Your Computer User Group of the Air!
There were a lot of security issues this week (13 Apr 24 ). Here's a quick list:
- There was a major Gmail AI security update for 3 billion users. AI has apparently become so good, so fast, that it has dramatically lowered the barrier to attacks, which Google admits has led to a spike in higher quality phishing at scale. Luckily, the fix is all happening behind the scenes at Google, so there's nothing you have to do.
- However, there's another Google warning that you do have to handle. If you're one of Chrome's billion-plus users on Windows PCs, then another update warning has just been issued to update your browser as soon as you can. The latest update includes three fixes for high-risk memory safety vulnerabilities.
- If you're one of some 92,000 users of older D-Link Network Attached Storage devices, I have some bad news: Hackers are actively exploiting a pair of recently discovered vulnerabilities to remotely commandeer them. Unfortunately, D-Link said it had no plans to patch the vulnerabilities, which are present only in end-of-life devices, meaning they are no longer supported by the manufacturer. So your choices are to live with the vulnerability, or buy newer devices.
- In an announcement that shocks no one, Microsoft urges you to update Windows. The latest patches include fixes for two separate zero-days, which means they're already being actively exploited. Oh, and the update fixes a whopping 149 other flaws.
- Speaking of Microsoft... Apparently, they left a server linked to Bing's search engine wide open, with no password protection, meaning it could be accessed by anyone online. The server contained a variety of security credentials used by Microsoft employees to access internal systems, housed within various scripts, code, and configuration files.
- AT&T is notifying millions of current or former customers that their account data have been compromised and published last month on the dark web. Just how many millions, the company isn't saying.
- Apple sent out iPhone security alerts to people across 92 countries on Wednesday, warning that their iPhones had been remotely targeted in a mercenary spyware attack. Currently, Apple's suggested remedy is to, and I quote, "enlist expert help."
- Like the D-Link problem, hardware sold for years by the likes of Intel and Lenovo contain a remotely exploitable vulnerability that will never be fixed. This is mostly Intel, Lenovo, and Supermicro server hardware.
- Researchers have uncovered a new variant of the Spectre v2 attack, a security flaw impacting Linux systems running on modern Intel processors. Update your system, and monitor it.
- About a hundred thousand LG TVs are vulnerable to takeover. Go to your settings menu, and run the update.