{"id":31770,"date":"2024-08-25T03:41:27","date_gmt":"2024-08-25T10:41:27","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=31770"},"modified":"2024-09-15T15:09:50","modified_gmt":"2024-09-15T22:09:50","slug":"security-bits-25-august-2024","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/08\/security-bits-25-august-2024\/","title":{"rendered":"Security Bits \u2014 25 August 2024"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>For those interested in even more technical details: <a href=\"https:\/\/thehackernews.com\/2024\/08\/crowdstrike-reveals-root-cause-of.html?m=1\">CrowdStrike Reveals Root Cause of Global System Outages \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>Steve Gibson has released a free tool to check your PC&#8217;s Secure Boot setup by verifying the feature is enabled, and, that your computer is not using a platform key marked with <em>DO NOT TRUST<\/em>\/<em>DO NOT SHIP<\/em> as discussed last time (the <em>PKfail<\/em> vulnerability) \u2014 <a href=\"https:\/\/www.grc.com\/isbootsecure.htm\">www.grc.com\/\u2026<\/a> <\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Patch Tuesday has been and gone, and Microsoft patched 9 zero-days, including 6 being actively exploited \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Microsoft did not fix all known issues: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/windows-update-downgrade-attack-unpatches-fully-updated-systems\/\">Windows Update downgrade attack &#8220;unpatches&#8221; fully-updated systems \u2014 www.bleepingcomputer.com\/\u2026<\/a> (does not seem to be an immediate risk to home users ATM)<\/li>\n<li>If you dual-boot Windows with Linux and use a version of GRUB with a known vulnerability your Linux distro may fail to boot, but there is a workaround \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-confirms-august-updates-break-linux-boot-in-dual-boot-systems\/\">www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-shares-temp-fix-for-linux-boot-issues-on-dual-boot-systems\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks\/\">Google fixes Android kernel zero-day exploited in targeted attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a> (just one of 46 vulnerabilities fixed in the latest scheduled security update)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-tenth-actively-exploited-chrome-zero-day-in-2024\/\">Google fixes ninth Chrome zero-day tagged as exploited this year \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Users of other Chromium browsers should expect fixes any moment now)<\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/08\/researchers-uncover-10-flaws-in-googles.html\">Researchers Uncover 10 Flaws in Google&#8217;s File Transfer Tool Quick Share \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/24\/08\/08\/a-critical-security-issue-in-1password-for-mac-left-credentials-vulnerable-to-attack\">A critical security issue in 1Password for Mac left credentials vulnerable to attack \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li>Apple have a patch to their recent patch: <a href=\"https:\/\/tidbits.com\/2024\/08\/08\/macos-14-6-1-macos-13-6-9-ios-17-6-1-and-ipados-17-6-1-fix-advanced-data-protection\/\">macOS 14.6.1, macOS 13.6.9, iOS 17.6.1, and iPadOS 17.6.1 Fix Advanced Data Protection \u2014 tidbits.com\/\u2026<\/a> (Fixes bug, when changing advanced protection features)<\/li>\n<li>If you run your own WordPress site, beware of two critical security updates for commonly used plugins:\n<ul>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/08\/givewp-wordpress-plugin-vulnerability.html?m=1\">GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk \u2014 thehackernews.com\/\u2026<\/a> (a perfect 10\/10 on the CVS scale!)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/litespeed-cache-bug-exposes-millions-of-wordpress-sites-to-takeover-attacks\/\">Litespeed Cache bug exposes millions of WordPress sites to takeover attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>If your family or small business has an Office365 account, beware that you&#8217;ll need to enable MFA on your admin accounts by October 15th or you&#8217;ll be locked out of your control panels! \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Attackers are starting to abuse <em>Progressive Web Apps<\/em> in malware campaigns targeting iOS &amp; Android \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Will do a deep-dive on this next time (when Allison is back)<\/li>\n<li>For now \u2014 never ever ever do anything an ad tells you to do! (If you your bank needs your attention they&#8217;re not going to try get it by taking out an ad!)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 \ud83c\uddec\ud83c\udde7 \ud83c\udde8\ud83c\udde6 2.7Bn name &amp; address records, many with social security numbers, apparently stolen from background check company <em>National Public Database<\/em> affecting probably everyone in the US, UK &amp; Canada have been leaked online \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/hackers-leak-27-billion-data-records-with-social-security-numbers\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Not sufficient for identity theft on their own, but combined with all the other previous leaked data out there, everyone in those countries is now probably vulnerable<\/li>\n<li>Consensus advice for US citizens seems to be to keep your credit record frozen by default, and only thaw it out for a limited time when you actually need to apply for credit (<a href=\"https:\/\/www.intego.com\/mac-security-blog\/massive-data-leak-2-7-billion-records-of-u-s-canada-uk-residents-including-social-security-numbers\/\">www.intego.com\/\u2026<\/a> &amp; <a href=\"https:\/\/appleinsider.com\/inside\/iphone\/tips\/what-you-can-do-about-the-massive-data-breach-that-probably-exposed-all-of-your-personal-info\">appleinsider.com\/\u2026<\/a>)<\/li>\n<li>Troy Hunt&#8217;s insights: <a href=\"https:\/\/www.troyhunt.com\/inside-the-3-billion-people-national-public-data-breach\/\">Inside the &#8220;3 Billion People&#8221; National Public Data Breach \u2014 www.troyhunt.com\/\u2026<\/a><\/li>\n<li>If you&#8217;re wondering how this could happen, this anecdote gives a pretty good idea of little of fig this company gave about cybersecurity: <a href=\"https:\/\/krebsonsecurity.com\/2024\/08\/national-public-data-published-its-own-passwords\/\">National Public Data Published Its Own Passwords \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Security researchers have found that many browsers wrongly treat the illegal IP address <code>0.0.0.0<\/code> as if it were <code>127.0.0.1<\/code> (the loop back address), but <strong>without<\/strong> enabling the security protections needed for local connections \u2014 https:\/\/www.bleepingcomputer.com\/news\/security\/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks\/\n<ul>\n<li>Given the media-friendly name <em>0.0.0.0 Day<\/em><\/li>\n<li>Of most importance to the kinds of advanced users that run local servers, perhaps without passwords since they are supposedly just local<\/li>\n<li>Browsers will be patching this<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/24\/08\/05\/judge-rules-that-google-is-a-search-and-advertising-monopoly\">Judge rules Google is a search and advertising monopoly \u2014 appleinsider.com\/\u2026<\/a> (US DOJ case)\n<ul>\n<li>Could have positive privacy outcomes, eventually<\/li>\n<li>This first ruling only finds that Google has a monopoly, remedies are the next phase<\/li>\n<li>Google will appeal this finding, and arguments over remedies will take many many months<\/li>\n<li>A detailed analysis of possible remedies: <a href=\"https:\/\/arstechnica.com\/?p=2041575\">All the possible ways to destroy Google\u2019s monopoly in search \u2014 arstechnica.com<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google have outlined the privacy protections they plan to build into their Gemini AI on Android \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/google\/google-says-its-focusing-on-privacy-with-gemini-ai-on-android\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Less technical detail than we have from Apple, so initial impressions are wooly (a white paper with more details is promised <em>&#8216;soon&#8217;<\/em>)<\/li>\n<li>Appears OK, but not as good as Apple Intelligence<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 Unsurprisingly, America&#8217;s adversaries are using technology to attack the up-coming election:\n<ul>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/08\/openai-blocks-iranian-influence.html\">OpenAI Blocks Iranian Influence Operation Using ChatGPT for U.S. Election Propaganda \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/azure-domains-and-google-abused-to-spread-disinformation-and-malware\/\">Azure domains and Google abused to spread disinformation and malware \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/08\/meta-exposes-iranian-hacker-group.html\">Meta Exposes Iranian Hacker Group Targeting Global Political Figures on WhatsApp \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/us-warns-of-iranian-hackers-escalating-influence-operations\/\">US warns of Iranian hackers escalating influence operations \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Additionally, X has its own additional problems:\n<ul>\n<li>Beware of a new malicious technique on X \u2013 fake content warnings \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/fake-x-content-warnings-on-ukraine-war-earthquakes-used-as-clickbait\/\">www.bleepingcomputer.com\/\u2026<\/a> (<strong>Bart&#8217;s Advice<\/strong> if you insist on using X, behave as if you&#8217;re in the digital equivalent of a post-apocalyptic hell-scape, because you are, so click on <strong>nothing<\/strong>)<\/li>\n<li>\ud83c\uddea\ud83c\uddfa The European pro-privacy campaign group NYOB (<em>None Of Your Business<\/em>) has filed 9 GDPR complaints against X, aledging the company illegally used EU users data to train their Grok AI bot without the legally required informed consent \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/artificial-intelligence\/x-faces-gdpr-complaints-for-unauthorized-use-of-data-for-ai-training\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddeb\ud83c\uddf7 <strong>Breaking News:<\/strong> <a href=\"https:\/\/thehackernews.com\/2024\/08\/telegram-founder-pavel-durov-arrested.html?m=1\">Telegram Founder Pavel Durov Arrested in France for Content Moderation Failures \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<li>Something to bear in mind when making risk decisions while travelling: <a href=\"https:\/\/thehackernews.com\/2024\/08\/hardware-backdoor-discovered-in-rfid.html?m=1\">Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide \u2014 thehackernews.com\/\u2026<\/a> (In my experience MIFARE cards usually have the brand name on the back in teeny tiny writting)<\/li>\n<li>The post-quantum future comes a little closer: \ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/nist-releases-first-encryption-tools-to-resist-quantum-computing\/\">NIST releases first encryption tools to resist quantum computing \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.intego.com\/mac-security-blog\/how-to-avoid-getting-hacked-after-data-breaches\/\">What to do after a data breach\u2014and how to avoid getting hacked\u2014in 9 easy steps \u2014 www.intego.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/24\/08\/08\/how-to-use-built-in-network-security-features-for-apple-devices\">How to use built-in network security features for Mac, iPhone, and iPad \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. For those interested in even more technical details: CrowdStrike Reveals Root Cause of Global System Outages \u2014 thehackernews.com\/\u2026 Steve Gibson has released a free tool to check your PC&#8217;s Secure Boot setup by verifying [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5548,114],"class_list":["post-31770","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-cybersecurity","tag-privacy"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31770","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=31770"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31770\/revisions"}],"predecessor-version":[{"id":31771,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/31770\/revisions\/31771"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=31770"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=31770"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=31770"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}