{"id":32143,"date":"2024-10-27T13:20:55","date_gmt":"2024-10-27T20:20:55","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=32143"},"modified":"2024-10-27T13:20:55","modified_gmt":"2024-10-27T20:20:55","slug":"sb-2024-10-27","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/10\/sb-2024-10-27\/","title":{"rendered":"Security Bits \u2014 27 October 2024"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>An example of a very advanced and powerful honeypot: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/microsoft-creates-fake-azure-tenants-to-pull-phishers-into-honeypots\/\">Microsoft creates fake Azure tenants to pull phishers into honeypots \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>Apple have followed through on their promise to allow cybersecurity researchers to test the security of the <em>Private Cloud Compute<\/em> platform driving the parts of the Apple Intelligence that run off-device \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/24\/10\/24\/apple-offers-private-cloud-compute-up-for-a-security-probe\">appleinsider.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/apple\/apple-creates-private-cloud-compute-vm-to-let-researchers-find-bugs\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/severe-flaws-in-e2ee-cloud-storage-platforms-used-by-millions\/\">Severe flaws in E2EE cloud storage platforms used by millions \u2014 www.bleepingcomputer.com\/\u2026<\/a> (E2EE == <em>End to End Encryption<\/em>)\n<ul>\n<li>Sync, pCloud, Icedrive, Seafile &amp; Tresorit<\/li>\n<li>Responses by the companies varied widely<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddea\ud83c\uddfa <a href=\"https:\/\/www.bleepingcomputer.com\/news\/legal\/ireland-fines-linkedin-310-million-over-targeted-advertising\/\">Ireland fines LinkedIn \u20ac310 million over targeted advertising \u2014 www.bleepingcomputer.com\/\u2026<\/a> (5 GDPR breaches, and LinkedIn said they will make changes to comply with this ruling)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-fido-proposal-lets-you-securely-move-passkeys-across-platforms\/\">New FIDO proposal lets you securely move passkeys across platforms \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/amazon-says-175-million-customer-now-use-passkeys-to-log-in\/\">Amazon says 175 million customers now use passkeys to log in \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/whatsapp-now-encrypts-contact-databases-for-privacy-preserving-synching\/\">WhatsApp now encrypts contact databases for privacy-preserving synching \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cisa-proposes-new-security-requirements-to-protect-govt-personal-data\/\">CISA proposes new security requirements to protect govt, personal data \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>> <em>&#8220;The requirements are aimed at entities that engage in restricted transactions that involve bulk U.S. sensitive personal data or U.S. government-related data&#8221;<\/em><\/li>\n<li>Similar to <a href=\"https:\/\/www.europarl.europa.eu\/thinktank\/en\/document\/EPRS_BRI(2021)689333\">NIS2 (Network and Information Security Directive)<\/a> coming into force in Europe<\/li>\n<li><strong>Editorial by Bart:<\/strong> interesting\/terrifying how basic the requirements really are, boils down to, <em>&#8216;Do the basics, and do them right!&#8217;<\/em><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/24\/10\/17\/ftc-click-to-cancel-rule-makes-canceling-subscriptions-as-easy-as-starting-them\">FTC &#8216;Click to Cancel&#8217; rule makes canceling subscriptions as easy as starting them \u2014 appleinsider.com\/\u2026<\/a>\n<ul>\n<li>In other news: <a href=\"https:\/\/arstechnica.com\/tech-policy\/2024\/10\/cable-companies-ask-5th-circuit-to-block-ftcs-click-to-cancel-rule\/\">Cable companies ask 5th Circuit to block FTC\u2019s click-to-cancel rule &#8211; Ars Technica<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/understand-these-seven-password-attacks-and-how-to-stop-them\/\">Understand these seven password attacks and how to stop them \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/10\/acronym-overdose-navigating-complex.html?m=1\">Acronym Overdose \u2013 Navigating the Complex Data Security Landscape \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>\ud83c\uddfa\ud83c\uddf8 A disturbing expos\u00e9 by a number of security and privacy reporters illustrating just how badly the US is in need of some federal privacy regulation:\n<ul>\n<li><a href=\"https:\/\/krebsonsecurity.com\/2024\/10\/the-global-surveillance-free-for-all-in-mobile-ad-data\/\">The Global Surveillance Free-for-All in Mobile Ad Data \u2014 krebsonsecurity.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/tidbits.com\/2024\/10\/23\/expose-reveals-ongoing-smartphone-location-tracking-threats\/\">Expos\u00e9 Reveals Ongoing Smartphone Location Tracking Threats \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> \ud83c\udfa6 Cabel Sasser (<a href=\"https:\/\/panic.com\">from Panic<\/a>)&#8217;s XOXO Talk \u2014 <a href=\"https:\/\/youtube.com\/watch?v=Df_K7pIsfvg\">www.youtube.com\/\u2026<\/a> (not about tech, too good an ending to spoil by saying anymore, just trust me \ud83d\ude42)<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. An example of a very advanced and powerful honeypot: Microsoft creates fake Azure tenants to pull phishers into honeypots \u2014 www.bleepingcomputer.com\/\u2026 Apple have followed through on their promise to allow cybersecurity researchers to test [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[50,569],"class_list":["post-32143","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-security","tag-security-bits"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32143","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=32143"}],"version-history":[{"count":3,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32143\/revisions"}],"predecessor-version":[{"id":32146,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32143\/revisions\/32146"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=32143"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=32143"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=32143"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}