Feedback & Followups
- Twitter begins testing long-awaited edit button — www.cultofmac.com/…
- Formal Confirmation of unconfirmed reports from The Intercept a few months ago: Facebook engineers have no idea what happens with user data — appleinsider.com/…
Deep Dive(s)
❗ Action Alerts
- Apple released iOS 12.5.6 to protect older iPhones from an actively exploited zero-day vulnerability — www.intego.com/…
- Chrome and Edge fix zero-day security hole – update now! — nakedsecurity.sophos.com/…
Worthy Warnings
- Samsung hack in July 2022 led to customer data theft — appleinsider.com/… (no social security numbers or payment details, so the biggest danger seems to be target phishing including correct device information)
- 🇺🇸 FTC Files Suit Against Data Broker Kochava for Selling Sensitive Location Tracking Information — www.macobserver.com/…
Notable News
- macOS’s New XProtect Remediator Now Regularly Scans for Malware — tidbits.com/… (the new component is named XProtect Remediator)
- 🧯LastPass suffered a breach, but because their system is well architected so that they can’t see the passwords people store, the attackers couldn’t either, though they were able to steal a copy of the source code (but not edit the published version) — blog.lastpass.com/…
- Editorial by Bart I’ve been asked by a few LastPass users if they should switch, and my answer was simple “only if you already wanted to leave for other reasons”. My thinking lines up well with the guys at Naked Security: LastPass source code breach – do we still recommend password managers? — nakedsecurity.sophos.com/…
- A timely reminder of why it’s important to keep NAS boxes patched and if possible, off the public internet: DEADBOLT ransomware rears its head again, attacks QNAP devices — nakedsecurity.sophos.com/…
- From Allison: Patreon confirms security team layoffs — techcrunch.com/…
- 📌 🇦🇺 Australia’s e-Safety Commissioner has sent legal letters to Apple, Google, Meta & Microsoft requiring them to reply with a description of how they are fighting CSAM on their platform, and they have 28 days to comply — appleinsider.com/…
- 📌 🇺🇸 California’s two legislative chambers have passed the controversial California Age-Appropriate Design Code, it’s now waiting on the Governor’s signature or veto — appleinsider.com/…
- The bill’s status (and history and text) — leginfo.legislature.ca.gov/…
- 🎧 Listen to Allison, Tom & Co. explain it: DTNS 4344: Twitter’s Circles of Mystery — overcast.fm/…
Excellent Explainers
- Why I’m such a fan of ISO 8601 (or its narrower sub-set RFC 3339) dates: How to deal with dates and times without any timezone tantrums… — nakedsecurity.sophos.com/…
Interesting Insights
- An interesting analysis of why 1-time-codes that get sent to users have turned sour for corporate IT: How 1-Time Passcodes Became a Corporate Liability — krebsonsecurity.com/… (Editorial by Bart: This is why we need to move to better key-based systems like FIDO/Passkeys)
Just Because it’s Cool 😎
- Researchers published a paper titled ‘Mining Node.js Vulnerabilities via Object Dependence Graph and Query.’ – they found and responsibly reported bugs which were promptly fixed, which is not noteworthy, but they did it using an entirely new automated technique, which is very noteworthy indeed! — nakedsecurity.sophos.com/…
Palate Cleansers
- From Allison: “Give this book a coding-related title” — twitter.com/…
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |