{"id":25805,"date":"2022-04-17T11:54:47","date_gmt":"2022-04-17T18:54:47","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=25805"},"modified":"2022-04-17T11:55:42","modified_gmt":"2022-04-17T18:55:42","slug":"security-bits-17-april-2022","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2022\/04\/security-bits-17-april-2022\/","title":{"rendered":"Security Bits \u2014 17 April 2022"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>&#x1f1f7;&#x1f1fa; &#x1f1fa;&#x1f1e6; Russia&#8217;s Invasion of Ukraine continues to affect IT:\n<ul>\n<li>&#x1f1f7;&#x1f1fa; Twitter have made two policy changes: (<a href=\"https:\/\/www.imore.com\/twitter-stop-amplifying-russia-state-accounts-its-platform\">www.imore.com\/\u2026<\/a>)\n<ol>\n<li>In line with international law, government accounts won&#8217;t be allowed to post images of POWs<\/li>\n<li>Twitter&#8217;s algorithm will stop promoting tweets from accounts operated by governments that oppress the media<\/li>\n<\/ol>\n<\/li>\n<li>&#x1f1fa;&#x1f1f8; &#x1f1e9;&#x1f1ea; &#x1f1f7;&#x1f1fa; The FBI, working closely with German agencies have struck two blows against Russian-backed cybercrime operations, targeting the <em>Cyclops Blink<\/em> botnet and the <em>Hydra<\/em> darkweb market place \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2022\/04\/actions-target-russian-govt-botnet-hydra-dark-market\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Social Media updates:\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/whatsapp-makes-communities-official-including-admin-features-more\">WhatsApp makes Communities official including admin features, more \u2014 www.imore.com\/\u2026<\/a> (A way for organisations like Schools to have managed shared online spaces)<\/li>\n<li>&#x1f1f5;&#x1f1ed; <a href=\"https:\/\/www.macobserver.com\/news\/meta-says-facebook-removed-over-400-accounts-ahead-of-philippines-election\/\">Meta Says Facebook Removed Over 400 Accounts Ahead of Philippines Election \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.imore.com\/whatsapp-stops-saving-media-iphones-when-disappearing-messages-are-enabled\">WhatsApp stops saving media to iPhones when disappearing messages are enabled \u2014 www.imore.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/arstechnica.com\/?p=1847864\">Meta announces plans to monetize the Metaverse, and creators are not happy \u2014 arstechnica.com<\/a> (47% commission in some cases!)<\/li>\n<li><a href=\"https:\/\/www.macobserver.com\/news\/twitter-experimenting-with-unmention-feature-to-bow-out-of-conversations\/\">Twitter Experimenting with Unmention Feature to Bow Out of Conversations \u2014 www.macobserver.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> I want this, and I want it now! &#x1f642;)<\/li>\n<\/ul>\n<\/li>\n<li>App Tracking Transparency (ATT) turns 1 year old, and analysts have found something surprising \u2013 more users are choosing to be tracked now than this time last year \u2014 <a href=\"https:\/\/9to5mac.com\/2022\/04\/14\/number-of-users-opting-in-to-app-tracking-on-ios-grows-significantly-since-last-year\/\">9to5mac.com\/\u2026<\/a><\/li>\n<li>Tim cook continued Apple&#8217;s fight against regulations to force side-loading on iOS at a speech to the annual International Association of Privacy Professionals (IAPP) conference \u2014 <a href=\"https:\/\/arstechnica.com\/?p=1847519\">Tim Cook delivers speech railing against \u201cdata industrial complex,\u201d sideloading \u2014 arstechnica.com<\/a>\n<ul>\n<li>&#x1f3a6; <a href=\"https:\/\/youtu.be\/Dq0fcmmzfog?t=853\">LIVE IAPP Summit 2022 General Session with Tim Cook, Zahra Mosawi, Didier Reynders, and Trevor Hughes &#8211; YouTube \u2014 youtu.be\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>&#x1f1ea;&#x1f1fa; It&#8217;s recently come to light that the Pegasus spyware was deployed against EU officials last year, but we don&#8217;t know by whom \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/eu-officials-targeted-by-state-sponsored-attackers-using-pegasus-spyware\/\">www.macobserver.com\/\u2026<\/a><\/p>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/mail-apple-watch-no-longer-leaks-ip-addresses-privacy-features-enabled\">Mail on Apple Watch no longer leaks IP addresses with privacy features enabled \u2014 www.imore.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive(s)<\/h2>\n<h2>&#x2757; Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>&#x2757; <a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/04\/16\/yet-another-chrome-zero-day-emergency-update-patch-now\/\">Yet another Chrome zero-day emergency update \u2013 patch now! \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Patch Tuesday has been and gone, and included patches to some bugs being actively exploited in the wild \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2022\/04\/microsoft-patch-tuesday-april-2022-edition\/\">Microsoft Patch Tuesday, April 2022 Edition \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/04\/05\/googles-monthly-android-updates-patch-numerous-get-root-holes\/\">Google\u2019s monthly Android updates patch numerous \u201cget root\u201d holes \u2014 nakedsecurity.sophos.com\/\u2026<\/a><\/li>\n<li>Apple have released security updates for macOS Big Sur, addressing the issues they patched in Monterey a few weeks ago. Still no update for Catalina (the security community have been very critical about Apple&#8217;s heal-dragging on these patches) \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/macos-big-sur-update-fixes-security-vulnerabilities\/\">www.macobserver.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.intego.com\/mac-security-blog\/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina\/\">www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.imore.com\/cash-app-experiences-security-breach-affecting-over-8-million-users\">The Cash app has experienced a security breach \u2014 www.imore.com\/\u2026<\/a> (>8M users affected, includes names, account numbers, account values, holdings &amp; trading activities)<\/li>\n<li>Brian Krebs warns of a new tactic being used by Crypto-scammers \u2013 well-polished YouTube presentations with genuine crypto celebrities presented as a live stream with links to the scam overlaid as lower-thirds to make it look like the celebrities are endorsing the scams \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2022\/04\/double-your-crypto-scams-share-crypto-scam-host\/\">krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/nakedsecurity.sophos.com\/2022\/04\/11\/openssh-goes-post-quantum-switches-to-qubit-busting-crypto-by-default\/\">OpenSSH goes Post-Quantum, switches to qubit-busting crypto by default \u2014 nakedsecurity.sophos.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> &#x1f3a7; A podcast episode from last summer that explains the quantum computing landscape very well, including describing what quantum computers will and won&#8217;t be able to do, and where the hardware is now: <a href=\"https:\/\/overcast.fm\/+S_7ktareM\">Sean Carroll&#8217;s Mindscape Podcast Episode 153: John Preskill on Quantum Computers and What They\u2019re Good For \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.imore.com\/duckduckgo-browser-now-mac-beta\">DuckDuckGo browser now on Mac in beta \u2014 www.imore.com\/\u2026<\/a> (This is a closed beta, you can only apply to join at wait-list ATM)<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-manage-and-use-your-apple-id-the-complete-guide\/\">How to Manage and Use Your Apple ID &#8211; The Complete Guide \u2014 www.intego.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>&#x1f1fa;&#x1f1f8; An excellent deep-dive into the motivations driving various companies in their lobbying attempts against regulators: <a href=\"https:\/\/www.wired.com\/story\/american-innovation-choice-online-act-antitrust-google-amazon\/\">The Senate Bill That Has Big Tech Scared \u2014 www.wired.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything up-beat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From the Community:<\/strong> <a href=\"https:\/\/www.imore.com\/your-mac-has-hidden-internet-speed-test-tool\">Your Mac has a hidden internet speed test tool \u2014 www.imore.com\/\u2026<\/a> (@oetgrunnen on Twitter, AKA Joop)<\/li>\n<li><strong>From Allison:<\/strong> A literal <em>camera obscura<\/em> \u2014 <a href=\"https:\/\/twitter.com\/coeluh\/status\/1512318366182219778?s=12&#038;t=ueMZoEzJhzdGvjW9jwUn8g\">twitter.com\/\u2026<\/a><\/li>\n<li><strong>From Bart:<\/strong> <a href=\"https:\/\/overcast.fm\/+NXq5b_CJ0\">PhotoActive Episode 115: iPhone Camera Tips &amp; Tricks \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">&#x1f3a7;<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x2757;<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4ca;<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f9ef;<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> &#x1f642;<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4b5;<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f4cc;<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">&#x1f3a9;<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. &#x1f1f7;&#x1f1fa; &#x1f1fa;&#x1f1e6; Russia&#8217;s Invasion of Ukraine continues to affect IT: &#x1f1f7;&#x1f1fa; Twitter have made two policy changes: (www.imore.com\/\u2026) In line with international law, government accounts won&#8217;t be allowed to post images of POWs Twitter&#8217;s [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":19030,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[],"class_list":["post-25805","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2019\/08\/security_bits_logo_400px_no_alpha.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25805","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=25805"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25805\/revisions"}],"predecessor-version":[{"id":25806,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/25805\/revisions\/25806"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/19030"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=25805"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=25805"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=25805"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}