Feedback & Followups
- πͺπΊ Following the near-miss with the US-funded critically important CVE database earlier this year (CISA nearly let funding lapse without notice, and even then only temporarily extended the existing funding rather than actually renewing it), the EU announced an independent alternative vulnerability database the world could rely on now that America has squandered its hard-earned trust, that DB has gone live β www.theregister.com/β¦ (Snark from Bart: a shockingly efficient response for the sometimes lumbering EU bureaucracy π)
β Action Alerts
- Apple patches just about everything β isc.sans.edu/β¦
- The patches include a zero-day, so many older OSes & devices got fixes too β appleinsider.com/β¦
- May brought another busy Patch Tuesday: Microsoft May 2025 Patch Tuesday fixes 5 exploited zero-days, 72 flaws β www.bleepingcomputer.com/β¦ & isc.sans.edu/β¦
- Emergency Chrome update: Google fixes high severity Chrome flaw with public exploit β www.bleepingcomputer.com/β¦ (Windows, Mac & Linux)
- Mozilla fixes Firefox zero-days exploited at hacking contest β www.bleepingcomputer.com/β¦
- Context: Hackers earn $1,078,750 for 28 zero-days at Pwn2Own Berlin β www.bleepingcomputer.com/β¦ (a great example of the system working π)
- NosillaCastaways using Asus Motherboards: your computers probably had the ASUS DriverHub automatically installed on first boot, you need to patch it ASAP β www.bleepingcomputer.com/β¦
- NosillaCastaways using a Procolored brand printer: Printer maker Procolored offered malware-laced drivers for months β www.bleepingcomputer.com/β¦ (A brand gaining popularity for its very reasonable pricing model)
Worthy Warnings
- Details are still emerging, but the key takeaway is to enable 2FA/MFA ASAP on everything important: Login and password details for Apple, Google and Meta accounts found in huge data breach of 184 million accounts | TechRadar
- π¬π§ It’s been a bad two weeks for UK NosillaCastaways:
Notable News
- π§―There is a new speculative execution bug that has been demonstrating stealing secrets from RAM (keys, passwords etc.) in a lab, it does bypass the existing optionally enabled mitigations (which all have performance impacts), but it was responsibly disclosed so Intel have issued a microcode update (with only an additional 3% performance hit) and cloud providers will be rolling that out, but as usual the risk to home users is extremely low (Intel only, neither AMD nor ARM affected this time) β www.bleepingcomputer.com/β¦
- Microsoft have announced that they will continue to support the Office365 apps on Windows 10 for 3 years after it goes End-of-Life (EOL) this October, this not note mean home users can safely put off upgrading to Windows 11, this change is only helpful for businesses that opt to pay for Windows 10 Extended Security Updates (ESU), which is only available on some versions of Windows, and not cheap! β www.bleepingcomputer.com/β¦
- Signal now blocks Microsoft Recall screenshots on Windows 11 β www.bleepingcomputer.com/β¦
- Snark from Bart: this is achieved using the Windows DRM APIs, so apparently there is at least one good use for DRM π
- Google have added a great new security feature to Chrome on Windows. If you try to run it with admin privileges (say while logged in as a local admin), it will automatically surrender those privileges on launch, greatly limiting the damage of any future code execution bugs β www.bleepingcomputer.com/β¦
- To make this story even a little sweeter, this enhancement was developed by Microsoft for Edge, a Chromium browser, as open source, and Microsoft helped Google back-port it to their browser!
Just Because it’s Cool π
Palate Cleansers
- From Bart:
- π§ The Economics of Everyday Things: Data Centers β overcast.fm/β¦
- π¦ This hour-long interview from the Stripe conference is simply the most human and genuinely insightful interview I’ve ever seen with the generally quite closed and guarded Sir Jony Ives: Jony Ive talks about minimalism, taste, and Apple’s design group β appleinsider.com/β¦
- This pair of posts from NASA’s superb Astronomy Picture of the Day blog just blew my mind, we truly live in the future, we can see what it’s like on other worlds! π€―
- πΌοΈ 2025 May 15: A Plutonian Landscape β apod.nasa.gov/β¦
- π¦ 2025 May 19: Charon Flyover from New Horizons β apod.nasa.gov/β¦
- From Allison: A fun space-related toot from Brian Greenberg β infosec.exchange/β¦
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| π§ | A link to audio content, probably a podcast. |
| β | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| π | A link to graphical content, probably a chart, graph, or diagram. |
| π§― | A story that has been over-hyped in the media, or, “no need to light your hair on fire” π |
| π΅ | A link to an article behind a paywall. |
| π | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| π© | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| π¦ | A link to video content. |