{"id":32205,"date":"2024-11-10T14:07:28","date_gmt":"2024-11-10T22:07:28","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=32205"},"modified":"2024-11-10T14:07:28","modified_gmt":"2024-11-10T22:07:28","slug":"sb-2024-11-10","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2024\/11\/sb-2024-11-10\/","title":{"rendered":"Security Bits \u2014 10 November 2024"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>\ud83c\udde6\ud83c\uddfa Apple is testing an enhancement to its child protection features in Australia \u2013 when Apple&#8217;s existing opt-in nudity detection AI feature flags an image as potentially problematic, a new option appears to allow the child to report the image to Apple for review before passing it on to local law enforcement if appropriate \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/24\/10\/24\/new-feature-allows-children-to-report-inappropriate-content-directly-to-apple\">appleinsider.com\/\u2026<\/a><\/li>\n<li>\ud83c\udde8\ud83c\udde6 Canada joins the attack on TikTok, ordering their Canadian subsidiary to shut down on national security grounds \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/canada-orders-tiktok-to-shut-down-over-national-risk-concerns\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Remember, Apple&#8217;s point updates are not just about new features!: <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/31390\">Apple Updates Everything \u2014 isc.sans.edu\/\u2026<\/a>\n<ul>\n<li><strong>Related:<\/strong> <a href=\"https:\/\/tidbits.com\/2024\/11\/09\/with-ios-18-apple-makes-locked-iphones-harder-to-crack\/\">With iOS 18, Apple Makes Locked iPhones Harder to Crack \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>Google&#8217;s November Android patches: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-two-android-zero-days-used-in-targeted-attacks\/\">Google fixes two Android zero-days used in targeted attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Patch if you can \ud83d\ude15)<\/li>\n<li>Two of the most popular NAS vendors rush out critical security updates after their devices are exploited at the recent Pwn2Own competition in Dublin Ireland:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-fixes-nas-backup-software-zero-day-exploited-at-pwn2own\/\">QNAP fixes NAS backup software zero-day exploited at Pwn2Own \u2014 www.bleepingcomputer.com\/\u2026<\/a> &amp; <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qnap-patches-second-zero-day-exploited-at-pwn2own-to-get-root\/\">QNAP patches second zero-day exploited at Pwn2Own to get root \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/synology-fixed-two-critical-zero-days-exploited-at-pwn2own-within-days\/\">Synology hurries out patches for zero-days exploited at Pwn2Own \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices\/\">D-Link won\u2019t fix critical flaw affecting 60,000 older NAS devices \u2014 www.bleepingcomputer.com\/\u2026<\/a> (If you own one of the affected DNS-320 variants, time to bin it and buy a new NAS.)\n<ul>\n<li><a href=\"https:\/\/www.tomshardware.com\/tech-industry\/cyber-security\/d-link-refuses-to-patch-a-security-flaw-on-over-60-000-nas-devices-the-company-instead-recommends-replacing-legacy-nas-with-newer-models\">Tom&#8217;s Hardware has a quote from D-Link pointing out that these devices are 4 years out of support.<\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong>Related:<\/strong> Windows 10 home users will be able to buy an extra year of security updates (branded ESU for <em>Extended Security Updates<\/em>) for $30 when Windows 10 goes out of support on October 14th, 2025 \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-wants-30-if-you-want-to-delay-windows-11-switch\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>LastPass are warning of yet another way scammers are trying to trick their users into compromising all their passwords by putting fake customer support numbers in app store reviews (the one for Google Chrome extensions in this case) \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lastpass-warns-of-fake-support-centers-trying-to-steal-customer-data\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>There is a lesson here for all of us \u2014 not all the information on an app&#8217;s page in an app store is from the developer, reviews are user-generated content, so are absolutely not trustworthy! Check the context of any kind of contact information before believing it!<\/li>\n<\/ul>\n<\/li>\n<li>Attackers have found a way to exploit DocuSign&#8217;s APIs to send very convincing fake invoice phishing emails \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>An example of the ever more popular <em>Living off the Cloud<\/em> technique of abusing trusted domains for illicit ends<\/li>\n<li>This was a <strong>big<\/strong> campaign, saw quite a few examples in the wild!<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddec\ud83c\udde7 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/scammers-target-uk-senior-citizens-with-winter-fuel-payment-texts\/\">Scammers target UK senior citizens with Winter Fuel Payment texts \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Cybercriminals are deploying new tactics you should be aware of: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/android-malware-fakecall-now-reroutes-bank-calls-to-attackers\/\">Android malware &#8220;FakeCall&#8221; now reroutes bank calls to attackers \u2014 www.bleepingcomputer.com\/\u2026<\/a> (those are <strong>outgoing calls<\/strong> initiated by the user!)<\/li>\n<li>Major Software-as-a-Service (SaaS) vendors continue to nudge the world towards universal Multi-Factor Authentication:\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-entra-security-defaults-to-make-mfa-setup-mandatory\/\">Microsoft Entra &#8220;security defaults&#8221; to make MFA setup mandatory \u2014 www.bleepingcomputer.com\/\u2026<\/a> (most likely to positively impact small mom-and-pop businesses who use Office365 for a handful of users and don&#8217;t have a dedicated IT person)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025\/\">Google Cloud to make MFA mandatory by the end of 2025 \u2014 www.bleepingcomputer.com\/\u2026<\/a> (will make us all a little safer by making it more difficult for the baddies to hijack the admin accounts that manage the Google Platform as a Service (PaaS) infrastructure powering many of the apps and services we all use every day \u2014 this affects Google&#8217;s alternative to Amazon Web Services AKA AWS, and Microsoft Azure, both of which are already further down the same path)<\/li>\n<\/ul>\n<\/li>\n<li>The dark and light sides of AI in the cybersecurity space:\n<ul>\n<li>We knew this was coming, and it will only get better: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams\/\">ChatGPT-4o can be used for autonomous voice-based scams \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<blockquote><p>\n  <em>Researchers have shown that it&#8217;s possible to abuse OpenAI&#8217;s real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams with low to moderate success rates.<\/em>\n<\/p><\/blockquote>\n<ul>\n<li><a href=\"https:\/\/thehackernews.com\/2024\/11\/googles-ai-tool-big-sleep-finds-zero.html?m=1\">Google&#8217;s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine \u2014 thehackernews.com\/\u2026<\/a><br \/>\n<blockquote><p>\n  <em>&#8220;We believe this is the first public example of an AI agent finding a previously unknown exploitable memory-safety issue in widely used real-world software&#8221;<\/em> \u2014 the Google team\n<\/p><\/blockquote>\n<\/li>\n<\/ul>\n<\/li>\n<li>Android users are confused and cranky as Google injects a tracking domain into all links shared from their popular Google app for Android \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/googles-mysterious-searchapp-links-leave-android-users-concerned\/\">www.bleepingcomputer.com\/\u2026<\/a> (similar to how X\/Twitter adds their <code>t.co<\/code> tracking domain to all links on that platform)<\/p>\n<\/li>\n<li>\ud83c\uddf0\ud83c\uddf7 <a href=\"https:\/\/thehackernews.com\/2024\/11\/south-korea-fines-meta-1567m-for.html\">South Korea Fines Meta $15.67M for Illegally Sharing Sensitive User Data with Advertiser s\u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Top Tips<\/h2>\n<aside class=\"small-aside\">Tip, tricks, or advice that is likely to be useful to the NosillaCast audience or the family members and friends whose IT they support.<\/aside>\n<ul>\n<li>If the expos\u00e9 on the US location tracking industry linked last time left you concerned, Adam Engst has some practical advice for you: <a href=\"https:\/\/tidbits.com\/2024\/10\/27\/protect-yourself-against-location-tracking-abuses\/\">Protect Yourself Against Location Tracking Abuses \u2014 tidbits.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li><a href=\"https:\/\/appleinsider.com\/inside\/iphone\/tips\/why-free-vpns-arent-always-safe-to-use\">Why free VPNs aren&#8217;t always safe to use \u2014 appleinsider.com\/\u2026<\/a> (or, as I would put it <em>&#8220;follow the money&#8221;<\/em> \ud83d\ude42)<\/li>\n<li>\ud83c\udfa7 An excellent explanation of the economics data breaches: <a href=\"https:\/\/overcast.fm\/+AAYsPRDQp-k\">Planet Money: So your data was stolen in a data breach \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Allison:<\/strong> \ud83c\udfa6 <a href=\"https:\/\/youtube.com\/watch?si=AqMuhUVadsGKOvOS&#038;v=86ZCsUfgLRQ\">Euclid\u2019s 208-Gigapixel glimpse into the Universe &#8211; YouTube \u2014 youtube.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. \ud83c\udde6\ud83c\uddfa Apple is testing an enhancement to its child protection features in Australia \u2013 when Apple&#8217;s existing opt-in nudity detection AI feature flags an image as potentially problematic, a new option appears to allow [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[1527,50,569,1968],"class_list":["post-32205","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-d-link","tag-security","tag-security-bits","tag-zero-day"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32205","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=32205"}],"version-history":[{"count":7,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32205\/revisions"}],"predecessor-version":[{"id":32213,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/32205\/revisions\/32213"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=32205"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=32205"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=32205"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}