Android security updates and more: first officer's blog - week 38

Android security, increased threats to the cloud, and more. Here's the roundup of some of the biggest cyber security news of the week.

Mike Parkin | February 13, 2023

First Officer’s log, Terrestrial date, 20230213. Officer of the Deck reporting.  

With the criminal activity on [REDACTED] wrapping up, we have started to wind down our activities here and prepare to move on to our next destination. While support vessels like ours rarely receive the adulation and glory that the front-line combat or exploration ships do, we still serve a vital role in the Federation. It’s OK that people don’t recognize how vital our role is. We know what we do. And the people we help know it too. 

We did, however, get a surprise as we were preparing to leave orbit. Starfleet command sent word that a special consultant would be joining us during our trip to the next destination. Apparently, Starfleet was in the midst of executing a program to “streamline operations, improve efficiency, reduce redundancy, and improve resource utilization on all Starfleet vessels across the expanse of the Federation.” 

And by “sent word” Starfleet Command meant “he just finished his engagement on the Light Cruiser [REDACTED] and will be beaming over in 8 minutes. Be ready.” 

Everyone from the Captain down through the department heads, some of whom learned we were going to be undergoing an “efficiency review” only after the consultant had beamed over and the [REDACTED] had entered Warp for our next destination, were all a little perplexed. As a support ship, we ran very leanly compared to a front-line heavy cruiser or an exploration ship on the frontier. It was the way. We focused on doing what we needed to do with what we had, rather than touting a big success here and there in order to gain attention and budget. As such, we were very good at using the resources we had efficiently. 

The consultant, who had Starfleet’s blessing, in spite of not actually being a member of Starfleet himself, assured us that he was an expert in his field and had a long history of working successfully with ships on the line. Since he had the full backing of the Federation high command, we had nothing to worry about and he would be talking to department heads and various crew members at random to make his assessment. 

Once that was complete, he would discuss his findings with the Captain, relay his recommendations to Starfleet Command, and leave us to go on our way assured that our efficiency would be vastly improved by his expert analysis. 

While the Captain maintained an air of stoic professionalism, the mood in the small recreation space that served as an Officer’s lounge was less restrained. Though restraints, the airlock, and a transporter malfunction were all mentioned, at least mostly in jest. 

We would just have to go with it and see what he said. Who knows. It might not be that bad. Right? 

Yes, your phones need to be kept up to date too… 

What happened 

The Center for Internet Security recently highlighted some vulnerabilities that were addressed in Google’s most recent security updates for Android. Some of these issues were dealt with in patches to the Android OS, while others were addressed in Google’s Play Protect. In most cases, end users will have to wait until their hardware vendor and/or mobile service provider makes the patches available. 

Why it matters 

Risks stemming from mobile devices can be a challenge to manage. In a lot of environments, they are BYOD devices that the users own and Security Operations doesn’t have a lot of visibility into how they’re used or how they’re maintained. There are options, of course, but many users are not thrilled with the idea of letting their company manage their own personal devices. 

Another challenge is that there are often delays between Google releasing the security updates and other vendors building them into their flavor of Android when needed. Sometimes there are additional delays when mobile services companies have to vet them for their own environment. 

Fortunately, though, security updates don’t always need additional work to deploy and pretty much every mobile device supports automatic updates. Which you do have turned on, right? 

What they said

android security

You don’t need to Google this story for very long to find the coverage.

It’s always good to get a reminder about what matters. 

What happened 

A recent article in Dark Reading highlighted 7 of the most critical cloud security threats facing enterprises in the coming year. While cloud adaptation is already widespread, organizations are still migrating to the cloud or increasing their existing cloud footprints. With the increased adoption of the cloud, companies are coming to terms with the expanded threat surface and some of the unique challenges highlighted in this article. 

Why it matters 

On the one hand, none of these threats are actually new. They are all things we have known about and written about before. On the other hand, many organizations are still learning how to operate safely and effectively in the cloud as they’ve migrated or expanded their presence. Ultimately, it’s usually a Good Thing™ to highlight risks, even if they’re known risks, to keep them top of mind.  

Managing cloud risk is one of the things we do here at Vulcan Cyber®. We’re not limited to the cloud, of course, but we can effectively ingest asset and vulnerability data from cloud environments and present it along with the rest of the risks an organization faces. That’s the real advantage of a risk management platform – the ability to consolidate it in one place so the people that need to secure it actually know what they have to deal with. 

What they said 

Here’s the latest from those on the ground.

Want to get ahead of the stories?

android security



Free for risk owners

Set up in minutes to aggregate and prioritize cyber risk across all your assets and attack vectors.

"Idea for an overwhelmed secops/security team".

Name Namerson
Head of Cyber Security Strategy