{"id":30815,"date":"2024-04-14T13:58:58","date_gmt":"2024-04-14T20:58:58","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=30815"},"modified":"2024-04-14T13:58:58","modified_gmt":"2024-04-14T20:58:58","slug":"sb-2024-04-14","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/04\/sb-2024-04-14\/","title":{"rendered":"Security Bits \u2014 14 April 2024"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>An excellent writeup detailing the fascinating story of the XZUtils compromise we discussed last time \u2014 <a href=\"https:\/\/arstechnica.com\/security\/2024\/04\/what-we-know-about-the-xz-utils-backdoor-that-almost-infected-the-world\/\">arstechnica.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> Definitely one of the nearest misses we&#8217;ve had in the supply chain for some time, hopefully, it focuses some more eyes on the importance of supporting important open source projects that underpin many systems)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 AT&amp;T have not yet explained how they were breached, but they have now admitted the breach was bigger than they first realised, and have now notified 51M current and past customers \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/att-now-says-data-breach-impacted-51-million-customers\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>The Sunbird iMessage client for Android is back, but while the glaring security bugs may be gone, the fundamental problem m remains \u2013 you need to give the app your Apple ID users and password for it to work \u2014 <a href=\"https:\/\/www.macobserver.com\/news\/sunbird-claims-to-safely-bring-back-imessage-to-android\/?utm_source=macobserver&#038;utm_medium=rss&#038;utm_campaign=rss_everything\">www.macobserver.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> don&#8217;t, just don&#8217;t!)<\/li>\n<li>Supply-chain attacks targeting developed continue \u2013 attackers have been discovered gaming the GitHub search rankings to boost their malicious packages up the rankings \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/malicious-visual-studio-projects-on-github-push-keyzetsu-malware\/\">www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> my advice remains the same, start on the project&#8217;s website, don&#8217;t search on NPM or GitHub or anywhere like that, you can&#8217;t trust the results)<\/li>\n<li>When given a choice, Europeans seem to prefer privacy-focused browsers: <a href=\"https:\/\/arstechnica.com\/tech-policy\/2024\/04\/report-people-are-bailing-on-safari-after-dma-makes-changing-defaults-easier\/\">Report: People are bailing on Safari after DMA makes changing defaults easier \u2014 arstechnica.com\/\u2026<\/a> (Based on reporting and a survey carried out by Reuters)\n<ul>\n<li><a href=\"https:\/\/www.macobserver.com\/ios\/opera-on-ios-sets-an-example-of-how-much-has-dma-affected-the-competition-reports-63-growth\/\">Opera on iOS Sets an Example of How Much Has DMA Affected the Competition, Reports 63% Growth \u2014 www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83e\uddef There is another new variant of the Spectre 2 attack against the Linux kernel, it is more potent than the original Spectre 2 attacks, but it&#8217;s still not relevant to home users, and the major Linux distros used to power the cloud are on it \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-spectre-v2-attack-impacts-linux-systems-on-intel-cpus\/\">www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<\/li>\n<\/ul>\n<h2>Deep Dive(s)<\/h2>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-april-2024-patch-tuesday-fixes-150-security-flaws-67-rces\/\">Microsoft April 2024 Patch Tuesday fixes 150 security flaws, 67 RCEs \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-fixes-two-windows-zero-days-exploited-in-malware-attacks\/\">Microsoft fixes two Windows zero-days exploited in malware attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-one-more-chrome-zero-day-exploited-at-pwn2own\/\">Google fixes one more Chrome zero-day exploited at Pwn2Own \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/p>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-two-pixel-zero-day-flaws-exploited-by-forensics-firms\/\">Google fixes two Pixel zero-day flaws exploited by forensics firms \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Not a general Android problem, specific to the Pixel boot loader &amp; firmware)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/telegram-fixes-windows-app-zero-day-caused-by-file-extension-typo\/\">Telegram fixes Windows app zero-day used to launch Python scripts \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> A good illustration of why <em>deny listing<\/em> is an inherently bad idea in cybersecurity, if you&#8217;re building anything new, always use an <em>allow listing<\/em> approach!)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-90-000-lg-smart-tvs-may-be-exposed-to-remote-attacks\/\">Over 90,000 LG Smart TVs may be exposed to remote attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a> (There is a patch, but automatic updates are not enabled by default)<\/li>\n<li>Another illustrations of why it is not safe to run hardware that&#8217;s no longer under support: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/over-92-000-exposed-d-link-nas-devices-have-a-backdoor-account\/\">Over 92,000 exposed D-Link NAS devices have a backdoor account \u2014 www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/critical-rce-bug-in-92-000-d-link-nas-devices-now-exploited-in-attacks\/\">Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/shopping-platform-pandabuy-data-leak-impacts-13-million-users\/\">Shopping platform PandaBuy data leak impacts 1.3 million users \u2014 www.bleepingcomputer.com\/\u2026<\/a> (The site owners have not reacted, so it appears affected users have not been notified)<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks\/\">FBI warns of massive wave of road toll SMS phishing attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\n<p>Lots of Google-related news:<\/p>\n<ul>\n<li>Google have launched their <em>Find My Device<\/em> network which appears to be as technologically similar to Apple&#8217;s <em>Find My<\/em> network as its name implies, including the strong cryptographically enforced privacy protections, and it implements the new cross-platform anti-stalking protection protocol \u2014 <a href=\"https:\/\/www.cultofmac.com\/852757\/android-find-my-clone-airtag-apple-compatible-trackers\/\">www.cultofmac.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/security.googleblog.com\/2024\/04\/find-my-device-network-security-privacy-protections.html\">How we built the new Find My Device network with user security and privacy in mind \u2014 security.googleblog.com\/\u2026<\/a><\/p>\n<\/li>\n<li>\n<p><a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-now-blocks-spoofed-emails-for-better-phishing-protection\/\">Google now blocks spoofed emails for better phishing protection \u2014 www.bleepingcomputer.com\/\u2026<\/a> (IPs sending more than 5K emails to Gmail per day need to implement the standard email validation protocols \u2014 SPF\/DKIM &amp; DMARC)<\/p>\n<\/li>\n<li>Google followed through on their recent settlement of the &#8216;Incognito Mode&#8217; class action suit in the US, and deleted billions of browsing records collected from Incognito Mode users before it clarified its screens in January this year \u2014 <a href=\"https:\/\/www.theguardian.com\/technology\/2024\/apr\/01\/google-destroying-browsing-data-privacy-lawsuit\">www.theguardian.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/04\/google-chrome-adds-v8-sandbox-new.html\">Google Chrome Adds V8 Sandbox &#8211; A New Defense Against Browser Attacks \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>Google has started testing new technology it hopes to develop into an open standard that will cryptographically tie session cookies to specific devices, stopping one of the most common attacks in use today, session hijacking, in its tracks \u2014 <a href=\"https:\/\/thehackernews.com\/2024\/04\/google-chrome-beta-tests-new-dbsc.html\">thehackernews.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> this is a very elegant solution to a very real problem, so I hope that succeed in getting this adopted as a standard, and, more importantly, adopted by website owners, epically Single-Sign-on providers like Google, Microsoft, Apple, Meta, etc.)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-workspace-rolls-out-multi-admin-approval-feature-for-risky-changes\/\">Google Workspace rolls out multi-admin approval feature for risky changes \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> not enabled by default, but a very clever feature IMO, definitely worth enabling if your family or small business use Google Workspace)<\/li>\n<\/ul>\n<\/li>\n<li>\n<p>Apple have had a program for notifying users it has reason to believe have been targeted by <em>state-level<\/em> attackers for some time, but that&#8217;s now been expanded to include <em>mercenary ransomware<\/em> (stuff like infamous Pegasus from the NSO group), and they&#8217;ve just sent notifications to users in 92 countries \u2014 <a href=\"https:\/\/thehackernews.com\/2024\/04\/apple-expands-spyware-alert-system-to.html\">thehackernews.com\/\u2026<\/a> &amp; <a href=\"https:\/\/techcrunch.com\/2024\/04\/10\/apple-warning-mercenary-spyware-attacks\/\">techcrunch.com\/\u2026<\/a><\/p>\n<\/li>\n<li>A timely reminder that impersonation attacks are going to keep getting better as AI improves: \ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ftc-americans-lost-11-billion-to-impersonation-scams-in-2023\/\">FTC: Americans lost $1.1 billion to impersonation scams in 2023 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/24\/04\/09\/x-launches-passkey-support-for-ios-app-users-worldwide\">X launches passkey support for iOS app users worldwide \u2014 appleinsider.com\/\u2026<\/a> (Tap on your icon in the top-left corner, then expand <em>Settings and Support<\/em>, then navigate to <em>Settings &amp; Privacy<\/em> \u2192 <em>Security and account access<\/em> \u2192 <em>Security<\/em>, and finally toggle the <em>Passkey<\/em> switch)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/duckduckgo-launches-a-premium-privacy-pro-vpn-service\/\">DuckDuckGo launches a premium Privacy Pro VPN service \u2014 www.bleepingcomputer.com\/\u2026<\/a> (\ud83c\uddfa\ud83c\uddf8 US only for now, uses Wireguard, and priced at  $9.99\/month or $99.99\/year)<\/li>\n<li>Monday may be a good day to buy your friendly neighbourhood sysadmin a coffee: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/palo-alto-networks-zero-day-exploited-since-march-to-backdoor-firewalls\/\">Palo Alto Networks zero-day exploited since March to backdoor firewalls \u2014 www.bleepingcomputer.com\/\u2026<\/a> (No patch yet, but there is a workaround. Unlikely home users will be affected, but a very popular network hardware vendor in the corporate world)<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>\ud83c\udfa7 <a href=\"https:\/\/overcast.fm\/+b-m0gEE8I\">Know a Little More: About ChatGPT \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A nice overview of Mac malware for the first quarter of 2024 \u2014  <a href=\"https:\/\/www.intego.com\/mac-security-blog\/the-top-10-mac-and-iphone-malware-of-2024s-first-quarter\/\">www.intego.com\/\u2026<\/a> (for the most part, not pirating software, steering clear of crypto currency, and being careful in the App Store still keeps you safe)<\/li>\n<\/ul>\n<h2>Just Because it&#8217;s Cool \ud83d\ude0e<\/h2>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li>A wonderfully geeky post from The Eclectic Light Company explaining just how macOS decides what app to open when you double-click on a file in the Finder \u2014 <a href=\"https:\/\/eclecticlight.co\/2024\/04\/10\/how-macos-opens-a-file-in-the-correct-app\/\">eclecticlight.co\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>A timely XKCD making a point I make over and over again \u2013 seeing a 99% total solar eclipse is cool, but it&#8217;s absolutely nothing like a total eclipse, if you haven&#8217;t experienced totality, you have no idea what an amazing experience it is! \u2014 <a href=\"https:\/\/xkcd.com\/2914\/\">xkcd.com\/\u2026<\/a><\/li>\n<li><strong>From Allison:<\/strong><br \/>\nxckd on clouds and eclipses: <a href=\"https:\/\/m.xkcd.com\/2915\/\">m.xkcd.com\/&#8230;<\/a><\/li>\n<li>\ud83c\udfa7 A short new weekly podcast I&#8217;ve been enjoying a lot, and now they&#8217;ve tackled a NosillaCast-adjacent topic: <a href=\"https:\/\/overcast.fm\/+-3Qg-4bCE\">The Economics of Everyday Things: 43. Top-Level Domains \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. An excellent writeup detailing the fascinating story of the XZUtils compromise we discussed last time \u2014 arstechnica.com\/\u2026 (Editorial by Bart: Definitely one of the nearest misses we&#8217;ve had in the supply chain for some [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[147,214],"tags":[50,569],"class_list":["post-30815","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30815","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=30815"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30815\/revisions"}],"predecessor-version":[{"id":30818,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/30815\/revisions\/30818"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=30815"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=30815"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=30815"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}