Feedback & Followups
- Just like we predicted last time: Scattered Spider hackers shift focus to aviation, transportation firms — www.bleepingcomputer.com/… (They’d just pivoted to Insurance and were finding it fallow ground, so we predicted they’d jump again quickly)
- Highest profile victim so far: Qantas discloses cyberattack amid Scattered Spider aviation breaches — www.bleepingcomputer.com/…
- 🇺🇸 TikTok ban enforcement delayed another 90 days to September 17 — appleinsider.com/… 🌮
- Note: still no actual legal basis for any of this!
- At least some Google shareholders are starting to worry about the ever increasing legal exposure, and a lawsuit has been filed — www.macobserver.com/…
❗ Action Alerts
- Google fixes fourth actively exploited Chrome zero-day of 2025 — www.bleepingcomputer.com/…
- Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros — thehackernews.com/…
- Responsibly disclosed, so patches have actually been out for some time
- Requires local access, so probably not a that big a risk for most NosillaCastaways
- ⚠️ Brother, Fujifilm, Toshiba & Konica Minolta Printer Owners: Brother printer bug in 689 models exposes default admin passwords — www.bleepingcomputer.com/… (Nearly 700 Brother models, but over 50 from the other brands too!)
- No firmware fix — default passwords derived from serial number which also leaks in various ways, and change in manufacturing process needed to remediate
- Only fix is for users to change the password so the default is not in use
- ⚠️ Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs & Teufel headset owners: Bluetooth flaws could let hackers spy through your microphone — www.bleepingcomputer.com/… (29 models total)
- Firmware updates are on the way (at various stages of the process)
- Requires proximity, so probably not a big deal for regular folks, but people who may be worth targeting should consider switching headset, at least for now
Notable News
- Beware, new variant of currently popular attack: New FileFix attack weaponizes Windows File Explorer for stealthy commands — www.bleepingcomputer.com/… (Asks users to paste into the File Explorer address bar, which is more powerful than many realise, and perhaps less suspicious than the Run box)
- Probably best to avoid: Meta wants to upload every photo you have to its cloud to give you AI suggestions — appleinsider.com/… (Suggest denying any prompts to opt-in to ‘Cloud Processing’)
- Let’s Encrypt ends certificate expiry emails to cut costs, boost privacy — www.bleepingcomputer.com/…
- Only relevant if you are manually regenerating certs, which needs to be done every 3 months
- Time to move on to using automation via the ACME protocol, certificate lifetimes are going to get a lot shorter in the next few years!
- Windows 10 gets a 1-year reprieve, if you’re prepared to make a change or to pay — www.bleepingcomputer.com/…
- Extended Security Updates (ESU) in exchange for configuring Windows Backup to sync settings to the cloud, 1K of Microsoft credits, or $30.
- Pet Theory: The reason for the cloud sync push could be to simplify the eventual migration to Windows 11 next year
- Cloudflare open-sources Orange Meets with End-to-End encryption — www.bleepingcomputer.com/…
- From a brief scan of the descriptions looks like a great protocol to have open to the world, 100% client-side encryption, so truly End-to-End, and includes a nice key-verification method.
- 🇺🇸 AT&T rolls out “Wireless Lock” feature to block SIM swap attacks — www.bleepingcomputer.com/… (other carriers have apparently had similar options for some time)
Interesting Insights
- 🎧 Guy Kawasaki’s Remarkable People: Who Defends Your Digital Rights? Meet EFF’s Cindy Cohn — overcast.fm/…
- Great discussion explaining what the EFF does, and why
- Cindy’s answer regarding her own use of FaceID is superb, explaining very well that everyone needs to make their own informed decisions about how they balance risks and benefits
- Also of note is Cindy’s practical and nuanced answer to Guy’s question about using WhatsApp (it’s not ideal, but it’s better than most, and it’s where most of the people are in many places around the world, so fine for most people to use, and definitely much better than Telegram)
Palate Cleansers
- From Bart:
Legend
When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by Bart.
| Emoji | Meaning |
|---|---|
| 🎧 | A link to audio content, probably a podcast. |
| ❗ | A call to action. |
| flag | The story is particularly relevant to people living in a specific country, or, the organisation the story is about is affiliated with the government of a specific country. |
| 📊 | A link to graphical content, probably a chart, graph, or diagram. |
| 🧯 | A story that has been over-hyped in the media, or, “no need to light your hair on fire” 🙂 |
| 💵 | A link to an article behind a paywall. |
| 📌 | A pinned story, i.e. one to keep an eye on that’s likely to develop into something significant in the future. |
| 🎩 | A tip of the hat to thank a member of the community for bringing the story to our attention. |
| 🎦 | A link to video content. |