Feedback & Followups
- ๐บ๐ธ Following the FBI earlier in the month, and following the revelation that 8 major US telcos were compromised by the Chinese government, the US Cybersecurity & Infrastructure Security Agency (CISA) has joined the FBI in recommending the use of End-to-End Encrypted messaging apps, giving special a special mention to Signal as a good choice โ www.bleepingcomputer.com/โฆ
- CISA’s advisory โ www.cisa.gov/โฆ
- Inflammatory headline is really about compliance: Government to ban WhatsApp for official business
โ Action Alerts
- Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws โ www.bleepingcomputer.com/โฆ
- Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) – SANS Internet Storm Center โ isc.sans.edu/โฆ
- Apple also releasedย Safari 18.2ย for macOS 14 Sonoma and macOS 13 Ventura to fix five security vulnerabilities โ tidbits.com/โฆ
Worthy Warnings
- Reminder โ always check NPM and other repository names from a trusted source, never just guess: Thousands Download Malicious npm Libraries Impersonating Legitimate Tools โ thehackernews.com/โฆ
- ๐งฏ Those “Apple Approval Notice” SMS messages are a scam โ www.macobserver.com/โฆ
- ๐งฏRest assured, these scary viral TikTok videos are utter fiction: (in case you or your family hear about them)
- An Illustrative example of how attackers are using legitimate features on popular sites to send more believable phishing emails (in this case, Google Forms to phish pretending to be Google’s security team): How to Lose a Fortune with Just One Bad Click โ krebsonsecurity.com/โฆ
- Similarly, attackers are turning more and more to sending entirely genuine invoices for utterly fictitious produces/service using popular Software-as-a-Service platforms: Money request and invoice scams via PayPal, Venmo, and Docusign โ www.intego.com/โฆ
- Lots of nice detailed advice in the article
- Top-takeaway โ don’t trust any information in a field controlled by the sender rather than the service, like sender/seller/vendor comment/note/message
Notable News
- A wise move to counter stigma against victims: Interpol replaces dehumanizing “Pig Butchering” term with “Romance Baiting” โ www.bleepingcomputer.com/โฆ
- ๐ช๐บ The GDPR continues to have teeth โ notice that the fines are not for being breached as such, but for not taking the appropriate actions before and after:
- ๐ฎ๐ช Ireland fines Meta $264 million over 2018 Facebook data breach โ www.bleepingcomputer.com/โฆ
- The fine is not for being breached, but for not having notified affected users clearly and promptly
- The fine is also for negligence in Facebook’s under-the-hood design
- ๐ณ๐ฑ Dutch DPA Fines Netflix โฌ4.75 Million for GDPR Violations Over Data Transparency โ thehackernews.com/โฆ
- The fine is for not having clear and accurate data policies
- The fine is also for not responding honestly to subject data requests filed by EU users
- ๐บ๐ธ The US Office of the Inspector General (OIG) has determined that the Trump US Department of Justice (DOJ) wrongly subpoenaed Apple for call and message data relating to opposition lawmakers, their aides, and families โ appleinsider.com/โฆ
- ๐บ๐ธUS Authorities are launching an investigation into Chinese router maker TP-Link for a possible ban due to security risks. Most popular home internet routers in US may be banned as national security risk โ www.9to5mac.com
- While an investigation isn’t a ban Tom Merritt on the Daily Tech News Show explains why a ban is essentially inevitable: DTNS 4918 for 18 December 2024 on YouTube
- If you own a TP-Link router, consider flashing it with dd-wrt firmware if you don’t want to throw it in the bin.
- ๐ฉ๐ช An interesting example of nation-state-level cybersecurity defences: Germany blocks BadBox malware loaded on 30,000 Android devices โ www.bleepingcomputer.com/โฆ
Top Tips
- How to Add a Legacy Contact to Your Apple Account | Full guide โ www.macobserver.com/โฆ (just in time for all those holiday visits with the family you tech-support ๐)
- ๐บ๐ธ Good advice for how US users can protect themselves from SIM swapping from the AARP (recommended by listener Lynn on the Podfeet Slack) โ www.aarp.org/โฆ
Palate Cleansers
- From Bart: An excellent telling of the true story of how a suite of Apps myself and Allison and countless other podcasters almost died, but has instead come back to life better than ever in 2024: The Developers Who Came in From the Cold โ weblog.rogueamoeba.com/โฆ
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| ๐ง | A link to audio content, probably a podcast. |
| โ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| ๐ | A link to graphical content, probably a chart, graph, or diagram. |
| ๐งฏ | A story that has been over-hyped in the media, or, “no need to light your hair on fire” ๐ |
| ๐ต | A link to an article behind a paywall. |
| ๐ | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| ๐ฉ | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| ๐ฆ | A link to video content. |