{"id":19562,"date":"2019-11-02T12:46:36","date_gmt":"2019-11-02T19:46:36","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=19562"},"modified":"2019-11-02T12:47:19","modified_gmt":"2019-11-02T19:47:19","slug":"sb-2019-11-01","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2019\/11\/sb-2019-11-01\/","title":{"rendered":"Security Bits \u2013 1 Nov 2019"},"content":{"rendered":"<h1>Security Bits \u2013 1 Nov 2019<\/h1>\n<h3>Notable Security Updates<\/h3>\n<ul>\n<li>Apple updates just about everything:\n<ul>\n<li><a href=\"https:\/\/arstechnica.com\/gadgets\/2019\/10\/everything-you-need-to-know-about-ios-and-ipados-13-2\/\">Everything you need to know about iOS and iPadOS 13.2 \u2014 arstechnica.com\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/9to5mac.com\/2019\/10\/28\/some-users-experiencing-bricked-homepod-after-updating-to-ios-13-2\/\">Some users experiencing bricked HomePod after updating to iOS 13.2 [Update: pulled] \u2014 9to5mac.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/apnews.com\/078755dbec364b71a7b34abf63fb6284\">Apple resumes human reviews of Siri audio with iPhone update \u2014 apnews.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.macobserver.com\/news\/ios-13-2-disable-siri-grading\/\">iOS 13.2: How to Turn off Siri Grading so Audio Snippets Won\u2019t be Shared \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1593945\">Apple releases macOS Catalina 10.15.1 and watchOS 6.1 \u2014 arstechnica.com<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/2019\/10\/29\/apple-releases-macos-10-15-1-catalina-watchos-6-1-and-tvos-13-2\/\">Apple Releases macOS 10.15.1 Catalina, watchOS 6.1, and tvOS 13.2 \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/watchlist\/security-update-2019-001-mojave-and-2019-006-high-sierra\/\">Security Update 2019-001 (Mojave) and 2019-006 (High Sierra) \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/watchlist\/safari-13-0-3\/\">Safari 13.0.3 \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/30\/got-an-early-iphone-or-ipad-update-now-or-turn-it-into-a-paperweight\/\">Got an early iPhone or iPad? Update now or turn it into a paperweight \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/29\/php-team-fixes-nasty-site-owning-remote-execution-bug\/\">PHP team fixes nasty site-owning remote execution bug \u2014 nakedsecurity.sophos.com\/\u2026<\/a><br \/>\n<!--more--><\/li>\n<\/ul>\n<h3>Notable News<\/h3>\n<ul>\n<li>WhatsApp have filed suit against grey-hat security firm NSO group for selling a hacking tool that was briefly able to exploit a bug in WhatsApp to install spyware on victim devices. The hacking tools were used against military and government officials from US allies \u2014 <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/31\/whatsapp-sues-spyware-maker-for-allegedly-hacking-phones-worldwide\/\">nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.macobserver.com\/news\/military-and-government-officials-from-u-s-allies-victims-of-whatsapp-hack\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<li>Apple have removed at least 17 apps that contained ad-clicking malware from the iOS app store. ad-clickers don&#8217;t attack the device they&#8217;re installed on, but instead defraud ad networks by automatically loading web pages and clicking on ads. While malware of this kind doesn&#8217;t attack the users who install it, it does affect them by draining their battery \u2014 <a href=\"https:\/\/www.imore.com\/17-malware-apps-have-now-been-removed-app-store\">www.imore.com\/\u2026<\/a><\/li>\n<li>Twitter will stop selling political ads \u2014 <a href=\"https:\/\/www.nbcnews.com\/tech\/tech-news\/twitter-stop-accepting-political-ads-n1074171\">www.nbcnews.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.macobserver.com\/news\/facebook-employees-write-mark-zuckerberg-political-ads\/\">Facebook Employees Write to Mark Zuckerberg Over Political Ads \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> &#x1f1ea;&#x1f1fa; <a href=\"https:\/\/www.macobserver.com\/link\/eu-facebook-google-twitter-fight-fake-news\/\">EU Tells Facebook, Google, Twitter to do More to Fight Fake News \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> &#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.macobserver.com\/news\/uk-lawmaker-demands-answers-from-facebook-on-political-ads-and-messaging-encryption\/\">UK Lawmaker Demands Answers From Facebook on Political Ads and Messaging Encryption \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/23\/facebook-pulls-fake-news-networks-linked-to-russia-and-iran\/\">Facebook pulls fake news networks linked to Russia and Iran \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><strong>Related Opinion\/Analysis Piece:<\/strong> <a href=\"https:\/\/www.lawfareblog.com\/how-facebook-can-use-international-law-content-moderation\">How Facebook Can Use International Law in Content Moderation \u2014 www.lawfareblog.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>As well as fixing security vulnerabilities, FireFox 70 has improved privacy protections and added a nice new UI for showing how often you are tracked online \u2014 <a href=\"https:\/\/www.imore.com\/firefox-can-now-provide-reports-who-tracks-you-online\">www.imore.com\/\u2026<\/a>, <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/25\/firefox-privacy-protection-makes-website-trackers-visible\/\">nakedsecurity.sophos.com\/\u2026<\/a> &amp; <a href=\"https:\/\/tidbits.com\/watchlist\/firefox-70-0\/\">tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h3>Suggested Reading<\/h3>\n<ul>\n<li>PSAs, Tips &amp; Advice\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.howtogeek.com\/443611\/how-macos-catalinas-new-security-features-work\/\">How macOS Catalina\u2019s New Security Features Work \u2014 www.howtogeek.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.intego.com\/mac-security-blog\/what-are-all-those-macos-catalina-security-alerts\/\">What are all those macOS Catalina security alerts? \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/22\/storing-your-stuff-securely-in-the-cloud\/\">Storing your stuff securely in the cloud \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable Breaches &amp; Privacy Violations\n<ul>\n<li>&#x2b50;&#xfe0f; Adobe have leaked personal information on 7.5m Creative Cloud users. The data did not include passwords in any form, nor any payment information, but it did contain email addresses &amp; subscription details, making it extremely useful for creating convincing phishing attacks \u2014 <a href=\"https:\/\/www.imore.com\/personal-information-75-million-adobe-creative-cloud-accounts-was-exposed\">www.imore.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/28\/adobe-database-exposes-7-5-million-creative-cloud-users\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/krebsonsecurity.com\/2019\/10\/breaches-at-networksolutions-register-com-and-web-com\/\">Breaches at NetworkSolutions, Register.com, and Web.com \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.theregister.co.uk\/2018\/09\/10\/trend_micro_apple_macos\/\">Trend Micro tools tossed from Apple&#8217;s Mac App Store after spewing fans&#8217; browser histories \u2014 www.theregister.co.uk\/\u2026<\/a><\/li>\n<li>Popular VPN provider NordVPN suffered a breach \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/nordvpn-was-hacked\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/23\/hacker-breached-servers-used-by-nordvpn\/\">nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/information-technology\/2019\/11\/nordvpn-users-passwords-exposed-in-mass-credential-stuffing-attacks\/\">NordVPN users\u2019 passwords exposed in mass credential-stuffing attacks \u2014 arstechnica.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/23\/travel-database-exposed-pii\/\">Travel database exposed PII on US government employees \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Notable IoT Vulnerabilities\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/23\/alexa-and-google-home-phishing-apps-demonstrated-by-researchers\/\">Alexa and Google Home phishing apps demonstrated by researchers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/22\/vatican-developers-commit-cardinal-coding-sin\/\">Vatican launches smart rosary \u2013 complete with brute-force flaw \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>News\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/28\/new-bbc-dark-web-tor-mirror-site-aims-to-beat-censorship\/\">New BBC \u2018dark web\u2019 Tor mirror site aims to beat censorship \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; &#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/30\/uber-sues-la-in-bid-to-protect-scooter-riders-geolocation-data\/\">Uber sues LA in bid to protect scooter riders\u2019 geolocation data \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Facebook News:\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/29\/new-facebook-ai-fools-facial-recognition\/\">New Facebook AI fools facial recognition \u2014 nakedsecurity.sophos.com\/\u2026<\/a> <\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.macobserver.com\/news\/instagram-strengthens-rules-on-self-harm-and-suicide-content\/\">Instagram Strengthens Rules on Self-Harm and Suicide Content \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1ec;&#x1f1e7; <a href=\"https:\/\/www.bbc.co.uk\/news\/technology-50234141\">Facebook agrees to pay Cambridge Analytica fine to UK \u2014 www.bbc.co.uk\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; Libra&#8217;s woes continue as Zuckerberg testifies before the House Financial Services Committee \u2014 <a href=\"https:\/\/pxlnv.com\/linklog\/zuck-testifies-again\/\">pxlnv.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1e6;&#x1f1fa; <a href=\"https:\/\/www.zdnet.com\/article\/home-affairs-pushes-its-face-matching-service-for-porn-age-verification\/\">Home Affairs pushes its face-matching service for porn age verification \u2014 www.zdnet.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/www.macobserver.com\/news\/aclu-sues-fbi-facial-recog\/\">ACLU Sues FBI Over Facial Recognition \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; <a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/28\/tiktok-says-no-senators-were-not-under-chinas-thumb\/\">TikTok says no, senators, we\u2019re not under China\u2019s thumb \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Opinion &amp; Analysis\n<ul>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.theguardian.com\/world\/2019\/oct\/22\/school-student-surveillance-bark-gaggle\">Under digital surveillance: how American schools spy on millions of kids | World news \u2014 www.theguardian.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.techdirt.com\/articles\/20191017\/20492843214\/dojs-latest-child-porn-site-takedown-shows-encryption-isnt-really-stopping-feds-fighting-child-porn.shtml\">DOJ&#8217;s Latest Child Porn Site Takedown Shows Encryption Isn&#8217;t Really Stopping The Feds From Fighting Child Porn \u2014 www.techdirt.com\/\u2026<\/a><\/li>\n<li>&#x2b50;&#xfe0f; <a href=\"https:\/\/www.imore.com\/fbi-general-counsel-who-fought-apple-over-encryption-has-had-rethink\">FBI general counsel who fought Apple over encryption has had a rethink \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li>&#x1f1fa;&#x1f1f8; The four main US carriers have agreed to move forward with RCS as a more modern cross-platform and cross-carrier replacement for SMS, but it does not look like it will bring the privacy and security improvements some had hoped:\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/link\/rcs-no-encryption\/\">New Messaging Standard RCS Won\u2019t Have Encryption \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.theverge.com\/2019\/10\/24\/20931202\/us-carriers-rcs-cross-carrier-messaging-initiative-ccmi-att-tmobile-sprint-verizon\">AT&amp;T, Verizon, Sprint, and T-Mobile have finally agreed to replace SMS with a new RCS standard \u2014 www.theverge.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/31\/linux-maintainer-patching-side-channel-flaws-is-killing-performance\/\">Linux maintainer: Patching side-channel flaws is killing performance \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Propellor Beanie Territory\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2019\/10\/24\/researchers-find-vulnerability-in-content-distribution-networks\/\">Vulnerability in content distribution networks found by researchers \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h3>Palate Cleansers<\/h3>\n<ul>\n<li>&#x1f3a6; A great video from CGP Grey asking a question you may well think you know the answer to, but you probably don&#8217;t: <em>&#8216;which is our nearest planetary neighbour?&#8217;<\/em> \u2014 <a href=\"http:\/\/www.cgpgrey.com\/blog\/which-planet-is-closest\">www.cgpgrey.com\/\u2026<\/a><\/li>\n<\/ul>\n<p><em><strong>Note:<\/strong> When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by Bart.<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security Bits \u2013 1 Nov 2019 Notable Security Updates Apple updates just about everything: Everything you need to know about iOS and iPadOS 13.2 \u2014 arstechnica.com\/\u2026 Some users experiencing bricked HomePod after updating to iOS 13.2 [Update: pulled] \u2014 9to5mac.com\/\u2026 Related: Apple resumes human reviews of Siri audio with iPhone update \u2014 apnews.com\/\u2026 Related: iOS [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,214],"tags":[50,569],"class_list":["post-19562","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/19562","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=19562"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/19562\/revisions"}],"predecessor-version":[{"id":19564,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/19562\/revisions\/19564"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=19562"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=19562"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=19562"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}