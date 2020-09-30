Proprietary Nightmares and Security Blunders
If iOS 14 is causing battery drain, you might need to wipe your iPhone
Apple has already issue one bug fix update (14.0.1), but none of these issues were part of that fix. Instead, Apple has suggested that if you’re experiencing “two or more” of the listed issues, you unpair your iPhone and your Apple Watch, back up to iCloud, erase all content from your iPhone, and then restore your iPhone and Apple Watch from the backups. Unfortunately, it looks like there is no way to restore missing workout route maps, environmental sound levels, or any other missing data — Apple suggests affected users follow its instructions “to prevent future data loss.”
[Cracked] Hospital Chain Says All 250 US Facilities Affected
The hospital chain Universal Health Services said Thursday that computer services at all 250 of its U.S. facilities were hobbled in last weekend’s malware attack and efforts to restore hospital networks were continuing.
InterPlanetary Storm cross-platform P2P botnet infects computers and IoT devices
What sets this botnet apart from others is that it’s built on top of the InterPlanetary File System (IPFS), a protocol for storing and sharing data in a distributed file system. This means the infected devices become part of a peer-to-peer network and talk directly to each other, giving the botnet more resilience against takedown attempts.
Security updates for Friday
Security updates have been issued by Debian (jruby and ruby2.3), Fedora (crun, pdns, and podman), openSUSE (go1.14 and kernel), Oracle (qemu-kvm and virt:ol), Red Hat (qemu-kvm-ma and thunderbird), SUSE (nodejs10, nodejs12, perl-DBI, permissions, and xen), and Ubuntu (ntp).
305 CVEs and Counting: Bug-Hunting Stories From a Security Engineer
Larry Cashdollar, senior security response engineer at Akamai, talks about the craziest stories he’s faced, reporting CVEs since 1994.
Larry Cashdollar, senior security response engineer at Akamai, has been finding CVEs since the 1990s, around when MITRE was first being established. Since then, he’s found 305 CVEs – as well as various security findings, such an IoT bricking malware called Silex, and cybercriminals targeting poorly secured Docker images.
QR Codes: A Sneaky Security Threat
Take a good look first: Make sure the QR code is legit, especially printed codes, which can be pasted over with a different (and potentially malicious) code.
Only scan codes from trusted entities: Mobile users should stick to scanning codes that only come from trusted senders. Pay attention to red flags like a web address that differs from the company URL — there’s a good chance it links to a malicious site.
Watch out for bit.ly links: Check the URL of a bit.ly link that appears after scanning a QR code. These links are often used to disguise malicious URLs, but they can be safely previewed by adding a plus symbol (“+”) at the end of the URL.
Android Leftovers
University champions open source with new OSPO
Rochester Institute of Technology is establishing Open@RIT, an initiative dedicated to supporting all kinds of "open work," including—but not limited to—open source software, open data, open hardware, open educational resources, Creative Commons-licensed work, and open research. The new open source programs office aims to determine and grow the footprint of RIT's impact on all things "open," leading to more collaboration, creation, and contribution, on and off campus. Open work is non-proprietary—meaning it's licensed to be publicly accessible and anyone can modify or share, within the terms of the license. While the term "open source" originally came out of the software industry, it has since become a set of values that has applications in everything from science to media.
This week in KDE: Breeze Evolution work starts landing
Pieces of our much-awaited Breeze Evolution UI refresh have begun landing this week! Now windows, Plasma pop-ups, and notifications have a distinctly colored visually separated “tools area” at the top, window shadows become smaller for inactive windows, and sidebars in settings windows are using all-colorful icons! These improvements have been developed by Carson Black, Noah Davis, Niccolò Venerandi, Lindsay Roberts, and me: Nate Graham–aided greatly by the rest of the KDE VDG team! Watch this space for more to come. Plasma 5.21 is going to be the release where all of this stuff gets shipped, and I’m very excited about it!
