Feedback & Followups
- π§ More details on the Tea leak discussed last time, with reporting of how many women are continuing to use the app, and including new sigunups π€―: kill switch: why are women still signing up for tea? β overcast.fm/β¦ (If any of your friends or family are making this mistake, send them this link!)
β Action Alerts
- Microsoft have released their August Patch Tuesday updates, the worst of the bugs is in Server 2025, but there are quite a few critical bugs in regular Windows, so patch ASAP β isc.sans.edu/β¦
- Aside: an interesting suggestion at the end of this reporting that Windows 10 users losing support in 2 months consider Linux Mint, a distro designed to be familiar-feeling to Windows users β krebsonsecurity.com/β¦
- Google have released the August monthly Android patch, including fixes for some nasty Qualcomm vulnerabilities being actively exploited in the wild, patch ASAP, if you can β www.bleepingcomputer.com/β¦
-
Proton have patched a vulnerability in their new Authenticator app (reported on the launch last time), if you installed it, be sure it’s fully patched β www.bleepingcomputer.com/β¦
-
WinRAR Users: if you use WinRAR, make sure it’s fully patched, a recently patched bug is now being actively exploited by ransomeware gangs and other attackers β www.bleepingcomputer.com/β¦
-
Plex Users: make sure your server it patched, there is a zero-day under attack β www.bleepingcomputer.com/β¦ (Details still sparse, but Plex are pro-actively reaching out to users of certain server versions warning them to update ASAP, so it must be bad!)
-
Lenovo Webcam Users: Linux-Based Lenovo Webcams’ Flaw Can Be Remotely Exploited for BadUSB Attacks β thehackernews.com/β¦
“This allows remote attackers to inject keystrokes covertly and launch attacks independent of the host operating system” β the security researchers who discovered the vulnerability
Worthy Warnings
- πΊπΈ U.S. Judiciary confirms breach of court electronic records service β www.bleepingcomputer.com/β¦ (Not clear whether affected individuals and corporations are being informed π)
-
πΊπΈ Hackers leak Allianz Life data stolen in Salesforce attacks β www.bleepingcomputer.com/β¦ (The risk here is now very real as the data is being shared publicly)
Hackers have released stolen data belonging to US insurance giant Allianz Life, exposing 2.8 million records with sensitive information on business partners and customers in ongoing Salesforce data theft attacks.
- Now is a good time to check your status on HIBP: Troy Hunt has added details from a big new ‘stealer log’ leak he’s dubbed the Data Troll stealer logs to the database β www.troyhunt.com/β¦
- Reminder: a stealer log is a collection of usernames and passwords collected by key-logging malware; no company or site has been breached here, and the passwords could be from any site.
- As is always the case with stealer logs, the data is very dirty, so the numbers reported in the media (like 16Bn people!) are nonsense. In Troy’s sampling, the data is reduced by about 96% when sanitised.
- Editorial by Bart: 4% of a very big number is still a very big number, and I can tell you from first-hand experience that there are a lot of real humans caught up in this!
Notable News
- A timely reminder to support your less tech-savvy aging friends and family: πΊπΈ FTC: Older adults lost record $700 million to scammers in 2024 β www.bleepingcomputer.com/β¦
-
Meta has released a direct message for Threads, but it has no End-to-End Encryption β daringfireball.net/β¦ (Editorial by Bart: releasing a new messaging app without E2EE in 2025 is nuts, steer clear of this, don’t encourage anyone to adopt it!)
-
WhatsApp adds new security feature to protect against scams β www.bleepingcomputer.com/β¦
This feature displays a “safety overview” context card that includes information about the group’s creation date, the number of members, potential scam attempts, and instructions on how to control who can add you to WhatsApp groups.
Interesting Insights
- From Allison: A Little Over 50% of People Can Recognize AI Images from Real Photos β petapixel.com/β¦
Palate Cleansers
- From Allison:
- Accessibility and the agentic web β tetralogical.com/β¦
- π¦ the moment TV went colour β www.instagram.com/β¦ (no account needed to view)
- From Bart: some fascinating language fun to start, and some insightful thoughts on AI’s effect on the translation industry to follow: Grammar Girl Quick and Dirty Tips for Better Writing: AIβs impact on translators, untranslatable Dutch words, and more, with Heddwen Newton β overcast.fm/β¦
- As someone raised Dutch-English bilingual, this was extra fun for me, and I’m guilty of simply inventing the word howmanieth because it’s so natural to me as a Dutch/Flemish speaker (everyone understands it so intuitively, I didn’t realise it’s not a real English word!)
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| π§ | A link to audio content, probably a podcast. |
| β | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| π | A link to graphical content, probably a chart, graph, or diagram. |
| π§― | A story that has been over-hyped in the media, or, “no need to light your hair on fire” π |
| π΅ | A link to an article behind a paywall. |
| π | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| π© | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| π¦ | A link to video content. |