{"id":34151,"date":"2025-07-06T11:47:32","date_gmt":"2025-07-06T18:47:32","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=34151"},"modified":"2025-07-06T11:47:32","modified_gmt":"2025-07-06T18:47:32","slug":"sb-2025-07-06","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/07\/sb-2025-07-06\/","title":{"rendered":"Security Bits \u2014 6 July 2025"},"content":{"rendered":"<h2>Feedback &amp; Followups<\/h2>\n<aside class=\"small-aside\">Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time.<\/aside>\n<ul>\n<li>Just like we predicted last time: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/scattered-spider-hackers-shift-focus-to-aviation-transportation-firms\/\">Scattered Spider hackers shift focus to aviation, transportation firms \u2014 www.bleepingcomputer.com\/\u2026<\/a> (They&#8217;d just pivoted to Insurance and were finding it fallow ground, so we predicted they&#8217;d jump again quickly)\n<ul>\n<li>Highest profile victim so far: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qantas-discloses-cyberattack-amid-scattered-spider-aviation-breaches\/\">Qantas discloses cyberattack amid Scattered Spider aviation breaches \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/appleinsider.com\/articles\/25\/06\/19\/tiktok-ban-delayed-another-90-days-to-september-17\">TikTok ban enforcement delayed another 90 days to September 17 \u2014 appleinsider.com\/\u2026<\/a> \ud83c\udf2e\n<ul>\n<li><strong>Note:<\/strong> still no actual legal basis for any of this!<\/li>\n<li>At least some Google shareholders are starting to worry about the ever increasing legal exposure, and a lawsuit has been filed \u2014 <a href=\"https:\/\/www.macobserver.com\/tips\/did-trump-overstep-on-tiktok-shareholder-sues-google\/\">www.macobserver.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-fourth-actively-exploited-chrome-zero-day-of-2025\/\">Google fixes fourth actively exploited Chrome zero-day of 2025 \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/thehackernews.com\/2025\/07\/critical-sudo-vulnerabilities-let-local.html\">Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros \u2014 thehackernews.com\/\u2026<\/a>\n<ul>\n<li>Responsibly disclosed, so patches have actually been out for some time<\/li>\n<li>Requires local access, so probably not a that big a risk for most NosillaCastaways<\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>Brother, Fujifilm, Toshiba &amp; Konica Minolta Printer Owners:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/brother-printer-bug-in-689-models-exposes-default-admin-passwords\/\">Brother printer bug in 689 models exposes default admin passwords \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Nearly 700 Brother models, but over 50 from the other brands too!)\n<ul>\n<li>No firmware fix \u2014 default passwords derived from serial number which also leaks in various ways, and change in manufacturing process needed to remediate<\/li>\n<li>Only fix is for users to <strong>change the password<\/strong> so the default is not in use<\/li>\n<\/ul>\n<\/li>\n<li>\u26a0\ufe0f <strong>Beyerdynamic, Bose, Sony, Marshall, Jabra, JBL, Jlab, EarisMax, MoerLabs &amp; Teufel headset owners:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/bluetooth-flaws-could-let-hackers-spy-through-your-microphone\/\">Bluetooth flaws could let hackers spy through your microphone \u2014 www.bleepingcomputer.com\/\u2026<\/a> (29 models total)\n<ul>\n<li>Firmware updates are on the way (at various stages of the process)<\/li>\n<li>Requires proximity, so probably not a big deal for regular folks, but people who may be worth targeting should consider switching headset, at least for now<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li>Beware, new variant of currently popular attack: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/filefix-attack-weaponizes-windows-file-explorer-for-stealthy-powershell-commands\/\">New FileFix attack weaponizes Windows File Explorer for stealthy commands \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Asks users to paste into the File Explorer address bar, which is more powerful than many realise, and perhaps less suspicious than the <em>Run<\/em> box)<\/li>\n<li>Probably best to avoid: <a href=\"https:\/\/appleinsider.com\/articles\/25\/06\/27\/meta-wants-to-upload-every-photo-you-have-to-its-cloud-to-give-you-ai-suggestions\">Meta wants to upload every photo you have to its cloud to give you AI suggestions \u2014 appleinsider.com\/\u2026<\/a> (Suggest denying any prompts to opt-in to <em>&#8216;Cloud Processing&#8217;<\/em>)<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/lets-encrypt-ends-certificate-expiry-emails-to-cut-costs-boost-privacy\/\">Let\u2019s Encrypt ends certificate expiry emails to cut costs, boost privacy \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Only relevant if you are manually regenerating certs, which needs to be done every 3 months<\/li>\n<li>Time to move on to using automation via the ACME protocol, certificate lifetimes are going to get a lot shorter in the next few years!<\/li>\n<\/ul>\n<\/li>\n<li>Windows 10 gets a 1-year reprieve, if you&#8217;re prepared to make a change or to pay \u2014 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-windows-10-extended-security-updates-available-using-reward-points\/\">www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Extended Security Updates (ESU) in exchange for configuring Windows Backup to sync settings to the cloud, 1K of Microsoft credits, or $30.<\/li>\n<li><strong>Pet Theory:<\/strong> The reason for the cloud sync push could be to simplify the eventual migration to Windows 11 next year<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/cloudflare-open-sources-orange-meets-with-end-to-end-encryption\/\">Cloudflare open-sources Orange Meets with End-to-End encryption \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>From a brief scan of the descriptions looks like a great protocol to have open to the world, 100% client-side encryption, so truly End-to-End, and includes a nice key-verification method.<\/li>\n<\/ul>\n<\/li>\n<li>\ud83c\uddfa\ud83c\uddf8 <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/atandt-rolls-out-wireless-lock-feature-to-block-sim-swap-attacks\/\">AT&amp;T rolls out &#8220;Wireless Lock&#8221; feature to block SIM swap attacks \u2014 www.bleepingcomputer.com\/\u2026<\/a> (other carriers have apparently had similar options for some time)<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>\ud83c\udfa7 <a href=\"https:\/\/overcast.fm\/+ABKzxSDfd8A\">Guy Kawasaki&#8217;s Remarkable People: Who Defends Your Digital Rights? Meet EFF\u2019s Cindy Cohn \u2014 overcast.fm\/\u2026<\/a>\n<ul>\n<li>Great discussion explaining what the EFF does, and why<\/li>\n<li>Cindy&#8217;s answer regarding her own use of FaceID is superb, explaining very well that everyone needs to make their own <strong>informed<\/strong> decisions about how they balance risks and benefits<\/li>\n<li>Also of note is Cindy&#8217;s practical and nuanced answer to Guy&#8217;s question about using WhatsApp (it&#8217;s not ideal, but it&#8217;s better than most, and it&#8217;s where most of the people are in many places around the world, so fine for most people to use, and definitely much better than Telegram)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>\ud83c\udfa7 <a href=\"https:\/\/overcast.fm\/+AAMLcYMcwwI\">Twenty Thousand Hertz: The Music of Jeopardy! From a Lullaby to $100,000,000 \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>\ud83c\udfa7 <a href=\"https:\/\/overcast.fm\/+AAkjCLU9pJ8\">Design Matters with Debbie Millman: James Dyson \u2014 overcast.fm\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>Feedback &amp; Followups Listener and community feedback, developments in recently covered stories, and developments in long-running stories we&#8217;re tracking over time. Just like we predicted last time: Scattered Spider hackers shift focus to aviation, transportation firms \u2014 www.bleepingcomputer.com\/\u2026 (They&#8217;d just pivoted to Insurance and were finding it fallow ground, so we predicted they&#8217;d jump again [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[170,7524,50,569,4424,2003],"class_list":["post-34151","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-hack","tag-scattered-spider","tag-security","tag-security-bits","tag-tiktok","tag-vulnerabilities"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34151","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=34151"}],"version-history":[{"count":1,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34151\/revisions"}],"predecessor-version":[{"id":34152,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34151\/revisions\/34152"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=34151"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=34151"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=34151"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}