{"id":34248,"date":"2025-07-20T15:38:57","date_gmt":"2025-07-20T22:38:57","guid":{"rendered":"https:\/\/www.podfeet.com\/blog\/?p=34248"},"modified":"2025-07-20T19:33:40","modified_gmt":"2025-07-21T02:33:40","slug":"sb-2025-07-20","status":"publish","type":"post","link":"https:\/\/www.podfeet.com\/blog\/2025\/07\/sb-2025-07-20\/","title":{"rendered":"Security Bits \u2014 20 July 2025"},"content":{"rendered":"<h2>\u2757 Action Alerts<\/h2>\n<aside class=\"small-aside\">Calls to action, if any stories in this section are relevant to you, there is some action you should take.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/microsoft\/microsoft-july-2025-patch-tuesday-fixes-one-zero-day-137-flaws\/\">Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws \u2014 www.bleepingcomputer.com\/\u2026<\/a>, <a href=\"https:\/\/krebsonsecurity.com\/2025\/07\/microsoft-patch-tuesday-july-2025-edition\/\">krebsonsecurity.com\/\u2026<\/a> &amp; <a href=\"https:\/\/isc.sans.edu\/diary\/rss\/32088\">isc.sans.edu\/\u2026<\/a>\n<ul>\n<li>Most important patches for typical NosillaCastaways are Office zero-click exploits (triggered by previewing a document)<\/li>\n<li>Most important updates for sysadmins are in SQL Server<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-fixes-actively-exploited-sandbox-escape-zero-day-in-chrome\/\">Google fixes actively exploited sandbox escape zero day in Chrome \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Sandbox escapes are a particularly dangerous class of browser bug, so restart Chrome ASAP to let it update itself!)<\/li>\n<li>\u26a0\ufe0f <strong>PC users with older Gigabyte motherboards:<\/strong> <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/gigabyte-motherboards-vulnerable-to-uefi-malware-bypassing-secure-boot\/\">Gigabyte motherboards vulnerable to UEFI malware bypassing Secure Boot \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Allows malware to infect the boot loader, allowing <strong>persistent malware infection<\/strong> even <strong>surviving complete OS re-installs<\/strong>!<\/li>\n<li>100s of motherboard models affected (very common brand for build-your-own and custom-built gaming PCs)<\/li>\n<li>All appear to be out of support, so patches seem unlikely<\/li>\n<li>No response from Gigabyte at all \ud83d\ude41<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Worthy Warnings<\/h2>\n<aside class=\"small-aside\">Potentially relevant warnings from government organisations, public interest groups, or the security community.<\/aside>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/123456-password-exposed-chats-for-64-million-mcdonalds-job-chatbot-applications\/\">&#8216;123456&#8217; password exposed chats for 64 million McDonald\u2019s job chatbot applications \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Affects anyone who applied for just about any job at McDonalds in the US in recent years, even those who were not successful<\/li>\n<li>Unbelievably careless lapses in fundamental security practices \u2014 would have been a fun <em>&#8220;here&#8217;s a perfect example of everything not to do&#8221;<\/em> story were the implications not so serious \ud83d\ude41<\/li>\n<li>No way to know who abused this vulnerability before white-hat researchers found and reported it, so assume you&#8217;re at risk from very convincing phishing if you so much as applied.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Notable News<\/h2>\n<ul>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-android-taptrap-attack-fools-users-with-invisible-ui-trick\/\">New Android TapTrap attack fools users with invisible UI trick \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Android&#8217;s API&#8217;s let apps control how system dialogues they trigger get rendered (terrible idea!)<\/li>\n<li>There is a design flaw in this ill-conceived API that allows the final opacity to be set at 0.01%, i.e. effectively completely transparent \u2014 not sure of that&#8217;s detectable even when you look really closely \ud83d\ude15<\/li>\n<li>Users can be tricked into giving system permissions to apps by placing buttons behind the effectively invisible system permission buttons<\/li>\n<li>Google are working on a fix<\/li>\n<\/ul>\n<\/li>\n<li>Google is expanding their protected accounts feature for at-risk users down into the Android OS and even some system apps: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-reveals-details-on-androids-advanced-protection-for-chrome\/\">Google reveals details on Android\u2019s Advanced Protection for Chrome \u2014 www.bleepingcomputer.com\/\u2026<\/a><\/li>\n<li>A great illustration of the two sides of AI in cybersecurity\n<ul>\n<li>Not only can attackers use AI to help them write exploits of composed more convincing phishes, they can also find and exploit weaknesses in these very immature technologies which are being prematurely integrated into billion-user services: <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/google-gemini-flaw-hijacks-email-summaries-for-phishing\/\">Google Gemini flaw hijacks email summaries for phishing \u2014 www.bleepingcomputer.com\/\u2026<\/a> (Hidden email content to trick the AI into writing malicious summaries)<\/li>\n<li>Defenders can leverage AI to pre-emptively find and fix potentially very damaging vulnerabilities: <a href=\"https:\/\/thehackernews.com\/2025\/07\/google-ai-big-sleep-stops-exploitation.html\">Google AI &#8220;Big Sleep&#8221; Stops Exploitation of Critical SQLite Vulnerability Before Hackers Act \u2014 thehackernews.com\/\u2026<\/a><\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/appleinsider.com\/articles\/25\/07\/09\/icloud-passwords-autofill-now-available-in-firefox-for-windows\">iCloud Passwords autofill now available in Firefox for Windows \u2014 appleinsider.com\/\u2026<\/a><\/li>\n<li><a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/windows-11-now-uses-jscript9legacy-engine-for-improved-security\/\">Windows 11 now uses JScript9Legacy engine for improved security \u2014 www.bleepingcomputer.com\/\u2026<\/a>\n<ul>\n<li>Up to this point Windows still used the old Internet Explorer JavaScript engine for backwards compatibility<\/li>\n<li>This is a version of the modern JScript9 Javascript engine that supports the old IE-era legacy APIs (hence the name, it&#8217;s the API that&#8217;s legacy, not the engine!)<\/li>\n<\/ul>\n<\/li>\n<li><a href=\"https:\/\/tidbits.com\/2025\/07\/07\/cloudflares-pay-per-crawl-points-to-a-new-model-for-paying-content-creators\/\">Cloudflare\u2019s \u201cPay-Per-Crawl\u201d Points to a New Model for Paying Content Creators \u2014 tidbits.com\/\u2026<\/a>\n<ul>\n<li>Intended to force AI bots make micro-payments to website owners in exchange for crawling their content<\/li>\n<li>Given Cloudflare&#8217;s scale, this actually has a chance of succeeding<\/li>\n<li>This solution revives the seldom-used <code>HTTP 402 Payment Required<\/code> HTTP response code \u2014 <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Web\/HTTP\/Reference\/Status\/402\">developer.mozilla.org\/\u2026<\/a><\/li>\n<li><strong>Editorial by Bart:<\/strong> This is the first hint of a possible future for the web not encumbered by the current toxic tracking\/ad model.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Interesting Insights<\/h2>\n<aside class=\"small-aside\">High-quality opinion and editorial content recommended by Bart.<\/aside>\n<ul>\n<li>A fascinating visualisation of the data in HaveIBeenPwned powered by the free endpoints on the HIBP API \u2014 <a href=\"https:\/\/haveibeenpwned.watch\/\">haveibeenpwned.watch\/\u2026<\/a> (Code is open source and <a href=\"https:\/\/github.com\/iosifache\/haveibeenpwned.watch\">on GitHub<\/a>)<\/li>\n<\/ul>\n<h2>Palate Cleansers<\/h2>\n<aside class=\"small-aside\">Anything upbeat and nerdy Bart and\/or Allison think you might enjoy.<\/aside>\n<ul>\n<li><strong>From Bart:<\/strong>\n<ul>\n<li>\ud83c\udfa7 A deep and meaningful conversation with the great George Takei: <a href=\"https:\/\/overcast.fm\/+AAAlVWhtO_s\">Bullseye with Jesse Thorn: George Takei \u2014 overcast.fm\/\u2026<\/a><\/li>\n<li>\ud83c\udfb5 A heart-warming cross-cultural collaboration with a truly unique and beautiful sound: <a href=\"https:\/\/cathyfinkmarcymarxer.bandcamp.com\/album\/from-china-to-appalachia\">FROM CHINA TO APPALACHIA: Cathy Fink &amp; Marcy Marxer with Chao Tian \u2014 cathyfinkmarcymarxer.bandcamp.com\/\u2026<\/a><\/li>\n<li>Just in time for World Emoji Day: <a href=\"https:\/\/www.cultofmac.com\/news\/emoji-respect\">Science proves that emojis improve text messages \u2014 www.cultofmac.com\/\u2026<\/a> \ud83d\ude00<\/li>\n<li>We mentioned Rocket app for macOS from <a href=\"https:\/\/matthewpalmer.net\/rocket\/\">matthewpalmer.net\/&#8230;<\/a><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<h2>Legend<\/h2>\n<p>When the textual description of a link is part of the link, it is the title of the page being linked to, when the text describing a link is not part of the link, it is a description written by <a href=\"https:\/\/bartb.ie\/\">Bart<\/a>.<\/p>\n<table>\n<thead>\n<tr>\n<th align=\"center\">Emoji<\/th>\n<th align=\"left\">Meaning<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td align=\"center\">\ud83c\udfa7<\/td>\n<td align=\"left\">A link to <strong>audio content<\/strong>, probably a podcast.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\u2757<\/td>\n<td align=\"left\">A <strong>call to action<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\"><em>flag<\/em><\/td>\n<td align=\"left\">The story is particularly relevant to people living in a <strong>specific country<\/strong>, or, the organisation the story is about is affiliated with the government of a specific country.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcca<\/td>\n<td align=\"left\">A link to <strong>graphical content<\/strong>, probably a chart, graph, or diagram.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83e\uddef<\/td>\n<td align=\"left\">A story that has been <strong>over-hyped<\/strong> in the media, or, <em>&#8220;no need to light your hair on fire&#8221;<\/em> \ud83d\ude42<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udcb5<\/td>\n<td align=\"left\">A link to an article behind a <strong>paywall<\/strong>.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83d\udccc<\/td>\n<td align=\"left\">A <strong>pinned<\/strong> story, i.e. one to keep an eye on that&#8217;s likely to develop into something significant in the future.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa9<\/td>\n<td align=\"left\">A <strong><em>tip of the hat<\/em><\/strong> to thank a member of the community for bringing the story to our attention.<\/td>\n<\/tr>\n<tr>\n<td align=\"center\">\ud83c\udfa6<\/td>\n<td align=\"left\">A link to <strong>video content<\/strong>.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"excerpt":{"rendered":"<p>\u2757 Action Alerts Calls to action, if any stories in this section are relevant to you, there is some action you should take. Microsoft July 2025 Patch Tuesday fixes one zero-day, 137 flaws \u2014 www.bleepingcomputer.com\/\u2026, krebsonsecurity.com\/\u2026 &amp; isc.sans.edu\/\u2026 Most important patches for typical NosillaCastaways are Office zero-click exploits (triggered by previewing a document) Most important [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":28385,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[147,214],"tags":[5916,1359,7553,233,2079,50,569,7552,7067],"class_list":["post-34248","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-posts","category-security-bits","tag-gigabyte-motherboards","tag-google","tag-mcdonaldstaptrap","tag-microsoft","tag-patch","tag-security","tag-security-bits","tag-tuesday","tag-zero-day-2"],"jetpack_featured_media_url":"https:\/\/www.podfeet.com\/blog\/wp-content\/uploads\/2023\/05\/Security-Bits-Logo_1040x520.png","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34248","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/comments?post=34248"}],"version-history":[{"count":2,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34248\/revisions"}],"predecessor-version":[{"id":34261,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/posts\/34248\/revisions\/34261"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media\/28385"}],"wp:attachment":[{"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/media?parent=34248"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/categories?post=34248"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.podfeet.com\/blog\/wp-json\/wp\/v2\/tags?post=34248"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}