{"id":33113,"date":"2025-02-16T11:27:29","date_gmt":"2025-02-16T19:27:29","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=33113"},"modified":"2025-02-16T11:27:29","modified_gmt":"2025-02-16T19:27:29","slug":"sb-2025-02-16","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/02\/sb-2025-02-16\/","title":{"rendered":"Security Bits \u2014 16 February 2025"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li><strong>DNS discussion update:<\/strong> as pointed out by Ferrers in the <a href=\"https:\/\/podfeet.com\/slack\">Podfeet Slack<\/a>, Cloudflare&#8217;s free DNS service does offer an equivalent to Quad9&#8217;s malware-blocking DNS service \u2014 <a href=\"https:\/\/one.one.one.one\/family\/\">Details on their website<\/a>\n<ul>\n<li><code>1.1.1.1<\/code> \u2014 unfiltered DNS<\/li>\n<li><code>1.1.1.2<\/code> \u2014 malware-filtered DNS<\/li>\n<li><code>1.1.1.3<\/code> \u2014 family-safe filtered DNS blocks adult content, gambling, etc., as well as malware (used in many schools, certainly here in Ireland)<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <strong>TikTok<\/strong> is back in Apple &amp; Google&#8217;s app stores in the US, despite that still being illegal \u2014 <a href=\"https:\/\/www.theverge.com\/news\/612768\/tiktok-app-store-apple-google-us-ban\">www.theverge.com\/\u2026<\/a>\n<ul>\n<li>The change reportedly came after a letter was sent to both companies by the newly confirmed Attorney General Pam Bondi <\/li>\n<li>TikTok had started to push side-loading as an option for Android users \u2014 <a href=\"https:\/\/daringfireball.net\/linked\/2025\/02\/08\/tiktok-android-sideloading\">daringfireball.net\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\udde8\ud83c\uddf3 The <em>Salt Typhoon<\/em> Chinese state-sponsored hacks of western telecom companies continue: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/chinese-hackers-breach-more-us-telecoms-via-unpatched-cisco-routers\/\">Chinese hackers breach more US telecoms via unpatched Cisco routers \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<h2>Deep Dive(s)<\/h2>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you there is some action you should take.<\/aside>\n<ul>\n<li>Google have released the January <strong>Android security update<\/strong>, and it patches 48 vulnerabilities, including an actively exploited zero-day in the kernel \u2013 patch ASAP (if you can) \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-android-kernel-zero-day-exploited-in-attacks\/\">www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-february-2025-patch-tuesday-fixes-4-zero-days-55-flaws\/\"><strong>Microsoft<\/strong> February 2025 Patch Tuesday fixes 4 zero-days, 55 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>A detailed breakdown \u2014 <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/31674\">isc.sans.edu\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><strong>Apple<\/strong> released iOS 18.3.1, iPadOS 18.3.1, and iPadOS 17.7.5 to patch a zero-day exploited in the wild in <em>\u201can extremely sophisticated attack\u201d<\/em> against carefully chosen targets \u2014 <a href=\"https:\/\/www.intego.com\/mac-security-blog\/ios-18-3-1-and-ipados-18-3-1-patch-second-apple-zero-day-of-2025\/\">www.intego.com\/\u2026<\/a><\/li>\n<li>More obsolete routers for the bin: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/zyxel-wont-patch-newly-exploited-flaws-in-end-of-life-routers\/\"><strong>Zyxel<\/strong> won\u2019t patch newly exploited flaws in end-of-life routers \u2014 www.bleepingcomputer.com\/\u2026<\/a> (CPE series devices)<\/li>\n<li><strong>AMD CPU users<\/strong> might need to install a BIOS update to fix a vulnerability in how the CPU loads microcode (basically CPU firmware) to stop attackers from injecting malware right into the CPU itself \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/amd-fixes-bug-that-lets-hackers-load-malicious-microcode-patches\/\">www.bleepingcomputer.com\/\u2026<\/a> (Not into PC builds enough to understand how widespread the affected CPU models are)<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li>Be careful experimenting with the new hotness <em>du-jour<\/em>: <a href=\"https:\/\/arstechnica.com\/security\/2025\/02\/deepseek-ios-app-sends-data-unencrypted-to-bytedance-controlled-servers\/\">DeepSeek iOS app sends data unencrypted to ByteDance-controlled servers \u2014 arstechnica.com\/\u2026<\/a>\n<ul>\n<li>NosillaCastaway Steve Mattan explains how to run large language models locally with Ollama on a <a href=\"https:\/\/pbs.bartificer.net\/tidbit10\">Tidbit 10 of Programming By Stealth<\/a><\/li>\n<\/ul>\n<\/li>\n<li>A good reminder of why it&#8217;s <strong>vital not to keep sensitive information in screenshots\/Photos<\/strong>: <a href=\"https:\/\/securelist.com\/sparkcat-stealer-in-app-store-and-google-play\/115385\/\">Take my money: OCR crypto stealers in Google Play and App Store \u2014 securelist.com\/\u2026<\/a>\n<ul>\n<li>The Apple and Google stores are less unsafe than the wild-west of side-loading, but malware does sneak into both, even if it is usually quickly cleaned up, especially in Apple&#8217;s more tightly managed store<\/li>\n<li>Any app that can see your photo library could be scanning it for sensitive information<\/li>\n<li>Legitimate apps with valid reasons for having photo library access that get taken over by baddies are a real danger here<\/li>\n<li>Use password managers to store **all your secrets; these apps will usually let you store files such as images (<a href=\"https:\/\/1password.com\/\">1Password<\/a> has great support for every kind of secret you might need to keep safe)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>\ud83c\uddec\ud83c\udde7 Credible reports have emerged that the UK government have used the very controversial 2024 amendment to the <em>Investigatory Powers Act<\/em> to secretly order Apple to give the UK government a back door into encrypted iCloud backups for <strong>all<\/strong> users (not just those for UK users) \u2014 <a href=\"https:\/\/appleinsider.com\/articles\/25\/02\/07\/uk-secretly-orders-apple-to-let-it-spy-on-iphone-users-worldwide\">appleinsider.com\/\u2026<\/a>\n<ul>\n<li>The law makes it illegal for a company under such an order to admit to the existence of the order, so Apple&#8217;s refusal to comment is not surprising<\/li>\n<li>The UK government have also refused to comment<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/25\/02\/13\/uks-iphone-spying-backdoor-demand-sparks-bipartisan-us-lawmaker-anger\">UK&#8217;s iPhone spying backdoor demand sparks bipartisan US lawmaker anger \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><strong>Opinion from Bart:<\/strong> I have no idea how this will play out, but it&#8217;s a very important story to watch this year, and to lobby your elected representatives about, regardless of what country you&#8217;re in!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Excellent Explainers<\/h2>\n<aside class=\"small-aside\">High-quality content explaining a security concept of some kind.<\/aside>\n<ul>\n<li>\ud83c\udfa7 An excellent explanation of the latest crypto-currency craze: <a href=\"https:\/\/overcast.fm\/+AAYs-6YUxw8\">The Indicator from Planet Money: How the memecoin game is played \u2014 overcast.fm\/\u2026<\/a>\n<ul>\n<li><strong>Editorial by Bart:<\/strong> it&#8217;s a scam, just don&#8217;t!<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong> A fascinating long read on the true history of screen savers and how flying toasters and the like are nothing more than the visible tip of a massively bigger invisible iceberg that&#8217;s come full circle with our smartphones: <a href=\"https:\/\/tedium.co\/2025\/01\/12\/screen-saver-history\/\">Saving One Screen At A Time \u2014 tedium.co\/\u2026<\/a><\/li>\n<li><strong>From Allison:<\/strong> a free and open Git hosting platform (an alternative to GitHub and GitLab) from a German non-profit with servers located in Europe \u2014 <a href=\"https:\/\/codeberg.org\/\">codeberg.org\/\u2026<\/a>\n<ul>\n<li><strong>Comment from Bart:<\/strong> passes the <em>&#8216;follow the money&#8217;<\/em> test with flying colours \ud83d\ude42<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link it is the title of the page being linked to, when the text describing a link is not part of the link it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. DNS discussion update: as pointed out by Ferrers in the Podfeet Slack, Cloudflare&#8217;s free DNS service does offer an equivalent to Quad9&#8217;s malware-blocking DNS service \u2014 Details on their website 1.1.1.1 \u2014 unfiltered DNS [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[2447,1117,2239,4424,7067],"class_list":["post-33113","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-back-door","tag-dns","tag-security-updates","tag-tiktok","tag-zero-day-2"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=33113"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33113\/revisions"}],"predecessor-version":[{"id":33114,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/33113\/revisions\/33114"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=33113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=33113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=33113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}