In today’s episode, we discuss the exploitation of a new zero-day vulnerability (CVE-2024-4761) in Google Chrome, prompting emergency fixes from Google. Users are advised to update to Chrome version 124.0.6367.207/.208 to mitigate potential threats (https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html). Additionally, Apple has backported a patch to iOS 16 branch to fix CVE-2024-23296 and introduced a new Bluetooth tracker alert feature in iOS 17 to warn users about unknown Bluetooth trackers (https://www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/). The impact of return-to-office mandates at tech giants like Apple, Microsoft, and SpaceX on employee retention, particularly among senior talent, is also discussed, shedding light on the potential negative effects of such policies (https://arstechnica.com/information-technology/2024/05/rto-mandates-led-to-pronounced-exodus-of-senior-workers-at-top-tech-firms/).

00:00 The Great Tech Exodus: Navigating Return to Office Mandates

00:55 Deep Dive into Return to Office Policies and Their Impact

04:54 Exploring Apple’s Cybersecurity Enhancements

07:15 Navigating the Threat Landscape: Google Chrome’s Zero Day Vulnerability

Search Phrases: Apple, Cyber threats, iOS patches, Bluetooth tracker alert, Cybersecurity measures, CVE-2024-23296, MarketplaceKit vulnerability, Return-to-office mandates, Senior-level employees, Remote work, Workforce management, Employee morale, Attrition

may15

Return to office mandates at major tech companies like apple, Microsoft, and space X. Have led to a significant Exodus of senior level employees.

How can these tech companies manage their workforce effectively while avoiding the negative impact of return to office mandates?

On employee morale and attrition. .

In Apple’s most recent update they’ve added.

A Bluetooth tracker alert.

To alert the user, if an unexpected Bluetooth tracker is in their proximity.

How else is apple enhancing cybersecurity measures. For iOS users. And finally an emergency fix has been rolled out by Google to address the new zero day vulnerability in Google Chrome. Which is being actively exploited in the wild posing, a serious threat to compromised hosts.

How can users protect themselves from the zero day vulnerability in Google Chrome?

You’re listening to the daily decrypt. All right. Let’s talk about return to office or RTO.

If you work in tech. Specifically cybersecurity. You’ve probably been impacted by this since the Dawn of COVID.

Or at least know somebody who’s been impacted by this.

I personally work on a team of developers who were all hired remotely.

With no expectation set that they’ll have to return to the office and.

They’re all pretty peeved because now they’re having to return to the office and we’re losing good talent.

And the team’s morale is just a little lower.

Because it’s one thing to be hired with the expectation of moving to an office, which is actually how I was hired. And I did move closer to an office.

But it’s another thing.

To be hired with the expectation of never having to, and then having to.

So a recent study conducted by researchers from the university of Chicago and the university of Michigan revealed that returned to office mandates at tech giants, like apple, Microsoft, and SpaceX have led to a significant Exodus of senior level employees.

And this study did pose a thought that I had never really considered as to why senior level.

Employees would be leaving specifically ones in management. And that’s because they prefer not to manage teams that are inherently unhappy about policies at their. Company.

So if their whole team is upset about returning to office, That’s going to directly impact their job satisfaction because there’s nothing they can do. They can’t change company policy. They can just. Make sure their leaders are aware that their teams are upset and hope that they changed their mind on returned to office. Which. Hasn’t really happened yet.

So this study analyzed resume data from people, data labs matching 260 million resumes to company data.

Highlighting the negative effects of return to office mandates on employee retention and. Senior talent.

Following Apple’s implementation of a hybrid return to office approach. The percentage of senior level employees decreased by five percentage points. While Microsoft experienced a similar decline.

And even worse, the space X requires full-time office presence. And they saw a substantial 15% drop in senior level employees.

So I don’t have to explain. What it means to lose 15% of your senior employees. Um, but I can elaborate that it’s probably not the 15% you want to lose because the ones you lose are the ones that are good enough to get jobs elsewhere.

So there’s gotta be some sort of balance. There’s gotta be some sort of give and take, um, Remote work. Works for some people and it doesn’t work for others. Like there is no hard and fast way.

To improve productivity amongst your team members. But senior executives don’t like that. They like black and white. They like policy. So how can we find a middle ground?

I understand that. Working close to your peers can build comradery. Enhance collaboration. All of that stuff, but the more I study of leadership, I think it’s because it’s actually easier to lead when your employees can see you. It.

Is really hard to lead through a computer screen and that’s a lot of work and maybe senior executives don’t want to put in the work to figure out ways.

To connect with their employees. Through a computer screen. So they’re just going to make them come into work. Hey, spoiler alert. That’s not a good reason. Do the work connect with your employees?.

Also included in this study.

Is the contrary, right? That. Hybrid work model can actually enhance mental health and employee morale, which makes sense. I’ve been working remote for three years now. And I’m about at the point where I’d like to go into the office every once in a while and see my teammates. Um, but being forced to do anything just is a bad move. And it doesn’t feel good, even if I really wanted to go into the office.

If I was being forced to go in on Monday, Wednesday to Thursday, whatever. I wouldn’t like it. So if you’re a senior leader out there and you have. A platform to stand on. I highly encourage you to talk to your employees and figure out what works for them and why, and maybe you can.

Have some exceptions. And be a little looser with your standards there.

Apple has back ported the patch for CVE 20 24, 23. 29 6 to the iOS 16 branch enhancing security against potential brute force attacks.

So this vulnerability is called the RTK. Kit zero-day vulnerability. And it’s been patched in multiple apple products, but it’s backporting to iOS 16.7 0.8 and iPad iOS 16 point 78. For added protection, which essentially means that a patch that was developed for this new iOS.

Has been also applied to a previous generation of operating systems for your tablets and phones.

So, for example, if your iPad doesn’t quite support iOS 17, you can still get this security feature. So it must be pretty bad.

If you, if that does apply to you. You’re probably pretty hesitant about installing updates because you’re on the end of life of your device. It might not be able to handle the next update and you want to keep using it. But I highly encourage you to go download this update and install it.

Because this is a pretty serious security risk.

There’s also been a bug in marketplace kit that has been fixed by apple, which can prevent maliciously crafted webpages from distributing scripts to track iOS users on other sites.

And the coolest security feature that was just released by apple. In iOS 17 is a feature that alerts users, when an unknown Bluetooth tracker is detected, moving with them. This will enhance privacy insecurity.

Um, now as someone who has been stocked, it is very scary. It sounds kind of mundane when you hear about it, but, you know, it’s.

It really haunts you a lot and it makes you look at your privacy a lot differently. And this is particularly.

Prevalent. Amongst women like. Bluetooth trackers slipped into their purses at bars. So that. They’re suitors we’ll know exactly where they live, where they’re moving and we’ll allow them to stock their prey.

It’s just very scary. And there’s no way of knowing if that’s happened to you until you go through your purse and.

With the amount of purses that women can have. It’s not a frequent occurrence to go through them. So this is a great feature. Um, Highly encourage you to download this patch and enable that feature regardless of your lifestyle or situation. It’s just good to know if someone’s trying to track you, it can happen to anybody.

And finally Google has released emergency patches to address a new zero day vulnerability CVE 20 24 4 7 6 1. In the Chrome web browser being actively exploited in the wild. The vulnerability affects the VA JavaScript and WebAssembly engine posing a risk of out of bounds, right attacks that could lead to data, corruption, crashes, or arbitrary code execution on compromised systems. There is an exploit for this, that exists in the wild, which means.

Anyone who’s taking the security plus can use this.

Which is why Google took such swift action.

But further details about the specific attacks that leverage this vulnerability and exploited have not been disclosed. In order to prevent further exploitation from threat actors, but, you know, A crafty threat actor can go find it. Mutter, putter. Loaded up Metis boy, whatever. Get it going. So this latest zero day disclosure follows closely on the heels of Google patching CVE 20 24 4 6 7 1 8 use after free vulnerability in the visuals component, that was also actively exploited. In 2024 alone, Google has addressed a total of six zero day vulnerabilities with three of them showcased at the Ponca own hacking contest in March. To safeguard against potential threats.

Users are strongly advised to update to the most recent version of Chrome. As soon as possible. So if you’re getting that relaunch to update. Button in the top. Right. Which I have seen. On about everyone’s browser at work. Go ahead and press that update button.

You know, your tabs are gonna save. They’re gonna relaunch. It’ll take about a second, just press it and get into the habit of pressing it whenever you see it.

Users of other chromium based browsers, like edge brave opera and Vivaldi should also apply the necessary patches. When they become available to enhance their cybersecurity posture.

This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don’t forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.