Feedback & Followups
- For those interested in even more technical details: CrowdStrike Reveals Root Cause of Global System Outages — thehackernews.com/…
- Steve Gibson has released a free tool to check your PC’s Secure Boot setup by verifying the feature is enabled, and, that your computer is not using a platform key marked with DO NOT TRUST/DO NOT SHIP as discussed last time (the PKfail vulnerability) — www.grc.com/…
❗ Action Alerts
- Patch Tuesday has been and gone, and Microsoft patched 9 zero-days, including 6 being actively exploited — www.bleepingcomputer.com/…
- Microsoft did not fix all known issues: Windows Update downgrade attack “unpatches” fully-updated systems — www.bleepingcomputer.com/… (does not seem to be an immediate risk to home users ATM)
- If you dual-boot Windows with Linux and use a version of GRUB with a known vulnerability your Linux distro may fail to boot, but there is a workaround — www.bleepingcomputer.com/… & www.bleepingcomputer.com/…
- Google fixes Android kernel zero-day exploited in targeted attacks — www.bleepingcomputer.com/… (just one of 46 vulnerabilities fixed in the latest scheduled security update)
- Google fixes ninth Chrome zero-day tagged as exploited this year — www.bleepingcomputer.com/… (Users of other Chromium browsers should expect fixes any moment now)
- Researchers Uncover 10 Flaws in Google’s File Transfer Tool Quick Share — thehackernews.com/…
- A critical security issue in 1Password for Mac left credentials vulnerable to attack — appleinsider.com/…
- Apple have a patch to their recent patch: macOS 14.6.1, macOS 13.6.9, iOS 17.6.1, and iPadOS 17.6.1 Fix Advanced Data Protection — tidbits.com/… (Fixes bug, when changing advanced protection features)
- If you run your own WordPress site, beware of two critical security updates for commonly used plugins:
- If your family or small business has an Office365 account, beware that you’ll need to enable MFA on your admin accounts by October 15th or you’ll be locked out of your control panels! — www.bleepingcomputer.com/…
Worthy Warnings
- Attackers are starting to abuse Progressive Web Apps in malware campaigns targeting iOS & Android — www.bleepingcomputer.com/…
- Will do a deep-dive on this next time (when Allison is back)
- For now — never ever ever do anything an ad tells you to do! (If you your bank needs your attention they’re not going to try get it by taking out an ad!)
Notable News
- 🇺🇸 🇬🇧 🇨🇦 2.7Bn name & address records, many with social security numbers, apparently stolen from background check company National Public Database affecting probably everyone in the US, UK & Canada have been leaked online — www.bleepingcomputer.com/…
- Not sufficient for identity theft on their own, but combined with all the other previous leaked data out there, everyone in those countries is now probably vulnerable
- Consensus advice for US citizens seems to be to keep your credit record frozen by default, and only thaw it out for a limited time when you actually need to apply for credit (www.intego.com/… & appleinsider.com/…)
- Troy Hunt’s insights: Inside the “3 Billion People” National Public Data Breach — www.troyhunt.com/…
- If you’re wondering how this could happen, this anecdote gives a pretty good idea of little of fig this company gave about cybersecurity: National Public Data Published Its Own Passwords — krebsonsecurity.com/…
- Security researchers have found that many browsers wrongly treat the illegal IP address
0.0.0.0
as if it were127.0.0.1
(the loop back address), but without enabling the security protections needed for local connections — https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/- Given the media-friendly name 0.0.0.0 Day
- Of most importance to the kinds of advanced users that run local servers, perhaps without passwords since they are supposedly just local
- Browsers will be patching this
- 🇺🇸 Judge rules Google is a search and advertising monopoly — appleinsider.com/… (US DOJ case)
- Could have positive privacy outcomes, eventually
- This first ruling only finds that Google has a monopoly, remedies are the next phase
- Google will appeal this finding, and arguments over remedies will take many many months
- A detailed analysis of possible remedies: All the possible ways to destroy Google’s monopoly in search — arstechnica.com
- Google have outlined the privacy protections they plan to build into their Gemini AI on Android — www.bleepingcomputer.com/…
- Less technical detail than we have from Apple, so initial impressions are wooly (a white paper with more details is promised ‘soon’)
- Appears OK, but not as good as Apple Intelligence
- 🇺🇸 Unsurprisingly, America’s adversaries are using technology to attack the up-coming election:
- OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda — thehackernews.com/…
- Azure domains and Google abused to spread disinformation and malware — www.bleepingcomputer.com/…
- Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp — thehackernews.com/…
- US warns of Iranian hackers escalating influence operations — www.bleepingcomputer.com/…
- Additionally, X has its own additional problems:
- Beware of a new malicious technique on X – fake content warnings — www.bleepingcomputer.com/… (Bart’s Advice if you insist on using X, behave as if you’re in the digital equivalent of a post-apocalyptic hell-scape, because you are, so click on nothing)
- 🇪🇺 The European pro-privacy campaign group NYOB (None Of Your Business) has filed 9 GDPR complaints against X, aledging the company illegally used EU users data to train their Grok AI bot without the legally required informed consent — www.bleepingcomputer.com/…
- 🇫🇷 Breaking News: Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures — thehackernews.com/…
- Something to bear in mind when making risk decisions while travelling: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide — thehackernews.com/… (In my experience MIFARE cards usually have the brand name on the back in teeny tiny writting)
- The post-quantum future comes a little closer: 🇺🇸 NIST releases first encryption tools to resist quantum computing — www.bleepingcomputer.com/…
Excellent Explainers
- What to do after a data breach—and how to avoid getting hacked—in 9 easy steps — www.intego.com/…
- How to use built-in network security features for Mac, iPhone, and iPad — appleinsider.com/…
Legend
When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.
Emoji | Meaning |
---|---|
🎧 | A link to audio content, probably a podcast. |
❗ | A call to action. |
flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
📊 | A link to graphical content, probably a chart, graph, or diagram. |
🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
💵 | A link to an article behind a paywall. |
📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
🎦 | A link to video content. |