{"id":31075,"date":"2024-05-26T12:44:56","date_gmt":"2024-05-26T19:44:56","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=31075"},"modified":"2024-05-26T12:44:56","modified_gmt":"2024-05-26T19:44:56","slug":"sb-2024-05-26","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/05\/sb-2024-05-26\/","title":{"rendered":"Security Bits \u2014 2024 May 26"},"content":{"rendered":"<h1>Feedback &amp; Followups<\/h1>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Attackers are continuing to compromise Google ads, and they&#8217;re now targeting apps in the news as well as developer &amp; sysadmin tools:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/arc-browsers-windows-launch-targeted-by-google-ads-malvertising\/\">Arc browser\u2019s Windows launch targeted by Google ads malvertising \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/ransomware-gang-targets-windows-admins-via-putty-winscp-malvertising\/\">Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising \u2014 www.bleepingcomputer.com\/\u2026<\/a> (lots of searches ATM due to recent patches)<\/li>\n<\/ul>\n<\/li>\n<li>Apple &amp; Google now Both Warn of Abuse with each Other&#8217;s Tags: <a href=\"https:\/\/tidbits.com\/2024\/05\/13\/ios-17-5-adds-cross-platform-location-tracking-alerts\/\">iOS 17.5 Adds Cross-Platform Location Tracking Alerts \u2014 tidbits.com\/\u2026<\/a><\/li>\n<li>Previously announced, now in effect: \ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sec-financial-orgs-have-30-days-to-send-data-breach-notifications\/\">SEC: Financial orgs have 30 days to send data breach notifications \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Deep Dive 1 \u2014 \ud83e\uddef Apple is Not Secretly Storing Deleted Photos in iCloud<\/h1>\n<p><em>*<strong>TL;DR<\/strong> \u2014 Apple have confirmed that this was only a database corruption issue confined to the original user\u2019s devices, but that it could be passed from an old device to a new device via an encrypted iCloud backup. Neither Apple nor anyone else ever saw the partially deleted photos.<\/em><\/p>\n<p>Shortly after Apple released the iOS 17.5 update social media and tech news sites exploded with reports of some users finding long deleted photos reappearing, zombie-like in their photos library.<\/p>\n<p>The less reputable news sites added a frightening extra claim that this included photos re-appearing on devices that had been wiped and sold. They went on to speculate that this must mean Apple secretly stores deleted photos in iCloud. <strong>This was not true!<\/strong><\/p>\n<p>All this <em>Sturm-und-Drang<\/em> (<a href=\"https:\/\/www.merriam-webster.com\/dictionary\/Sturm%20und%20Drang\">definition<\/a>) about wiped devices was based on one unverified claim by one user on Reddit that was deleted by the original poster. It smelled wrong to me from the start because when understand how iOS device encryption works, you know that\u2019s not possible.<\/p>\n<p>What really happens is way more boring. Your iCloud Photo Library is both a folder of image files and a database with metadata about those image files. There is not a one-to-one mapping of image files to photos, there can be cached versions at different resolutions. When you delete a photo its metadata is updated to mark it as deleted on a given date, and 30 days later it\u2019s supposed to actually be deleted by removing the original file as well as any cached versions at different resolutions from the folder and removing the entry from the database. Due to a bug in earlier versions of iOS, this final deletion was only partially succeeding, leaving some bits of the photo\u2019s data behind. It\u2019s not clear to me exactly what bit, but based on descriptions I\u2019ve read it seems to be cached alternative resolution files in the folder.<\/p>\n<p>When iOS 17.5 installs it re-scans the photo library, presumably because the structure needs to be upgraded in some way, and it finds the remnants of the incorrectly deleted image and restores it rather than fully deleting it.<\/p>\n<p>In general, it makes sense to try recover invalid data rather than ignore it, so I can see why devs would have coded it this way \u2014 just imagine the headlines if photos started disappearing! But, in this one case, <em>\u2018fail safe\u2019<\/em> is actually not so safe! Those recovered snippets might have been deleted for a really good reason!<\/p>\n<p>Apple have released iOS 17.5.1 to stop this happening, presumably any remnants from incomplete prior deletions will now be deleted instead of restored, but this fix only stops it from happening in future, it doesn\u2019t us-resurrect any old photos already restored!<\/p>\n<p>Apple have clarified that this was a very rare bug, but if you are worried something you really need to be gone is back, scroll back through your library in thumbnail view to give it a once-over.<\/p>\n<p>Apple also clarified that these remnants were stored on device not in the cloud, but did clarify that they would have been included in encrypted iCloud backups, so they could have followed you from one device to another if you upgraded via iCloud backup\/restore.<\/p>\n<p>The key point is that <strong>only devices using your AppleID could ever have had the remnants in unencrypted form<\/strong>.<\/p>\n<p>This is more of an annoyance than a security catastrophe, and it definitely is not in any way shape or form evidence of Apple doing anything nefarious.<\/p>\n<h2>Links<\/h2>\n<ul>\n<li><a href=\"https:\/\/arstechnica.com\/?p=2025622\">iOS and iPadOS 17.5.1 fix a nasty bug that resurfaced old photos \u2014 arstechnica.com<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/apple-wasnt-storing-deleted-ios-photos-in-icloud-after-all\/\">Apple wasn\u2019t storing deleted iOS photos in iCloud after all \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/9to5mac.com\/2024\/05\/23\/apple-deleted-photos-resurfacing-explanation\/\">Apple elaborates on rare iOS 17.5 bug that resurfaced deleted photos \u2014 9to5mac.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Deep Drove 2 \u2014 Apple&#8217;s WiFi-Based Location System is not a Problem for Regular Peeps<\/h1>\n<p>There was also a lot of reporting on some excellent security research from the University of Maryland regarding organisation-level privacy\/security risks from analysis of Apple\u2019s WiFi-based location data API.<\/p>\n<p>For context, since even before the very first iPhone was released there have been databases that map WiFi access point MAC addresses to GPS coordinates so devices with WiFi but not GPS can estimate their location by triangulating to a few base stations. When the iPhone launched Apple used a third-party service called <em>Sky hooks<\/em>, but in the years since both Apple &amp; Google have built up their own database. Note that every WiFi packet must contain a MAC address for the access point it\u2019s to\/from for, and the MAC address must be outside the encrypted portion of the packet. These MAC addresses are broadcast in the open as a core part of the WiFi spec.<\/p>\n<p>Apple and Google both provide an API for their devices to access their WiFi location service, but they work differently. Google\u2019s API does the work in the cloud and returns the estimated location, meaning Google\u2019s servers know where you are, and could be logging that. Apple\u2019s API returns a list of nearby MAC to location mappings and lets the device do the math to estimate its position.<\/p>\n<p>In terms of individual privacy, Apple\u2019s API is better!<\/p>\n<p>But, by returning what is in effect a sliver of the database to the clients Apple slowly share their database, so it can be used for statistical analysis.<\/p>\n<p>Note that there is no way to map a WiFi MAC address to a person, so it\u2019s not that Apple is leaking personal data. The problem is that you can sometimes get unexpectedly valuable data by applying statistics to pools of anonymous data.<\/p>\n<p>A key fact to understanding what can be done with statistics is to know that the first half of a MAC address is assigned to a specific vendor, or,<br \/>\nTo a specific technology or specification. This is how network scanners can tell you that a specific device in your LAN is an HP printer or a Dell PC.<\/p>\n<p>When you combine MAC data with other known facts you can start to infer things. Sometimes those things are just fun facts \u2014 like that a bunch of travel routers that move from expensive New York neighbourhoods to the Hamptons on weekends. But, sometimes the inferences have bigger implications, like when you know the Ukrainian army use Starlink terminals with built-in WiFi access points. Now you can start to infer troop movements in a war!<\/p>\n<p>There is very little risk to single people here, but if you want to remove your router from Apple &amp; Google\u2019s DB, you can do so by appending <code>_nomap<\/code> to the end of your SSID (network name).<\/p>\n<p>There is also a spec that allows mobile access points to use randomly chosen MAC addresses that they change periodically. There is a range of MAC addresses reserved for this, so well-designed mobile hotspots should use these MACs, but many don\u2019t, hence the Hamptons insight. Until late 2023 Starlink terminals also didn\u2019t use this spec, but now they do. Also, note that all modern smartphones use this spec.<\/p>\n<p>Personally, I\u2019m not losing any sleep over this one, but if you feel like it, and can handle the hassle of re-adding all your devices to WiFi, you could add <code>_nomap<\/code> to your SSID.<\/p>\n<h2>Links<\/h2>\n<ul>\n<li>The original reporting from Brian Krebs: <a href=\"https:\/\/krebsonsecurity.com\/2024\/05\/why-your-wi-fi-router-doubles-as-an-apple-airtag\/\">Why Your Wi-Fi Router Doubles as an Apple AirTag \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li>Summary and commentary from Adam Engst \u2014 <a href=\"https:\/\/tidbits.com\/2024\/05\/22\/apples-wi-fi-based-positioning-system-reveals-access-point-locations\/\">tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>\u2757 Action Alerts<\/h1>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Moore Google Chrome Emergency Zero-day Patches than you can keep up with: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-patches-third-exploited-chrome-zero-day-in-a-week\/\">Google fixes third actively exploited Chrome zero-day in a week \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Advice from Bart:<\/strong> since chrome only updates itself on re-start, vital to turn Chrome on-and-off regularly, may set a reminder to fire off first thing in the morning or last thing in the evening)<\/li>\n<li><a href=\"https:\/\/isc.sans.edu\/diary\/rss\/30916\">Apple Patches Everything: macOS, iOS, iPadOS, watchOS, tvOS updated. \u2014 isc.sans.edu\/\u2026<\/a>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones\/\">Apple backports fix for zero-day exploited in attacks to older iPhones \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-fixes-safari-webkit-zero-day-flaw-exploited-at-pwn2own\/\">Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>May Patch Tuesday has been and gone, patch all your Microsoft &amp; Adobe stuff \u2014 <a href=\"https:\/\/krebsonsecurity.com\/2024\/05\/patch-tuesday-may-2024-edition\/\">krebsonsecurity.com\/\u2026<\/a> (Includes patches for 2 actively exploited Windows Zero-days)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers\/\">PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>A Proof of Concept exploit has now been released<\/li>\n<li>Despite repeated attempts to alert D-Link the company has still <strong>not patched<\/strong> the flaw<\/li>\n<li>Owner <strong>need to apply a work-around<\/strong> until D-Link release a patch<\/li>\n<li>\ud83c\udde8\ud83c\udde6 Apparently these routers are very popular in Canada<\/li>\n<li><strong>Editorial by Bart:<\/strong> it&#8217;s because of this kind of attitude that I never buy from D-Link<\/li>\n<\/ul>\n<\/li>\n<li>QNAP NAS owners beware \u2014 an audit has found 15 security vulnerabilities, and only the worst of them have been patched, update as much as you can, and consider taking your QNAP off the internet (maybe use <a href=\"https:\/\/tailscale.com\">TailScale<\/a> for safer remote access) \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit\/\">QNAP QTS zero-day in Share feature gets public RCE exploit \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Make sure your Firefox is patched: <a href=\"https:\/\/thehackernews.com\/2024\/05\/researchers-uncover-flaws-in-python.html\">Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Worthy Warnings<\/h1>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-quick-assist-abused-in-black-basta-ransomware-attacks\/\">Windows Quick Assist abused in Black Basta ransomware attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Notable News<\/h1>\n<ul>\n<li>Following on from Google last time, Apple have shared their most recent numbers on their App Store security protections: <a href=\"https:\/\/www.apple.com\/ie\/newsroom\/2024\/05\/app-store-stopped-over-7-billion-usd-in-potentially-fraudulent-transactions\/\">App Store stopped over $7\u00a0billion in potentially fraudulent transactions in four\u00a0years \u2014 www.apple.com\/\u2026<\/a>\n<ul>\n<li>Apple&#8217;s full App Store Transparency Report \u2014 <a href=\"https:\/\/www.apple.com\/legal\/more-resources\/docs\/2023-App-Store-Transparency-Report.pdf\">www.apple.com\/\u2026 (PDF)<\/a><\/li>\n<li><strong>Analysis:<\/strong> <a href=\"https:\/\/daringfireball.net\/linked\/2024\/05\/20\/2023-app-store-transparency-report\">Apple&#8217;s 2023 App Store Transparency Report \u2014 daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google announced upcoming Android 15 security features at their Code conference:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/android-15-google-play-protect-get-new-anti-malware-and-anti-fraud-features\/\">Android 15, Google Play Protect get new anti-malware and anti-fraud features \u2014 www.bleepingcomputer.com\/\u2026<\/a> (automatic hiding of sensitive data in notifications when screen sharing, hiding of OTPs in notifications, more anti-malware features in the Play Store, and notifications when the cellular connection is unencrypted)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/android-to-add-new-anti-theft-and-data-protection-features\/\">Android to add new anti-theft and data protection features \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Similar to Apple\u2019s lock features but with the added potential coolness of AI-based motion detection automatically sensing a snatch-and-grab theft)<\/li>\n<\/ul>\n<\/li>\n<li>At their Build conference Microsoft announced some important up-coming security changes:\n<ul>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/05\/windows-11-to-deprecate-ntlm-add-ai.html\">Windows 11 to Deprecate NTLM, Add AI-Powered App Controls and Security Defenses \u2014 thehackernews.com\/\u2026<\/a> (NTLM hashes are easy to crack, making it too easy for malware to expand around a network from a small initial breach)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-to-start-killing-off-vbscript-in-second-half-of-2024\/\">Microsoft to start killing off VBScript in second half of 2024 \u2014 www.bleepingcomputer.com\/\u2026<\/a> (rarely used by people, massively abused by malware)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lastpass-is-now-encrypting-urls-in-password-vaults-for-better-security\/\">LastPass is now encrypting URLs in password vaults for better security \u2014 www.bleepingcomputer.com\/\u2026<\/a> (<strong>Editorial by Bart:<\/strong> about time!)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zoom-adds-post-quantum-end-to-end-encryption-to-video-meetings\/\">Zoom adds post-quantum end-to-end encryption to video meetings \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83e\uddefLooks like the new TOS are poorly worded, but fine: <a href=\"https:\/\/tidbits.com\/2024\/05\/20\/slack-ai-privacy-principles-generate-confusion-and-consternation\/\">Slack AI Privacy Principles Generate Confusion and Consternation \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Top Tips<\/h1>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 \ud83c\uddec\ud83c\udde7 \ud83c\udde8\ud83c\udde6 \ud83c\uddef\ud83c\uddf5 \ud83c\uddeb\ud83c\uddee \ud83c\uddea\ud83c\uddea US CISA, in conjunction with international partners in the UK, Canada, Japan, Finland &amp; Estonia, has issued advice to <em>&#8216;civil society&#8217;<\/em> groups (i.e. charities, campaign groups etc.) that are engaged in the kind of controversial work that may bring them to the attention of governments on <em>&#8216;Mitigating Cyber Threats with Limited Resources&#8217;<\/em> \u2014 it&#8217;s actually good advice for any security aware person, family, or small business: <a href=\"https:\/\/www.cisa.gov\/resources-tools\/resources\/mitigating-cyber-threats-limited-resources-guidance-civil-society\">www.cisa.gov\/\u2026<\/a> (<a href=\"https:\/\/www.cisa.gov\/sites\/default\/files\/2024-05\/joint-guide-mitigating-cyber-threats-with-limited-resources-guidance-for-civil-society-508c.pdf\">direct PDF download<\/a>)<\/li>\n<\/ul>\n<h1>Excellent Explainers<\/h1>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>More detail than you probably want on how Apple ensures your data gets deleted when you use the feature to wipe it before passing it on: <a href=\"https:\/\/eclecticlight.co\/2024\/05\/23\/how-secure-is-secure-erase-eacas\/\">How secure is Secure Erase (EACAS) \u2014 eclecticlight.co\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Interesting Insights<\/h1>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsofts-new-windows-11-recall-is-a-privacy-nightmare\/\">Microsoft&#8217;s new Windows 11 Recall is a privacy nightmare \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Just Because it&#8217;s Cool \ud83d\ude0e<\/h1>\n<aside class=\"small-aside\">Stories that are not important, that don&#8217;t require you to do anything, and that you don&#8217;t even have to worry about.<\/aside>\n<ul>\n<li>Nosillacastaway <a href=\"https:\/\/mstdn.social\/@oetgrunnen\">@oetgrunnen@mstdn.social<\/a> shared this fantastic feature from ING bank in the Netherlands that will hopefully be very widely copied: <a href=\"https:\/\/www.ing.nl\/particulier\/english\/fraud-and-safe-banking\/check-the-call\">Expose scammers with Check the Call \u2014 www.ing.nl\/\u2026<\/a><\/li>\n<\/ul>\n<h1>Palate Cleansers<\/h1>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>An excellent opportunity for home users to use enterprise-level products for their features, or, to get valuable experience: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/software\/vmware-makes-workstation-pro-and-fusion-pro-free-for-personal-use\/\">VMware makes Workstation Pro and Fusion Pro free for personal use \u2014 www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/appleinsider.com\/inside\/macos\/tips\/how-to-get-vmware-fusion-pro-13-for-free\">How to get VMWare Fusion Pro 13 for free \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li>\ud83c\udfa7 An excellent telling of the story of the recent SSH back-door that was stopped <strong>just<\/strong> in time: <a href=\"https:\/\/overcast.fm\/+YsPQgWz5g\">Planet Money: The hack that almost broke the internet \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>\ud83c\udfa7 A fascinating true story: <a href=\"https:\/\/overcast.fm\/+QLduR-xUI\">Decoder with Nilay Patel: How the FBI built its own smartphone company to hack the criminal underworld \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h1>Legend<\/h1>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Attackers are continuing to compromise Google ads, and they&#8217;re now targeting apps in the news as well as developer &amp; sysadmin tools: Arc browser\u2019s Windows launch targeted by Google ads malvertising \u2014 www.bleepingcomputer.com\/\u2026 Ransomware [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[46,1359,233,2003,1968],"class_list":["post-31075","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-apple","tag-google","tag-microsoft","tag-vulnerabilities","tag-zero-day"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=31075"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31075\/revisions"}],"predecessor-version":[{"id":31077,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31075\/revisions\/31077"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=31075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=31075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=31075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}