Feedback & Followups
- πΊπΈ More consequences for past misdeeds:
- Two notable developments in the big CUPS vulnerability on Linux:
- Researchers at Akami Security have found a little sting in the tail β exposed vulnerable servers can be used to amplify distributed denial of service (DDoS) attacks β www.bleepingcomputer.com/β¦ (exposed machines now need to be patched not just to protect themselves from takeover, but stop them being recruited for use in DDos attacks on other internet users)
- The storied security researcher Marcus Hitchins has released a Python script to scan your IP range for devices running vulnerable versions of CUPS β www.bleepingcomputer.com/β¦
β Action Alerts
- Another Patch Tuesday has been and gone, with 5 zero-days fixed by Microsoft this time β www.bleepingcomputer.com/β¦, krebsonsecurity.com/β¦ & isc.sans.edu/β¦
- Apple releases iOS, iPadOS 18.0.1 with security updates; other “.0.1” bug-fix updates β www.intego.com/β¦
- Mozilla fixes Firefox zero-day actively exploited in attacks β www.bleepingcomputer.com/β¦
- iTunes for Windows Gets a Security Update β www.macobserver.com/β¦
- DrayTek fixed critical flaws in over 700,000 exposed routers β www.bleepingcomputer.com/β¦
- Android users need to keep an eye out for firmware updates from their vendors and apply them ASAP because Qualcomm have just patched critical flaws in the firmware for chips used in many smartphones β Qualcomm patches high-severity zero-day exploited in attacks β www.bleepingcomputer.com/β¦ (Users can’t apply the patch directly, it has to come via their vendor, so again, any Android phone not under active patching can’t be used safely!)
Worthy Warnings
- The Internet Archive has been compromised, and 31M usernames and passwords have been breached (the data has been incorporated into Have-I-Been-Pwned), a lot of creators chose to proactively upload their content to preserve it, so many in our community could be affected β www.bleepingcomputer.com/β¦
Notable News
- πΊπΈ Reporting from the WSJ claims that the Chinese government broke into the back doors for the good guys US cellphone companies were forced to install to facilitate lawful data requests β appleinsider.com/β¦
- This story is the perfect illustration of why the idea of back doors for the good guys in End-to-End Encryption is fundamentally flawed β daringfireball.net/β¦
- In-depth explanation by Peter Strzok during the Cleanup on Aisle 45 Podcast of how this breach was achieved and the implications. Episode 194 | Biblical Profit Potential starting at 28:35 Warning: this is a left-leaning political podcast.
- πͺπΊ E.U. Court Limits Meta’s Use of Personal Facebook Data for Targeted Ads β thehackernews.com/β¦
- Under Article 5(1)(C) of the GDPR data used to target ads can’t be retained indefinitely, but Meta (and others) have been doing just that, and that now has to stop
- πΊπΈ California governor vetoes major AI safety bill β www.cultofmac.com/β¦
- Could have been the first major AI regulation in the US, and set a new baseline like the CCPA
- Vetoed not because there is not a problem to be solved, but because this was not a good solution (Editorial by Bart: I agree with many of the points made in the veto statement, basing the law on model size not risk was the wrong approach)
- Google Joins Forces with GASA and DNS RF to Tackle Online Scams at Scale β thehackernews.com/β¦ (information sharing to make blocking of malicious domains more effective)
- Some nice little security enhancements from Microsoft:
- Microsoft overhauls security for publishing Edge extensions β www.bleepingcomputer.com/β¦ (makes it harder to impersonate legitimate developers and sneak malware into trusted plugins)
- Microsoft Defender adds detection of unsecure Wi-Fi networks β www.bleepingcomputer.com/β¦ (Paid personal & family subscriptions only)
- Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server β www.bleepingcomputer.com/β¦ (Editorial by Bart: more dangerous legacy protocols going away π β a podcast I listened to, (before they podfaded) jokingly referred to PPTP as Point to Point Toilet Paper to mock its insecurity π)
Excellent Explainers
- A great overview of all the various security protections in modern Macs, and a big-picture explanation of how they work: How macOS protects your data from malware β appleinsider.com/β¦
Just Because it’s Cool π
- πΊπΈ Some ingenious policing, and a perfect illustration of just how much of a scam cryptocurrency is: FBI Creates Fake Cryptocurrency to Expose Widespread Crypto Market Manipulation β thehackernews.com/β¦
Palate Cleansers
- From Bart: π§ Irish History Podcast: Emily Anderson- The Forgotten Irish Bletchley Park Code Breaker β overcast.fm/β¦
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| π§ | A link to audio content, probably a podcast. |
| β | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| π | A link to graphical content, probably a chart, graph, or diagram. |
| π§― | A story that has been over-hyped in the media, or, “no need to light your hair on fire” π |
| π΅ | A link to an article behind a paywall. |
| π | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| π© | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| π¦ | A link to video content. |