Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The Snowflake supply-chain breach fallout continues with another big name: Neiman Marcus confirms data breach after Snowflake account hack β www.bleepingcomputer.com/β¦ (biggest danger seems to be targeted phishing) π§π· Meta’s plan to hoover up […]
Continue readingCategory: Security Bits
Security Bits βΒ 2024-06-23
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Microsoft delays Windows Recall amid privacy and security concerns β www.bleepingcomputer.com/β¦ (Initially only to Windows Insiders AKA beta testers) The scale of the Snowflake breach we discussed last time becomes clearer: Snowflake Breach Exposes […]
Continue readingSecurity Bits β 2024 June 9
Deep Dive β You Probably Want to Avoid Microsoft Recall, at Least for Now! At their recent Build developers conference Microsoft announced a new line of ARM-based laptops with built-in AI chips branded as Copilot+ PCs, with one of the headline features being Recall. The idea is that Recall will constantly monitor everything you do […]
Continue readingSecurity Bits β 2024 May 26
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Attackers are continuing to compromise Google ads, and they’re now targeting apps in the news as well as developer & sysadmin tools: Arc browserβs Windows launch targeted by Google ads malvertising β www.bleepingcomputer.com/β¦ Ransomware […]
Continue readingSecurity Bits β 12 May 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. πͺπΊ Quick Digital Markets Act update: The first 3rd-party iOS app store in the EU has gone live β AltStore PAL by Riley Testut β rileytestut.com/β¦ EU Labels iPadOS as a Gatekeeper and Orders […]
Continue readingSecurity Bits β 28 April 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Glen Fleishmann outlines some ways in which Google’s Find My Device network is actually a little more privacy-preserving than Apple’s Find My network (and one nasty sting in the tail that makes it a […]
Continue readingSecurity Bits β 14 April 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. An excellent writeup detailing the fascinating story of the XZUtils compromise we discussed last time β arstechnica.com/β¦ (Editorial by Bart: Definitely one of the nearest misses we’ve had in the supply chain for some […]
Continue readingSecurity Bits β 31 March 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Watering hole attacks targeting Python developers are continuing, with attacks targeting the PyPi package repo getting so bad the site has temporarily suspended new account signups β www.bleepingcomputer.com/β¦ Attackers are continuing to succeed in […]
Continue readingSecurity Bits β 17 March 2024 βοΈ
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Ransomeware-related developments: The apparent return of the BlackCat ransomeware gang after their recent law enforcement take-down appears to have been short-lived, with the group collapsing with an apparent exit scam: BlackCat Ransomware Group Implodes […]
Continue readingSecurity Bits β 3 March 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Another defeat for the NSO group: πΊπΈ U.S. Court Orders NSO Group to Hand Over Pegasus Spyware Code to WhatsApp β thehackernews.com/β¦ πΊπΈ Microsoft have finally followed through on their promise to the US […]
Continue reading