Security Bits — 25 October 2020

Feedback & Followups

• COVID 19 Apps Update
  • 🇺🇸 Apple updates COVID-19 app with new questions and recommendations — www.imore.com/…
  • 🇺🇸 Washington D.C. Rolls Out App-Free COVID-19 Tracking System — www.macobserver.com/…
• Zoom Rolls Out End-to-End Encryption for Video Calls — www.macobserver.com/…
• Social Media companies continue to evolve their policies to battle abuses of their platforms:
  • Facebook has now banned Holocaust denial on its platform — www.imore.com/…
  • Twitter will make it harder to retweet before the U.S. election — www.imore.com/…

❗ Action Alerts

• Chrome zero-day in the wild – patch now! — nakedsecurity.sophos.com/…
• October’s Patch Tuesday fixed some critical bugs in Windows & Flash — krebsonsecurity.com/…
  • Of particular note is a patch for a dangerous bad neighbour bug in Windows 10 & Windows Server 2019 that’s been nicknamed the new Ping of Death. ATM a single malicious IPv6 packet can crash (BSOD) a vulnerable Windows computer, but the expectation in the security community is that the vulnerability can easily be converted into a remote code execution flaw — nakedsecurity.sophos.com/…

Worthy Warnings

• Barnes & Noble Hack Revealed in Emails to Customers — www.macobserver.com/…
• Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch — arstechnica.com/…
• 🇺🇸 Breach at Dickey’s BBQ Smokes 3M Cards — krebsonsecurity.com/…

Notable News

• Microsoft on the counter attack! Trickbot malware network takes a hit — nakedsecurity.sophos.com/…
• The cat-and-mouse game between malware authors and Apple continues – for the second time in 2 months Apple has been tricked into notarising malware, this time through the clever use of steganography. Apple have revoked the certificate used, so this specific piece of malware is no longer a problem, but it shows that attackers are very interested in getting by the Mac’s strong security perimeters, and, that they can succeed from time to time, so Mac users should not let their guard down — www.intego.com/…
• A timely reminder to use strong passwords: President Trump’s Twitter accessed by a security expert who guessed password ‘maga2020!’ — techcrunch.com/…

Interesting Insights

• Amazon’s Latest Gimmicks Are Pushing the Limits of Privacy — www.wired.com/…
• 🇪🇺 Orders from the Top: The EU’s Timetable for Dismantling End-to-End Encryption | Electronic Frontier Foundation — www.eff.org/…

Palate Cleansers

• RedHat’s Command Line Heroes podcast is back for a 6th season — www.redhat.com/…

Legend

When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.

Emoji	Meaning
🎧	A link to audio content, probably a podcast.
❗	A call to action.
flag	The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country.
📊	A link to graphical content, probably a chart, graph, or diagram.
🧯	A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂
💵	A link to an article behind a paywall.
📌	A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future.
🎩	A tip of the hat to thank a member of the community for bringing the story to our attention.