Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Just like we predicted last time: Scattered Spider hackers shift focus to aviation, transportation firms — www.bleepingcomputer.com/… (They’d just pivoted to Insurance and were finding it fallow ground, so we predicted they’d jump again […]
Continue readingTag: vulnerabilities
Security Bits — 22 June 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Greyware spyware from Pegatron continues to be abused: Graphite spyware used in Apple iOS zero-click attacks on journalists — www.bleepingcomputer.com/… (This all happened a few months ago, and the zero-day was patched back in […]
Continue readingSecurity Bits — 25 May 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇪🇺 Following the near-miss with the US-funded critically important CVE database earlier this year (CISA nearly let funding lapse without notice, and even then only temporarily extended the existing funding rather than actually renewing […]
Continue readingSecurity Bits — 11 May 2025
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. A great example of why it’s important to patch – this is one of the things the Apple updates we called out last time patched: Apple ‘AirBorne’ flaws can lead to zero-click AirPlay RCE […]
Continue readingSecurity Bits — 30 March 2025 (Bart Solo)
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Thankfully Microsoft have not learned the wrong lesson from their recent over-zealous response to possible malware in the VS Code Marketplace: VSCode Marketplace Removes Two Extensions Deploying Early-Stage Ransomware — thehackernews.com/… Attackers are continuing […]
Continue readingSecurity Bits – 29 September 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Consequences arrive for past failure: 🇺🇸 AT&T pays $13 million FCC settlement over 2023 data breach — www.bleepingcomputer.com/… 🇪🇺 Meta fined €91M by the Irish Data Protection Commissioners for storing over 600 million passwords […]
Continue readingSecurity Bits — 15 September 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Apple have decided to end their case against the NSO Group (authors of the infamous Pegasus spyware) because disclosure could do more harm to users than letting the NSO group off the hook — […]
Continue readingSecurity Bits – 2024-06-23
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Microsoft delays Windows Recall amid privacy and security concerns — www.bleepingcomputer.com/… (Initially only to Windows Insiders AKA beta testers) The scale of the Snowflake breach we discussed last time becomes clearer: Snowflake Breach Exposes […]
Continue readingSecurity Bits — 2024 May 26
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. Attackers are continuing to compromise Google ads, and they’re now targeting apps in the news as well as developer & sysadmin tools: Arc browser’s Windows launch targeted by Google ads malvertising — www.bleepingcomputer.com/… Ransomware […]
Continue readingSecurity Bits — 12 May 2024
Feedback & Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we’re tracking over time. 🇪🇺 Quick Digital Markets Act update: The first 3rd-party iOS app store in the EU has gone live – AltStore PAL by Riley Testut — rileytestut.com/… EU Labels iPadOS as a Gatekeeper and Orders […]
Continue reading