal and private data from the Chinese Communist Party,” officially making it the first state to ban the social media application. The bill, which will take effect in January, specifically names TikTok as its target, prohibiting the app from operating within state lines. The law also outlines potential fines of $10,000 per day for violators, including app stores found to host the social media application.


Millions of smartphones distributed worldwide with preinstalled ‘Guerrilla’ malware

A threat actor has control over millions of smartphones distributed worldwide thanks to a piece of malware that has been preinstalled on the devices, according to Trend Micro. The group behind the campaign was dubbed the Lemon Group and the malware preloaded on devices is called Guerrilla. It has since changed its name to Durian Cloud SMS. The group’s main business involves analyzing big data to generate marketing opportunities for its clients, but this allows it to monitor customers that can be further infected with other apps to build on, Trend Micro added. An implant planted by Lemon Group loads a downloader that serves as what Trend Micro calls the main plugin, which in turn can fetch and run other plugins. 

(Security Week)

Congress looks to expand CISA’s role to satellites and open source

The Senate Homeland Security and Governmental Affairs Committee on Wednesday advanced a bill that would require CISA to maintain a commercial public satellite system clearinghouse and create voluntary cybersecurity recommendations for the space sector. Additionally, the committee advanced legislation requiring CISA to create a pilot civilian cyber reserve program to respond to incidents. At the same time, the House Homeland Security Committee advanced legislation that would require CISA to work with the open source community to better secure open source. These moves represent the Biden administration’s mission of managing security risks, although many Republicans in both the House and Senate scoffed at giving CISA more responsibilities and authorities.


Thanks to this week’s episode sponsor, Hunters

There is nothing worse than relying on a legacy SIEM that your security team has out-grown, especially when it impacts your ability to detect real incidents. Hunters’ SOC Platform offers built-in, always up-to-date detection rules and automatic correlation that allow SOC analysts to focus on higher-value tasks that impact your organization. It’s time to move to a platform that reduces risk, complexity and cost for the SOC. Visit to learn how you can Move Beyond SIEM and let them know you heard about Hunters on the CISO Series.

Critical flaws in Cisco Small Business switches could allow remote attacks

Cisco has released updates to address a set of nine security flaws in its Small Business Series Switches that could be exploited by an unauthenticated, remote attacker to run arbitrary code or cause a denial-of-service (DoS) condition. “These vulnerabilities are due to improper validation of requests that are sent to the web interface,” Cisco said. Four of the nine vulnerabilities are rated 9.8 out of 10 on the CVSS scoring system, making them critical in nature. A list of the affected devices is available in the Hacker News link below. 

(The Hacker News)

Microsoft investigates slow Windows VPN speeds after May updates

Microsoft is investigating major speed issues affecting L2TP/IPsec VPN connections after installing recent Windows 11 updates. According to reports from Windows users and administrators, the connection bandwidth issues were first caused by the optional April 2023 non-security update. Redmond rolled the same fixes and improvements bundled in the KB5025305 preview update into the mandatory KB5026372 cumulative update released during this month’s Patch Tuesday, causing the connection issues to be experienced by a larger number of Windows users. Additional user reports reveal that, apparently, this issue affects only Wi-Fi connections, with wired ones not impacted by the speed drop. Microsoft is looking into the problem.

(Bleeping Computer)

Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown

The Oklahoma Institute of Allergy Asthma and Immunology posted a notice on its doors starting earlier this month saying it will be closing immediately due to a cybersecurity event.” The clinic’s operators did eventually speak to local news outlets to explain what happened. Dr. Amy Liebl Darter told KFOR that the situation started in February, when she and her husband downloaded an iPhone app that created issues with all of the clinic’s technology – from phones to email and electronic medical records.

(The Record)

Lacroix Group shuts down three facilities after a targeted cyberattack

The French electronics manufacturer that designs and manufactures electronic equipment automotive, aerospace, industrial, and health sectors, shut down facilities in France, Germany, and Tunisia in response to a cyberattack. Currently, no ransomware gang has claimed responsibility for the attack, but it does come just one week after Swiss multinational company ABB, a leading electrification and automation technology provider, was the victim of a Black Basta ransomware attack.

(Security Affairs)