{"id":29900,"date":"2023-11-26T11:18:52","date_gmt":"2023-11-26T19:18:52","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=29900"},"modified":"2023-11-26T14:50:20","modified_gmt":"2023-11-26T22:50:20","slug":"sb-2023-11-26","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2023\/11\/sb-2023-11-26\/","title":{"rendered":"Security Bits \u2014 26 November 2023"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>The recent wave of malicious Google ads targeting software downloads continues, this time it&#8217;s malicious versions of the popular Secure FTP client WinSCP \u2014 <a href=\"https:\/\/thehackernews.com\/2023\/11\/beware-malicious-google-ads-trick.html\">thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws\/\">Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>A timely reminder to keep all WordPress plugins patched (you can enable automatic updates!): <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks\/\">WP <em>Fastest Cache<\/em> plugin bug exposes 600K WordPress sites to attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/welltok-data-breach-exposes-data-of-85-million-us-patients\/\">Welltok data breach exposes data of 8.5 million US patients \u2014 www.bleepingcomputer.com\/\u2026<\/a> (a Software-as-a-Service vendor in the healthcare sector, and the leaked data includes SSNs, insurance details, and health information)<\/li>\n<li>A timely reminder that the holiday seasons now come with a spike in shipping-themed malware &amp; phishing: <a href=\"https:\/\/thehackernews.com\/2023\/11\/alert-new-wailingcrab-malware-loader.html\">Alert: New WailingCrab Malware Loader Spreading via Shipping-Themed Emails \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>A timely reminder that even sophisticated attackers are still successfully attacking targets with malicious USB sticks: <a href=\"https:\/\/thehackernews.com\/2023\/11\/russian-cyber-espionage-group-deploys.html\">Russian Cyber Espionage Group Deploys LitterDrifter USB Worm in Targeted Attacks \u2014 thehackernews.com\/\u2026<\/a> (this campaign is mostly targeting Ukrainian organisations, but the tactic can work against anyone)<\/li>\n<li>A reminder never to install software that offers to install itself that you didn&#8217;t expressly go looking for (and that Macs are not immune from malware, especially trojans): <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/atomic-stealer-malware-strikes-macos-via-fake-browser-updates\/\">Atomic Stealer malware strikes macOS via fake browser updates \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Two timely reminders that Crypto (currency\/NFT etc.) remains a security-hell-scape and that no one should &#8216;invest&#8217; anything into that they can&#8217;t afford to lose:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ethereum-feature-abused-to-steal-60-million-from-99k-victims\/\">Ethereum feature abused to steal $60 million from 99K victims \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2023\/11\/randstorm-exploit-bitcoin-wallets.html\">Randstorm Exploit: Bitcoin Wallets Created b\/w 2011-2015 Vulnerable to Hacking \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Thankfully, Nothing&#8217;s catastrophically insecure iMessage bridge was very short-lived \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/23\/11\/18\/nothing-kills-imessage-bridge-because-it-profoundly-violated-user-privacy-security\">appleinsider.com\/\u2026<\/a> (users had to give the service their actual Apple ID username and password, and Nothing&#8217;s service was not properly encrypted)<\/li>\n<li>Intel have released microcode patches for another CPU vulnerability (dubbed <em>Reptar<\/em>), but for once it&#8217;s not related to speculative execution! However, like the many speculative execution bugs in recent years, the bug is critical for cloud providers, but not a major concern for home users \u2014 <a href=\"https:\/\/thehackernews.com\/2023\/11\/reptar-new-intel-cpu-vulnerability.html\">thehackernews.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-reptar-cpu-flaw-impacts-intel-desktop-and-server-systems\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>A security audit funded by Microsoft found hardware implementation problems with the three most common fingerprint sensors used for Windows Hello \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-hello-auth-bypassed-on-microsoft-dell-lenovo-laptops\/\">www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/thehackernews.com\/2023\/11\/new-flaws-in-fingerprint-sensors-let.html\">thehackernews.com\/\u2026<\/a>\n<ul>\n<li>Used on some Microsoft Surface devices, Dell laptops, and Lenovo ThinkPads!<\/li>\n<li>The attacks are not trivial, so regular users are unlikely to be targeted, but vulnerable users and high-value targets should re-evaluate their use of Windows Hello for now<\/li>\n<li>Researchers have given hardware vendors concrete guidance for better securing future products<\/li>\n<li><strong>Related News:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-launches-defender-bounty-program-with-20-000-rewards\/\">Microsoft launches Defender Bounty Program with $20,000 rewards \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Bugs in AV software are particularly dangerous, so this is good to see)<\/li>\n<\/ul>\n<\/li>\n<li>The <em>ALPHV<\/em> AKA <em>BlackCat<\/em> ransomeware gang have taken extortion up a notch by lodging US SEC complaints against victims who didn&#8217;t pay up and didn&#8217;t report their breach as required by law \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach\/\">www.bleepingcomputer.com\/\u2026<\/a> (This adds a third layer of extortion for companies in industries with mandatory reporting rules in place \u2014 <em>&#8220;pay us or you&#8217;ll never get your stuff back&#8221;<\/em>, <em>&#8220;pay us or we&#8217;ll publish you stuff&#8221;<\/em>, and now <em>&#8220;pay us or we&#8217;ll report you to your regulator&#8221;<\/em>)<\/p>\n<\/li>\n<li>A letter from Senator Wyden obtained by WIRED reveals the existence of a massive, probably illegal, formerly un-known and classified surveillance program named DAS which allows low-level US law enforcement access the phone records of US citizens \u2014 <a href=\"https:\/\/www.wired.com\/story\/hemisphere-das-white-house-surveillance-trillions-us-call-records\/\">www.wired.com\/\u2026<\/a><\/li>\n<li>The US Federal Communications Commission had adopted new rules requiring carriers to enforce stricter verifications before making SIM changes \u2014  <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fcc-adopts-new-rules-to-protect-consumers-from-sim-swapping-attacks\/\">bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/thehackernews.com\/2023\/11\/fcc-enforces-stronger-rules-to-protect.html\">thehackernews.com\/\u2026<\/a> (An attempt to make SIM-swapping &amp; SIM-porting attacks more difficult)<\/li>\n<li>\n<p>Some notable wins by law enforcement:<\/p>\n<ul>\n<li>Police in Malaysia with help from Australian &amp; American law enforcement have dismantled the <em>BulletProofLink<\/em> Phishing-as-a-Service organisation and arrested its operators. The service had been active since 2015 and was offering cutting-edge services like AiTM (Adversary in The Middle) session token stealing to bypass MFA\/2FA \u2014 <a href=\"https:\/\/thehackernews.com\/2023\/11\/major-phishing-as-service-syndicate.html\">thehackernews.com\/\u2026<\/a><\/li>\n<li>The FBI dismantled the <em>IPStorm<\/em> botnet proxy service which sold cybercriminals the ability to route their malicious traffic through compromised domestic IP addresses to make it much harder to detect and block \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ipstorm-botnet-with-23-000-proxies-for-malicious-traffic-dismantled\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Stick a pin in it, 2024 will be the year Google eliminate 3rd-party cookies in Chrome, starting with a very small trial (1% of users) in January \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-shares-plans-for-blocking-third-party-cookies-in-chrome\/\">www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/tidbits.com\/2023\/11\/08\/upcoming-contact-key-verification-feature-promises-secure-identity-verification-for-imessage\/\">Upcoming Contact Key Verification Feature Promises Secure Identity Verification for iMessage \u2014 tidbits.com\/\u2026<\/a> (Another optional extra security feature for at-risk and high-value-target users)<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li>\n<p>A great tip from Bleeping Computer \u2013 since iOS 17 the AI in the Photos app detects laundry labels and lets you look up their meaning \u2014 <a href=\"https:\/\/www.cultofmac.com\/837911\/laundry-car-dashboard-symbols-meaning-iphone\/#google_vignette\">www.cultofmac.com\/\u2026<\/a><\/p>\n<ul>\n<li>I tested it, and it works! \u2014 <a href=\"https:\/\/mstdn.social\/@bbusschots\/111454764201250773\">mstdn.social\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>An interesting two-part episode of the wonderful <a href=\"https:\/\/redcircle.com\/shows\/597cfd00-b29a-49c6-9622-03c8decfc35f\/episodes\/e56ef8a0-1368-4631-8c39-d8aeb48ef116\">Malicious Life<\/a> podcast that tells the story of the infamous NSO group \u2014 <a href=\"https:\/\/overcast.fm\/+BCNCxUxaQ8\">Part 1<\/a> &amp; <a href=\"https:\/\/overcast.fm\/+BCNCzV_AzA\">Part 2<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em><\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. The recent wave of malicious Google ads targeting software downloads continues, this time it&#8217;s malicious versions of the popular Secure FTP client WinSCP \u2014 thehackernews.com\/\u2026 \u2757 Action Alerts Calls to action, if any stories [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2060,50,569],"class_list":["post-29900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-malware","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/29900","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=29900"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/29900\/revisions"}],"predecessor-version":[{"id":29902,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/29900\/revisions\/29902"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=29900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=29900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=29900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}