Recall Resurrected, CUPS vuln, NIST Password Changes + More

Author

InfoSec Sam
September 29, 2024

This week's newsletter

Recent News

Recall Resurrected 

Microsoft has reintroduced its controversial "Recall" feature, now with additional security enhancements like proof-of-presence, encryption, and data isolation.

This update also shifts to an opt-in model, giving users more control over whether their data can be recalled. These improvements aim to address the numerous privacy concerns while maintaining functionality. Check out the new security architecture below:

Crack in CUPS

A recently discovered Linux vulnerability allows unauthenticated remote code execution, but its impact is less severe than initially feared. The flaw, found in the Linux kernel, could potentially be exploited by attackers to gain control over systems.

The vulnerability relates to OpenPrinting’s Common UNIX Printing System (CUPS), a popular Internet Printing Protocol (IPP) open source printing system designed mainly for Linux and UNIX-like operating systems.

If you’re running Linux based systems, now would be a good time to patch!

NIST Password Changes

NIST has updated its password guidance to improve security, recommending practices such as allowing longer passphrases, avoiding periodic password changes, and eliminating complex requirements like special characters.

This guidance isn’t new. NSCS guidance has been to avoid unnecessary password changes for a while now so it is good to see NIST now also reflecting this and put emphasises on usability while maintaining robust security.

Other News

  • National Rail Wi-Fi Hacked - National Rail compromised Wi-Fi displayed landing page with Islamophobic messaging. Absolutely disgusting.

  • Kia Chaos - Millions of Kia vehicles were vulnerable to remote hacking that could have allowed attackers to remotely control critical vehicle functions, such as unlocking doors or starting the engine.

  • Meta Fined Millions - Meta has been fined €102 million by the European Union over a 2019 privacy breach related to weak password security practices. This includes the storage of millions of Facebook user passwords in plaintext!

 

Free Resources

Below are links related to thing I have shared on my TikTok video such as training resources and job opportunities.

Subscribe to keep reading

This content is free, but you must be subscribed to InfoSecSam's Newsletter to continue reading.

I consent to receive newsletters via email. Terms of use and Privacy policy.

Already a subscriber?Sign in.Not now