Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Glen Fleishmann outlines some ways in which Google’s Find My Device network is actually a little more privacy-preserving than Apple’s Find My network (and one nasty sting in the tail that makes it a […]
Continue readingMore TagCategory: Security Bits
Security Bits — 14 April 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. An excellent writeup detailing the fascinating story of the XZUtils compromise we discussed last time — arstechnica.com/… (Editorial by Bart: Definitely one of the nearest misses we’ve had in the supply chain for some […]
Continue readingMore TagSecurity Bits — 31 March 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Watering hole attacks targeting Python developers are continuing, with attacks targeting the PyPi package repo getting so bad the site has temporarily suspended new account signups — www.bleepingcomputer.com/… Attackers are continuing to succeed in […]
Continue readingMore TagSecurity Bits — 17 March 2024 ☘️
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Ransomeware-related developments: The apparent return of the BlackCat ransomeware gang after their recent law enforcement take-down appears to have been short-lived, with the group collapsing with an apparent exit scam: BlackCat Ransomware Group Implodes […]
Continue readingMore TagSecurity Bits — 18 February 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. It’s not just in Google Search Results that malicious ads are getting through ATM: Facebook ads push new Ov3r_Stealer password-stealing malware — www.bleepingcomputer.com/… (The lure is different though, job ads with malicious PDF downloads, […]
Continue readingMore TagSecurity Bits — 4 February 2024
<li>## Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Apple have released iOS 17.3, which includes the new Stolen Device Protection mode designed to thwart the recent spike in iPhone thefts by thieves who have observed or socially engineered passcodes allowing them […]
Continue readingMore TagSecurity Bits — 21 January 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. We warned about this then-unpatched flaw a few weeks ago, now there’s a fix: Apple patches security flaw that allowed Magic Keyboard Bluetooth connections to be faked — appleinsider.com/… Kaspersky have developed and released […]
Continue readingMore TagSecurity Bits — 3 January 2024 (Bart & Jill from the North Woods)
Deep Dive — Operation Triangulation TL;DR — Kaspersky labs have discovered that they, and Russian government officials, were targeted by very advanced iOS malware that completely took over iOS devices for the last 4 years. Apple have patched all the exploited vulnerabilities, regular users were not targeted, and Kaspersky say there is not enough evidence […]
Continue readingMore TagSecurity Bits — 26 November 2023
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. The recent wave of malicious Google ads targeting software downloads continues, this time it’s malicious versions of the popular Secure FTP client WinSCP — thehackernews.com/… ❗ Action Alerts Calls to action, if any stories […]
Continue readingMore Tag