Project

Profile

Help

Download (159 KB)

Task #155195 » this week in security — january 26 edition - 2025-01-26T15_36_45Z.eml

Anonymous, 01/26/2025 04:36 PM

 
X-He-Spam-Score: -1.5
Return-Path: <bounce-mc.us18_98818529.11206518-9d10de3b61@mail230.atl61.mcsv.net>
Delivered-To: dropbox@plan.io
Received: from m.launch.gmbh ([127.0.0.1])
by m.launch.gmbh with LMTP
id wIymJX9WlmeE1zUAJzdhvw
(envelope-from <bounce-mc.us18_98818529.11206518-9d10de3b61@mail230.atl61.mcsv.net>)
for <dropbox@plan.io>; Sun, 26 Jan 2025 16:36:31 +0100
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on m.launch.gmbh
X-Spam-Level:
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DMARC_PASS,HTML_MESSAGE,LOTS_OF_MONEY,
PDS_OTHER_BAD_TLD,RCVD_IN_DNSWL_NONE,SPF_FAIL,SPF_FAIL_IGNORE,
SPF_HELO_NONE,T_KAM_HTML_FONT_INVALID,T_SCC_BODY_TEXT_LINE,URIBL_SBL_A
autolearn=no autolearn_force=no version=3.4.6
X-Spam-Report:
* -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at
* https://www.dnswl.org/, no trust
* [64.90.62.163 listed in list.dnswl.org]
* -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1%
* [score: 0.0000]
* 5.0 SPF_FAIL SPF check failed
* -0.1 DMARC_PASS DMARC check passed
* 0.1 URIBL_SBL_A Contains URL's A record listed in the Spamhaus SBL
* blocklist
* [URIs: raw.githubusercontent.com]
* 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
* 0.5 PDS_OTHER_BAD_TLD Untrustworthy TLDs
* [URI: mastodon.online (online)]
* 0.0 HTML_MESSAGE BODY: HTML included in message
* -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
* author's domain
* -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
* 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily
* valid
* 0.0 T_KAM_HTML_FONT_INVALID Test for Invalidly Named or Formatted
* Colors in HTML
* 0.0 LOTS_OF_MONEY Huge... sums of money
* -5.0 SPF_FAIL_IGNORE Planio Inbox does not consider SPF FAILS on
* redirects
* -0.0 T_SCC_BODY_TEXT_LINE No description available.
X-Spam-Score: -1.5
Authentication-Results: m.launch.gmbh; dmarc=pass (p=none dis=none) header.from=weekinsecurity.com
Authentication-Results: m.launch.gmbh; spf=fail smtp.mailfrom=mail230.atl61.mcsv.net
Authentication-Results: m.launch.gmbh;
dkim=pass (1024-bit key; unprotected) header.d=weekinsecurity.com header.i=this@weekinsecurity.com header.a=rsa-sha256 header.s=k1 header.b=uaonbNA1;
dkim-atps=neutral
Envelope-to: inbox+rlxc+36be+hoax-clearing-center@plan.io
Received: from pdx1-sub0-mail-mx211.dreamhost.com (fltr-in1.mail.dreamhost.com [64.90.62.163])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by m.launch.gmbh (Postfix) with ESMTPS id AF74E1688F6
for <inbox+rlxc+36be+hoax-clearing-center@plan.io>; Sun, 26 Jan 2025 16:36:30 +0100 (CET)
Received: from postfix-inbound-v2-7.inbound.mailchannels.net (inbound-egress-7.mailchannels.net [23.83.220.5])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
(No client certificate requested)
by pdx1-sub0-mail-mx211.dreamhost.com (Postfix) with ESMTPS id 4Ygwd821m4z4rH0
for <lapor@turnbackhoax.id>; Sun, 26 Jan 2025 07:36:28 -0800 (PST)
ARC-Seal: i=1; s=arc-2022; d=mailchannels.net; t=1737905787; a=rsa-sha256;
cv=none;
b=O+7E0diUAyK1+sYas6sJ1PQ7e+wBdIbD3U+EDwVGkHwUKHf5TUdZwDyJOI2fLCG/wA05Qf
RxOizbyLOVqFaYtBBAFNJT2P+6YNQRQcWu6PC4h+/xFgxL4lzb+9e1qjokpZr+QsgFbFnK
9OD1NuNhIR+I8v3Nt71hO72AmLwpTA1WQLvWnLgvY9lVhX1S5/4PPNu0/r2ttxuG0+N7Jk
TBVAoo4JPk8SSdjmF+YbjPPYmx+AQxyCAzLh1TrYDVoND885DRaRgykQRWhkVlMmpmVfFN
UMSHBvtElLwD6T5SQyq5MhH2BiQxp4OH7Wge2hbooh6RDJj+Wux5yUYh0PLMZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed;
d=mailchannels.net;
s=arc-2022; t=1737905787;
h=from:from:reply-to:reply-to:subject:subject:date:date:
message-id:message-id:to:to:cc:mime-version:mime-version:
content-type:content-type:list-id:list-unsubscribe:
list-unsubscribe-post:dkim-signature;
bh=Q5YMOojsxwzbR5Yw37EvLaZ8e9LEa2uMxJAV1Oo93t8=;
b=MySq3Ecnune66hW1ezgvk/6WVpEhaUesmsx/qeJXkWFo/i3t8cy2mrDyIaxQqTtLfg+4Db
jmXtTibYt+thjpH2rNLgormnHnUiRAvrflqDqiK6lHXtMvelak171cyPsx+mrkTf5i3eMR
GjxitSnbPCFGacCye2DRA08WVCG1fD6usGMw3S6ycG3pngwEOXVoGFS7fYTJn6VF7VjQA1
vx4n11k93qpudVt0fNoMnexIbM5GL6mDUjj8nNXM5E11zzXul4Ya7voe1E9fVkYAb9Xjkp
CbndVdrb3BZNsf3Pr89I6atg2/iFDLsRMBiiD//jntCshHrzPxrir2wBhwc2BA==
ARC-Authentication-Results: i=1;
inbound-rspamd-d95797564-h8s9l;
none
X-VR-STATUS: SPAM
X-Message-ID: XOm1w9HR2Lzq5pAcxJqAi2T5
Received: from mail230.atl61.mcsv.net (mail230.atl61.mcsv.net
[205.201.135.230])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384)
by 100.112.242.94 (trex/6.10.3);
Sun, 26 Jan 2025 15:36:27 +0000
Authentication-Results: inbound.mailchannels.net;
spf=pass
smtp.mailfrom=bounce-mc.us18_98818529.11206518-9d10de3b61@mail230.atl61.mcsv.net;
dkim=pass header.d=weekinsecurity.com;
dmarc=pass (policy=none; pct=5; status=pass);
arc=none
Received-SPF: pass (dmarc-service-5d67ddd967-2cvl6: domain of
mail230.atl61.mcsv.net designates 205.201.135.230 as permitted sender)
client-ip=205.201.135.230;
envelope-from=bounce-mc.us18_98818529.11206518-9d10de3b61@mail230.atl61.mcsv.net;
helo=mail230.atl61.mcsv.net;
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weekinsecurity.com;
s=k1; t=1737905784; x=1738175784; i=this@weekinsecurity.com;
bh=Q5YMOojsxwzbR5Yw37EvLaZ8e9LEa2uMxJAV1Oo93t8=;
h=Subject:From:Reply-To:To:Date:Message-ID:X-MC-User:Feedback-ID:
List-ID:List-Unsubscribe:List-Unsubscribe-Post:Content-Type:
MIME-Version:CC:Date:Subject:From;
b=uaonbNA1NHQU7SskDl/2uesGKzVj/2TzmOgI/wY5Impj3Y5cz+lkb1TttaqIz1nJp
un//rTSAvHN2yyAS/JP/jdhmGQ7/lLLQ4vHfvsIE2iQnT3XB4Dm4jYz9PtO4QIKJws
ZfN3Ev1ojnNR7FHHvIldi7hWAGxir68/wVP79nnc=
Subject: =?utf-8?Q?this=20week=20in=20security=20=E2=80=94=20january=2026=20edition?=
From: Zack Whittaker <this@weekinsecurity.com>
Reply-To: =?utf-8?Q?Zack=20Whittaker?= <this@weekinsecurity.com>
To: <lapor@turnbackhoax.id>
Date: Sun, 26 Jan 2025 15:36:18 +0000
Message-ID: <e1ad6038c994abec17dafb116.9d10de3b61.20250126153605.2ec731902e.9de7f575@mail230.atl61.mcsv.net>
X-Mailer: Mailchimp Mailer - **CID2ec731902e9d10de3b61**
X-Campaign: mailchimpe1ad6038c994abec17dafb116.2ec731902e
X-campaignid: mailchimpe1ad6038c994abec17dafb116.2ec731902e
X-Report-Abuse: Please report abuse for this campaign here: https://mailchimp.com/contact/abuse/?u=e1ad6038c994abec17dafb116&id=2ec731902e&e=9d10de3b61
X-MC-User: e1ad6038c994abec17dafb116
Feedback-ID: 98818529:98818529.11206518:us18:mc
List-ID: e1ad6038c994abec17dafb116mc list <e1ad6038c994abec17dafb116.94603.list-id.mcsv.net>
X-Accounttype: pd
List-Unsubscribe: <https://social.us18.list-manage.com/unsubscribe?u=e1ad6038c994abec17dafb116&id=a2457dc8ad&t=h&e=9d10de3b61&c=2ec731902e>, <mailto:unsubscribe-mc.us18_e1ad6038c994abec17dafb116.2ec731902e-9d10de3b61@unsubscribe.mailchimpapp.net?subject=unsubscribe>
List-Unsubscribe-Post: List-Unsubscribe=One-Click
Content-Type: multipart/alternative; boundary="_----------=_MCPart_30188012"
MIME-Version: 1.0

This is a multi-part message in MIME format

--_----------=_MCPart_30188012
Content-Type: text/plain; charset="utf-8"; format="fixed"
Content-Transfer-Encoding: quoted-printable

** ~this week in security~
------------------------------------------------------------
a cybersecurity newsletter by @zackwhittaker (https://mastodon.social/@zac=
kwhittaker)

volume 8=2C issue 4
View this email in your browser (https://mailchi.mp/weekinsecurity/this-we=
ek-in-security-january-26-2025-edition?e=3D9d10de3b61) | RSS (https://us18.c=
ampaign-archive.com/feed?u=3De1ad6038c994abec17dafb116&id=3Da2457dc8ad)

~ ~


** THIS WEEK=2C TL;DR
------------------------------------------------------------
Trump cyber team disbands CISA advisory committees investigating big hacks=
(https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersecurit=
y/)
Wired ($): We're now week one into Trump term two and it's "all change" in=
government. Wired's @lhn (https://mastodon.online/@lhn/113877589757673685=
) scored the big exit interview with former CISA head @CISAJen (https://x.=
com/CISAJen) =2C who spoke of her time in government=2C the agency's succe=
sses=2C her concerns for the future=2C and more. It's a brilliant intervie=
w=2C plus video. Just as Easterly and the rest of the Biden cyber crew wer=
e emptying their desks and departing government service=2C the new adminis=
tration has already brought in new people=2C changed the locks=2C and fire=
d (https://x.com/ericgeller/status/1881804954547220650) the cyber committe=
es investigating major breaches =E2=80=94 including the China-backed Salt=
Typhoon hacks targeting major U.S. telcos and internet giants. Members of=
those committees=2C such as the Cyber Safety Review Board (CSRB)=2C calle=
d the shutdowns "horribly shortsighted."
(https://techcrunch.com/2025/01/22/trump-administration-fires-members-of-c=
ybersecurity-review-board-in-horribly-shortsighted-decision/) For its rati=
onale=2C DHS said it would no longer tolerate committees that "push agenda=
s that attempt to undermine its national security mission." Uhh....(??) ..=
=2Eso=2C not a great start=2C since getting to the bottom of what's been des=
cribed as the biggest (and most serious (https://www.techdirt.com/2025/01/=
23/trump-disbands-cybersecurity-board-investigating-massive-chinese-phone-=
system-hack/) ) set of security breaches in recent history seems like it s=
hould be a priority=2C no? And that's not even getting into the ordered re=
signations (https://therecord.media/politicization-of-pclob-could-threaten=
-key-eu-us-data-transfer-agreement) of the members of PCLOB=2C the civil l=
iberties board tasked with oversight of the intelligence agencies and a ke=
y data transfer agreement with Europe... all to say=2C there's been a lot=
of change this week and not all of it particularly
welcome.
More: TechCrunch (https://techcrunch.com/2025/01/22/trump-administration-f=
ires-members-of-cybersecurity-review-board-in-horribly-shortsighted-decisi=
on/) | Techdirt (https://www.techdirt.com/2025/01/23/trump-disbands-cybers=
ecurity-board-investigating-massive-chinese-phone-system-hack/) | Reuters=
($) (https://www.reuters.com/world/us/us-department-homeland-security-fir=
ing-all-advisory-committee-members-letter-2025-01-21/) | @ericgeller (http=
s://x.com/ericgeller/status/1881804954547220650) | @kevincollier (https://=
bsky.app/profile/kevincollier.bsky.social/post/3lgbqjt7fbc2t) | @k8em0 (ht=
tps://bsky.app/profile/k8em0.bsky.social/post/3lgdy4kwots26)

PowerSchool hacker claims theft of 62 million students' data (https://www.=
bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-da=
ta-of-62-million-students/)
Bleeping Computer: U.S. edtech software giant PowerSchool=2C whose school=
information system tech is used by thousands of school districts across N=
orth America=2C was breached=2C and the hacker claims to have stolen data=
on 62 million students and more than 9 million teachers. PowerSchool=2C f=
or its part=2C has said very little (https://techcrunch.com/2025/01/22/wha=
t-powerschool-isnt-saying-about-its-massive-student-data-breach/) about th=
e breach (gotta put those crisis comms dollars to work!) but schools are r=
eporting breaches going back in some cases decades (https://techcrunch.com=
/2025/01/21/toronto-school-district-says-40-years-of-student-data-stolen-i=
n-powerschool-breach/) . Cue Toronto's school district=2C which says data=
added to its system includes information on students dating back to 1985.=
We're still waiting on the final incident report from CrowdStrike =E2=80=
=94 but so far=2C all signs point to a single stolen credential and no MFA=
that allowed access to reams of people's private data. If that
sounds familiar=2C that's exactly how hackers broke into Change Healthcare=
last year.
More: The Register (https://www.theregister.com/2025/01/22/powerschool_can=
ada_lawsuits/) | TechCrunch (https://techcrunch.com/2025/01/22/what-powers=
chool-isnt-saying-about-its-massive-student-data-breach/) | K-12 Dive (htt=
ps://www.k12dive.com/news/powerschool-data-breach-lawsuits-negligence/7379=
00/) | Ars Technica (https://arstechnica.com/security/2025/01/students-par=
ents-and-teachers-still-smarting-from-breach-exposing-their-info/) | @zack=
whittaker (https://mastodon.social/@zackwhittaker/113889490267756163)
https://bsky.app/profile/tarah.org/post/3lgjdjoirpc2e
UnitedHealth confirms 190M Americans affected by Change Healthcare data br=
each (https://techcrunch.com/2025/01/24/unitedhealth-confirms-190-million-=
americans-affected-by-change-healthcare-data-breach/)
TechCrunch: ...speaking of Change Healthcare=2C it's the worst medical dat=
a breach in history that somehow inexplicably keeps getting worse. Yes=2C=
the ransomware attack on the UnitedHealth-owned health tech giant last Fe=
bruary now affects 190 million people in America=2C almost double the prev=
ious estimate given in October. It's an absolutely abhorrent and horrendou=
s breach that will affect the majority of people in America for life. Even=
if you haven't interacted with UnitedHealth=2C there's a good chance Chan=
ge still handled your data=2C thanks to its size =E2=80=94 in large part t=
hanks to unchecked corporate consolidation over the years. Per its HIPAA n=
otice (https://www.changehealthcare.com/hipaa-substitute-notice.html) =2C=
the stolen data includes patients' health data=2C billing and insurance i=
nformation=2C diagnoses=2C medications=2C test results=2C and more. All th=
e while=2C UnitedHealth made $400 billion (yes=2C with a b) in revenue in=
2024 =E2=80=94 but couldn't seem to bother with basic cybersecurity pract=
ices=2C like
MFA. Change said it'll notify the U.S. government's health department form=
ally at a later date. (Disclosure: I wrote this story.)
More: Fierce Healthcare (https://www.fiercehealthcare.com/payers/unitedhea=
lth-estimates-190m-people-impacted-change-healthcare-cyberattack) | WSJ Pr=
o ($) (https://www.wsj.com/articles/unitedhealth-estimates-change-healthca=
re-hack-impacted-about-190-million-people-9564533c) | Reuters ($) (https:/=
/www.reuters.com/business/healthcare-pharmaceuticals/unitedhealth-confirms=
-190-million-americans-affected-by-hack-tech-unit-2025-01-24/)
~ ~


** THE STUFF YOU MIGHT'VE MISSED
------------------------------------------------------------
AI tool helps cops (or stalkers) geolocate photos in seconds (https://www.=
404media.co/the-powerful-ai-tool-that-cops-or-stalkers-can-use-to-geolocat=
e-photos-in-seconds/)
404 Media ($): Prepare to get freaked out: a new closed-access AI tool dub=
bed GeoSpy can examine photos and geolocate where they were captured withi=
n seconds=2C based on surrounding information =E2=80=94 including landmark=
s=2C architecture=2C and more. Some open-source intelligence (OSINT) tools=
exist like this in a very basic form to geolocate photos but GeoSpy seems=
to massively soup up those capabilities. Think twice before you take that=
photo... (or any photo=2C really).
https://infosec.exchange/@josephcox/113861090742371502
Fake ads target Mac users with malware (https://www.bleepingcomputer.com/n=
ews/security/fake-homebrew-google-ads-target-mac-users-with-malware/)
Bleeping Computer: As if we need any more reasons (https://techcrunch.com/=
2022/12/22/fbi-ad-blocker/) to use an ad-blocker (https://techcrunch.com/2=
024/04/13/government-spyware-use-ad-blocker/) =2C but here we are. Malicio=
us Google ads caught masquerading as Homebrew ads are directing Mac users=
to download malware=2C tricking victims into thinking they're downloading=
the legitimate open-source package manager. (Per @JTParker09 (https://x.c=
om/JTParker09/status/1881754775819374664) =2C here's the VirusTotal link (=
https://www.virustotal.com/gui/file/b329b32fa3e87f2e8ff7dc3d080e2d042a5484=
d26f220028b556000389a437c5) ). Malicious ads are a common way for attacker=
s to target people searching for certain software. Use an ad-blocker! uBlo=
ck Origin (https://github.com/gorhill/uBlock) is one of the best (Wipr (ht=
tps://kaylees.site/wipr.html) =2C too); and if your browser doesn't suppor=
t it=2C change your browser.

No more Let's Encrypt expiry emails (https://letsencrypt.org/2025/01/22/en=
ding-expiration-emails/)
Let's Encrypt: Everyone's favorite free TLS certificate issuer Let's Encry=
pt will soon no longer send out email notifications for expired domains be=
ginning June 2025. Let's Encrypt certs expire after 90 days (and can be au=
tomatically renewed)=2C but found that sending emails cost the nonprofit-r=
un organization thousands of dollars each year in emails. On the flip side=
=2C by not emailing people=2C the organization no longer has to store emai=
l address information that isn't necessary =E2=80=94 so that's a win for p=
rivacy. Nice! (via @campuscodi (https://bsky.app/profile/campuscodi.risky.=
biz/post/3lgetbfyiwc2k) )

FortiGate config leaks now reveal victim email addresses (https://www.ther=
egister.com/2025/01/23/fortigate_config_leaks_infoseccers_list_victim_emai=
ls/)
The Register: If you recall=2C someone recently released around 15=2C000 c=
onfiguration files for FortiGate firewalls used by enterprises across the=
globe. These config files contain credentials=2C IP addresses =E2=80=94 a=
nd now email addresses (https://www.theregister.com/2025/01/23/fortigate_c=
onfig_leaks_infoseccers_list_victim_emails/) =E2=80=94 which at least make=
s it somewhat easier to identify individuals at affected organizations. Cy=
ber weatherman @GossiTheDog (https://cyberplace.social/@GossiTheDog/113874=
064792010448) (with a Medium ($) (https://doublepulsar.com/2022-zero-day-w=
as-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a=
74e0b0c7f) blog post on the issue) also published the known email addresse=
s (https://raw.githubusercontent.com/GossiTheDog/Monitoring/refs/heads/mai=
n/Fortigate-Config-Dump-emails.txt) for visibility=2C and is now reporting=
a slightly clearer forecast for affected orgs to take action.

Web bugs exposed Subaru's system for tracking millions of cars (https://sa=
mcurry.net/hacking-subaru)
Sam Curry: I can't remember who first said modern cars are trackers on whe=
els=2C but it's absolutely true. No more so than Subaru vehicles=2C thanks=
to a buggy Subaru web portal used by employees. Sam Curry (https://x.com/=
samwcyo) =2C the incredible car hacker of today's times=2C along with Shub=
ham Shah (https://x.com/infosec_au) =2C found bugs in the portal allowing=
anyone to track Subaru vehicles =E2=80=94 including their historical loca=
tion data(!). He proved this by asking his mum for permission to access he=
r Subaru's location across Omaha over a year! (supportive parents=2C ftw!)=
=2E The bugs also allowed anyone to take control of the vehicle=2C like unlo=
cking the car and honking its horn. Wired ($) (https://www.wired.com/story=
/subaru-location-tracking-vulnerabilities/) digs in with its own reporting=
=2E (Car makers: please make a "stupid" car. No internet connections wanted!=
)
https://samcurry.net/hacking-subaru
New Android anti-theft security feature lands (https://www.bleepingcompute=
r.com/news/security/new-android-identity-check-locks-settings-outside-trus=
ted-locations/)
Bleeping Computer: Google has a new Android "identity check" feature that=
locks sensitive device and account settings behind a biometric lock (like=
your fingerprint or face scan) when outside of a trusted location=2C such=
as home or work. This is meant to prevent device thieves from taking cont=
rol of your unlocked but snatched device. It's a similar (if not almost id=
entical) feature rolled out by Apple (https://support.apple.com/en-us/1203=
40) last year. It's a good idea=2C but so far limited to Google Pixel devi=
ces running Android 15 and Samsung Galaxy phones running One UI 7.

Almost phished using a crafty Google short-URL attack (https://gist.github=
=2Ecom/zachlatta/f86317493654b550c689dc6509973aa4)
Zach Latta: Here's a detailed walkthrough of how Zach Latta almost got phi=
shed by a pretty complex attack involving Google's official g.co URL short=
cut. This attack almost resulted in Latta granting access to his Google ac=
count hijacked. Of course=2C a big part of this is to stop picking up the=
phone (https://techcrunch.com/2024/09/07/for-security-we-have-to-stop-pic=
king-up-the-phone/) (and manually checking for signs of improper account a=
ctivity yourself)=2C but this walkthrough might help save you =E2=80=94 or=
someone else =E2=80=94 from this crafty hack attempt. (I will add=2C thou=
gh: this comment (https://gist.github.com/zachlatta/f86317493654b550c689dc=
6509973aa4?permalink_comment_id=3D5406650#gistcomment-5406650) cracked me=
up. "The first evidence that it was a scam was that you received a call f=
rom Google support. Google's lack of customer support is legendary.")
A phishing email that looks almost like a perfect Google Workspace spoof=
=2C saying "Your Google Account has been reset=2C" using the g.co subdomai=
n.
~ ~
THANKS FOR READING!

~this week in security~ is my free weekly cybersecurity newsletter support=
ed entirely by donations from readers like you. As a working journalist (h=
ttps://techcrunch.com/author/zack-whittaker/) =2C I don't run ads or accep=
t sponsors for this newsletter. Donations help reduce the costs of sending=
this newsletter while keeping it free=2C weekly=2C and without tracking.

To support this newsletter=2C check out my Ko-fi (https://ko-fi.com/thiswe=
ekinsecurity) to drop a one-time donation=2C or sign up from $10/monthly t=
o get cool swag (https://ko-fi.com/thisweekinsecurity/tiers) shipped world=
wide.
~ ~


** OTHER NEWSY NUGGETS
------------------------------------------------------------
Cloudflare issue leaks chat app users' broad location: Really impressive w=
ork here by security researcher Daniel (https://gist.github.com/hackermond=
ev/45a3cdfa52246f1d1201c1e8cdef6117) =2C a 15-year-old high school junior=
=2C who discovered an impressive information disclosure bug that allows an=
yone to determine someone's broad location (like a person's city) by sendi=
ng an image (or emoji) to a target =E2=80=94 using a friend request push n=
otification on Discord=2C for example. The issue at hand is that the image=
is cached in one of Cloudflare's datacenters closest to the intended targ=
et=2C which can be used to infer roughly where a person is located. As not=
ed by 404 Media ($) (https://www.404media.co/cloudflare-issue-can-leak-cha=
t-app-users-broad-location/) =2C this shows the importance for at-risk use=
rs "to protect not just their message contents=2C but their network activi=
ty as well." (via @hackermondev (https://gist.github.com/hackermondev/45a3=
cdfa52246f1d1201c1e8cdef6117) )
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Court reconsiders Pompompurin sentence: Conor Fitzpatrick=2C aka Pompompur=
in=2C a prolific hacker behind the notorious BreachForums (https://www.jus=
tice.gov/opa/pr/justice-department-announces-arrest-founder-one-world-s-la=
rgest-hacker-forums-and-disruption) and accused of other major hacks (and=
CSAM charges (https://infosec.exchange/@nixonnixoff/113869199862962950) )=
=2C will be re-sentenced after a court found the hacker's previous punishm=
ent was not sufficient. Cyberscoop (https://cyberscoop.com/conor-fitzpatri=
ck-resentenced-pompompurin-breachforums/) has more on the case. In short=
=2C the judge was quite un-thrilled by the hacker's lack of remorse and pe=
rsistent violations of his probation by using a VPN to access the internet=
=2E (via @PogoWasRight (https://infosec.exchange/@PogoWasRight/1138691996016=
53766) =2C @nixonnixoff (https://infosec.exchange/@nixonnixoff/11386919986=
2962950) )

To Pyongyang via North Carolina: The DOJ threw charges at a North Carolina=
-based laptop farm this week=2C which prosecutors accuse of enabling North=
Korean IT workers to gain unauthorized employment at big U.S. firms and e=
arn a wage (and stealing data) for the purposes of funding the regime's nu=
clear weapons program. The scheme allowed the North Koreans to earn around=
$866=2C000 over six years(!). Remember=2C these fake IT workers are every=
where =E2=80=94 they could even be in your company. The scale of this oper=
ation is absolutely huge=2C and has been able to generate billions in ille=
gal revenue (https://techcrunch.com/2024/11/28/north-korean-hackers-have-s=
tolen-billions-in-crypto-by-posing-as-vcs-recruiters-and-it-workers/) for=
making nukes. Yeah=2C not great! (via Cyberscoop (https://cyberscoop.com/=
doj-indicts-five-in-north-korean-fake-it-worker-scheme/) )

U.S. spies withheld a bunch o' bugs before 2023: Sometimes when the U.S. g=
overnment (or a close ally =E2=80=94 a country or private company) finds a=
bug that its spies reckon could be used for=2C well=2C spying=2C the feds=
will keep hold of these bugs and use them in offensive cyber operations=
=E2=80=93 all the while without telling the affected vendor. The feds mak=
e this decision through a process called VEP=2C or the vulnerabilities equ=
ities process. This week=2C the U.S. government revealed during 2023 that=
it informed companies of 39 bugs =E2=80=94 but that it previously withhel=
d 10 bugs discovered in "prior years" from disclosure. In other words=2C 1=
0 of those bugs were probably used to actively hack people. (via @joemenn=
(https://bsky.app/profile/joemenn.bsky.social/post/3lgj5ecwpz22p) =2C Ron=
Wyden (https://www.wyden.senate.gov/imo/media/doc/fy23_unclassified_vep_a=
nnual_reportpdf.pdf) )

Govtech giant Conduent hacked: Conduent=2C a major tech contractor for sta=
te and local governments=2C such as providing the tech that allows states=
to provide child support and other state benefits=2C was hacked. Conduent=
danced around the issue for most of the week=2C but eventually came clean=
(https://techcrunch.com/2025/01/22/conduent-confirms-outage-was-due-to-a-=
cybersecurity-incident/) that its ongoing outage was caused by a cyberatta=
ck. Several U.S. states were affected by the outage caused by Conduent's h=
ack. Conduent was hit by Maze ransomware in 2020=2C by the way=2C so somet=
hing to keep in mind. (via TechCrunch (https://techcrunch.com/2025/01/22/c=
onduent-confirms-outage-was-due-to-a-cybersecurity-incident/) )
~ ~


** THE HAPPY CORNER
------------------------------------------------------------
Welcome once again to the happy corner. Take a breath. (Paper bags availab=
le upon request.) Let's check in and see how our good friend Hello Kitty i=
s..
https://www.instagram.com/p/DFGoNwhR4Eh/?img_index=3D5
=2E..well=2C I guess that answers that.

There are a couple of scrapings from the barrel of good news this week. Fi=
rst up=2C the U.S. Second Circuit Court of Appeals ruled that backdoor sea=
rches by U.S. spy agencies of Anericans' private communications collected=
under the authority known as Section 702 are =E2=80=94 in fact =E2=80=94=
illegal. This means that U.S. authorities cannot search this massive data=
base of NSA-collected data for Americans' communications without first obt=
aining a warrant. That's a huge deal=2C actually. The EFF =E2=80=94 which=
has argued the unconstitutionality of warrantless access to Americans' da=
ta for more than a decade =E2=80=94 has a good blog post (https://www.eff.=
org/deeplinks/2025/01/victory-federal-court-finally-rules-backdoor-searche=
s-702-data-unconstitutional) on the decision=2C and so does Cato (https://=
www.cato.org/blog/federal-court-rules-fisa-section-702-back-door-searches-=
unconstitutional) .

And=2C lastly. I really hope this Reddit post (https://old.reddit.com/r/cs=
Majors/comments/1i7v7hg/my_teams_intern_just_found_a_critical_bug_by/) is=
real... this young'un intern may have saved an entire company by discover=
ing a bug in their legacy authentication system that's as old as the kid w=
ho found it. I'm not entirely sure what it means to call token validation=
"kinda thicc=2C" and their Jira ticketing could probably do with some wor=
k ("Auth be acting mad sus")=2C but this is... absolutely excellent work.=
Hats off to the kid=2C and I hope they get a full-time job out of this. P=
lus=2C per the post=2C now the company has to explain to the CEO what "no=
cap frfr" means.
If you have good news you want to share=2C get in touch at: this@weekinsec=
urity.com (mailto:this@weekinsecurity.com?subject=3DGood%20news%20for%20yo=
ur%20newsletter) .
~ ~


** CYBER CATS & FRIENDS
------------------------------------------------------------
This week's cybercat is Cow=2C who can be seen here taking it easy after a=
long day hacking. Many thanks to Keegan P. for sending in! (Apparently=2C=
cybercats can be exchanged for extra credit in cybersecurity class =E2=80=
=94 that's so cool! A+ cybercatting.)
Cow is a very fluffy white kitty with big paws and rolling on their back o=
n the carpet by the garden door.
Keep sending in your cyber cats! (mailto:this@weekinsecurity.com?Subject=
=3DCyber%20Cat%20%28%26%20Friends%29%20submission&Body=3DPlease%20include%=
20a%20JPG%20of%20your%20cyber%20cat%20%28or%20other%20non-feline%20friend%=
29%2C%20their%20name%2C%20and%20also%20your%20name%20and/or%20Twitter%20ha=
ndle%20if%20you%20want%20credit.) (or a non-feline friend). Drop me an ema=
il at any time with their name and a photo=2C and they'll be featured in a=
n upcoming newsletter!
~ ~


** SUGGESTION BOX
------------------------------------------------------------
And that's it for this week... hope everyone is doing OK and sending my be=
st to you from a very=2C very chilly U.S. east coast. As always=2C feel fr=
ee to get in touch if you have anything you want to share for the newslett=
er =E2=80=94 drop me an email (mailto:this@weekinsecurity.com) any time.

Catch you next Sunday=2C
@zackwhittaker (http://mastodon.social/@zackwhittaker)

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
You are receiving this email because you opted in.

~this week in security~ doesn't track email opens or clicks.
($) indicate sites with paywalls or logins. Please support journalism!

Our mailing address is: ~this week in security~
Zack Whittaker
PO Box 415
Jersey City=2C NJ 07303-0415
USA
You can ** update your preferences (https://social.us18.list-manage.com/pr=
ofile?u=3De1ad6038c994abec17dafb116&id=3Da2457dc8ad&e=3D9d10de3b61&c=3D2ec73=
1902e)
or ** unsubscribe from this list (https://social.us18.list-manage.com/unsu=
bscribe?u=3De1ad6038c994abec17dafb116&id=3Da2457dc8ad&t=3Db&e=3D9d10de3b61&c=
=3D2ec731902e)
=2E
--_----------=_MCPart_30188012
Content-Type: text/html; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

<!doctype html>
<html xmlns=3D"http://www.w3.org/1999/xhtml" xmlns:v=3D"urn:schemas-micros=
oft-com:vml" xmlns:o=3D"urn:schemas-microsoft-com:office:office">
<head><meta name=3D"twitter:image:src" content=3D"https://gallery.mail=
chimp.com/e1ad6038c994abec17dafb116/images/dfcfdb2e-8ab2-450c-a830-1461d1a=
efb25.png"><meta name=3D"twitter:description" content=3D"Plus: Fake ads ta=
rget Mac users with malware=2C bugs expose Subaru cars to tracking=2C govt=
ech giant Conduent hacked=2C and more."><meta name=3D"twitter:title" conte=
nt=3D"~this week in security~ january 26 edition"><meta name=3D"twitter:ca=
rd" content=3D"summary_large_image"><meta property=3D"og:type" content=3D"=
article"><meta property=3D"og:description" content=3D"Plus: Fake ads targe=
t Mac users with malware=2C bugs expose Subaru cars to tracking=2C govtech=
giant Conduent hacked=2C and more."><meta property=3D"og:image" content=
=3D"https://gallery.mailchimp.com/e1ad6038c994abec17dafb116/images/dfcfdb2=
e-8ab2-450c-a830-1461d1aefb25.png"><meta property=3D"og:title" content=3D"=
~this week in security~ january 26 edition"><meta property=3D"og:url" cont=
ent=3D"http://eepurl.com/i8vMlA">
<!-- NAME: 1 COLUMN -->
<!--[if gte mso 15]>
<xml>
<o:OfficeDocumentSettings>
<o:AllowPNG/>
<o:PixelsPerInch>96</o:PixelsPerInch>
</o:OfficeDocumentSettings>
</xml>
<![endif]-->
<meta charset=3D"UTF-8">
<meta http-equiv=3D"X-UA-Compatible" content=3D"IE=3Dedge">
<meta name=3D"viewport" content=3D"width=3Ddevice-width=2C initial=
-scale=3D1">
<title>this week in security =E2=80=94 january 26 edition</title>

<style type=3D"text/css">
=09=09p{
=09=09=09margin:10px 0;
=09=09=09padding:0;
=09=09}
=09=09table{
=09=09=09border-collapse:collapse;
=09=09}
=09=09h1=2Ch2=2Ch3=2Ch4=2Ch5=2Ch6{
=09=09=09display:block;
=09=09=09margin:0;
=09=09=09padding:0;
=09=09}
=09=09img=2Ca img{
=09=09=09border:0;
=09=09=09height:auto;
=09=09=09outline:none;
=09=09=09text-decoration:none;
=09=09}
=09=09body=2C#bodyTable=2C#bodyCell{
=09=09=09height:100%;
=09=09=09margin:0;
=09=09=09padding:0;
=09=09=09width:100%;
=09=09}
=09=09.mcnPreviewText{
=09=09=09display:none !important;
=09=09}
=09=09#outlook a{
=09=09=09padding:0;
=09=09}
=09=09img{
=09=09=09-ms-interpolation-mode:bicubic;
=09=09}
=09=09table{
=09=09=09mso-table-lspace:0pt;
=09=09=09mso-table-rspace:0pt;
=09=09}
=09=09.ReadMsgBody{
=09=09=09width:100%;
=09=09}
=09=09.ExternalClass{
=09=09=09width:100%;
=09=09}
=09=09p=2Ca=2Cli=2Ctd=2Cblockquote{
=09=09=09mso-line-height-rule:exactly;
=09=09}
=09=09a[href^=3Dtel]=2Ca[href^=3Dsms]{
=09=09=09color:inherit;
=09=09=09cursor:default;
=09=09=09text-decoration:none;
=09=09}
=09=09p=2Ca=2Cli=2Ctd=2Cbody=2Ctable=2Cblockquote{
=09=09=09-ms-text-size-adjust:100%;
=09=09=09-webkit-text-size-adjust:100%;
=09=09}
=09=09.ExternalClass=2C.ExternalClass p=2C.ExternalClass td=2C.ExternalCla=
ss div=2C.ExternalClass span=2C.ExternalClass font{
=09=09=09line-height:100%;
=09=09}
=09=09a[x-apple-data-detectors]{
=09=09=09color:inherit !important;
=09=09=09text-decoration:none !important;
=09=09=09font-size:inherit !important;
=09=09=09font-family:inherit !important;
=09=09=09font-weight:inherit !important;
=09=09=09line-height:inherit !important;
=09=09}
=09=09table[align=3Dleft]{
=09=09=09float:left;
=09=09}
=09=09table[align=3Dright]{
=09=09=09float:right;
=09=09}
=09=09#bodyCell{
=09=09=09padding:10px;
=09=09}
=09=09.templateContainer{
=09=09=09max-width:600px !important;
=09=09}
=09=09a.mcnButton{
=09=09=09display:block;
=09=09}
=09=09.mcnImage=2C.mcnRetinaImage{
=09=09=09vertical-align:bottom;
=09=09}
=09=09.mcnTextContent{
=09=09=09word-break:break-word;
=09=09}
=09=09.mcnTextContent img{
=09=09=09height:auto !important;
=09=09}
=09=09.mcnDividerBlock{
=09=09=09table-layout:fixed !important;
=09=09}
=09=09body=2C#bodyTable{
=09=09=09background-color:#ffffff;
=09=09}
=09=09#bodyCell{
=09=09=09border-top:0;
=09=09}
=09=09.templateContainer{
=09=09=09border:0;
=09=09}
=09=09h1{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:26px;
=09=09=09font-style:normal;
=09=09=09font-weight:bold;
=09=09=09line-height:125%;
=09=09=09letter-spacing:normal;
=09=09=09text-align:left;
=09=09}
=09=09h2{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:22px;
=09=09=09font-style:normal;
=09=09=09font-weight:bold;
=09=09=09line-height:125%;
=09=09=09letter-spacing:normal;
=09=09=09text-align:left;
=09=09}
=09=09h3{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:20px;
=09=09=09font-style:normal;
=09=09=09font-weight:bold;
=09=09=09line-height:125%;
=09=09=09letter-spacing:normal;
=09=09=09text-align:left;
=09=09}
=09=09h4{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:18px;
=09=09=09font-style:normal;
=09=09=09font-weight:bold;
=09=09=09line-height:125%;
=09=09=09letter-spacing:normal;
=09=09=09text-align:left;
=09=09}
=09=09#templatePreheader{
=09=09=09background-color:#ffffff;
=09=09=09background-image:none;
=09=09=09background-repeat:no-repeat;
=09=09=09background-position:center;
=09=09=09background-size:cover;
=09=09=09border-top:0;
=09=09=09border-bottom:0;
=09=09=09padding-top:9px;
=09=09=09padding-bottom:9px;
=09=09}
=09=09#templatePreheader .mcnTextContent=2C#templatePreheader .mcnTextCont=
ent p{
=09=09=09color:#656565;
=09=09=09font-family:Helvetica;
=09=09=09font-size:12px;
=09=09=09line-height:150%;
=09=09=09text-align:left;
=09=09}
=09=09#templatePreheader .mcnTextContent a=2C#templatePreheader .mcnTextCo=
ntent p a{
=09=09=09color:#656565;
=09=09=09font-weight:normal;
=09=09=09text-decoration:underline;
=09=09}
=09=09#templateHeader{
=09=09=09background-color:#ffffff;
=09=09=09background-image:none;
=09=09=09background-repeat:no-repeat;
=09=09=09background-position:center;
=09=09=09background-size:cover;
=09=09=09border-top:0;
=09=09=09border-bottom:0;
=09=09=09padding-top:9px;
=09=09=09padding-bottom:0;
=09=09}
=09=09#templateHeader .mcnTextContent=2C#templateHeader .mcnTextContent p{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:16px;
=09=09=09line-height:150%;
=09=09=09text-align:left;
=09=09}
=09=09#templateHeader .mcnTextContent a=2C#templateHeader .mcnTextContent=
p a{
=09=09=09color:#007C89;
=09=09=09font-weight:normal;
=09=09=09text-decoration:none;
=09=09}
=09=09#templateBody{
=09=09=09background-color:#ffffff;
=09=09=09background-image:none;
=09=09=09background-repeat:no-repeat;
=09=09=09background-position:center;
=09=09=09background-size:cover;
=09=09=09border-top:0;
=09=09=09border-bottom:2px solid #EAEAEA;
=09=09=09padding-top:0;
=09=09=09padding-bottom:9px;
=09=09}
=09=09#templateBody .mcnTextContent=2C#templateBody .mcnTextContent p{
=09=09=09color:#202020;
=09=09=09font-family:Helvetica;
=09=09=09font-size:16px;
=09=09=09line-height:125%;
=09=09=09text-align:left;
=09=09}
=09=09#templateBody .mcnTextContent a=2C#templateBody .mcnTextContent p a{
=09=09=09color:#007C89;
=09=09=09font-weight:normal;
=09=09=09text-decoration:underline;
=09=09}
=09=09#templateFooter{
=09=09=09background-color:#transparent;
=09=09=09background-image:none;
=09=09=09background-repeat:no-repeat;
=09=09=09background-position:center;
=09=09=09background-size:cover;
=09=09=09border-top:0;
=09=09=09border-bottom:0;
=09=09=09padding-top:9px;
=09=09=09padding-bottom:9px;
=09=09}
=09=09#templateFooter .mcnTextContent=2C#templateFooter .mcnTextContent p{
=09=09=09color:#656565;
=09=09=09font-family:Helvetica;
=09=09=09font-size:12px;
=09=09=09line-height:150%;
=09=09=09text-align:center;
=09=09}
=09=09#templateFooter .mcnTextContent a=2C#templateFooter .mcnTextContent=
p a{
=09=09=09color:#656565;
=09=09=09font-weight:normal;
=09=09=09text-decoration:underline;
=09=09}
=09@media only screen and (min-width:768px){
=09=09.templateContainer{
=09=09=09width:600px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09body=2Ctable=2Ctd=2Cp=2Ca=2Cli=2Cblockquote{
=09=09=09-webkit-text-size-adjust:none !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09body{
=09=09=09width:100% !important;
=09=09=09min-width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnRetinaImage{
=09=09=09max-width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImage{
=09=09=09width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnCartContainer=2C.mcnCaptionTopContent=2C.mcnRecContentContainer=
=2C.mcnCaptionBottomContent=2C.mcnTextContentContainer=2C.mcnBoxedTextCont=
entContainer=2C.mcnImageGroupContentContainer=2C.mcnCaptionLeftTextContent=
Container=2C.mcnCaptionRightTextContentContainer=2C.mcnCaptionLeftImageCon=
tentContainer=2C.mcnCaptionRightImageContentContainer=2C.mcnImageCardLeftT=
extContentContainer=2C.mcnImageCardRightTextContentContainer=2C.mcnImageCa=
rdLeftImageContentContainer=2C.mcnImageCardRightImageContentContainer{
=09=09=09max-width:100% !important;
=09=09=09width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnBoxedTextContentContainer{
=09=09=09min-width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageGroupContent{
=09=09=09padding:9px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnCaptionLeftContentOuter .mcnTextContent=2C.mcnCaptionRightConten=
tOuter .mcnTextContent{
=09=09=09padding-top:9px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageCardTopImageContent=2C.mcnCaptionBottomContent:last-child .=
mcnCaptionBottomImageContent=2C.mcnCaptionBlockInner .mcnCaptionTopContent=
:last-child .mcnTextContent{
=09=09=09padding-top:18px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageCardBottomImageContent{
=09=09=09padding-bottom:9px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageGroupBlockInner{
=09=09=09padding-top:0 !important;
=09=09=09padding-bottom:0 !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageGroupBlockOuter{
=09=09=09padding-top:9px !important;
=09=09=09padding-bottom:9px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnTextContent=2C.mcnBoxedTextContentColumn{
=09=09=09padding-right:18px !important;
=09=09=09padding-left:18px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnImageCardLeftImageContent=2C.mcnImageCardRightImageContent{
=09=09=09padding-right:18px !important;
=09=09=09padding-bottom:0 !important;
=09=09=09padding-left:18px !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcpreview-image-uploader{
=09=09=09display:none !important;
=09=09=09width:100% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09h1{
=09=09=09font-size:22px !important;
=09=09=09line-height:125% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09h2{
=09=09=09font-size:20px !important;
=09=09=09line-height:125% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09h3{
=09=09=09font-size:18px !important;
=09=09=09line-height:125% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09h4{
=09=09=09font-size:16px !important;
=09=09=09line-height:150% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09.mcnBoxedTextContentContainer .mcnTextContent=2C.mcnBoxedTextContent=
Container .mcnTextContent p{
=09=09=09font-size:14px !important;
=09=09=09line-height:150% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09#templatePreheader{
=09=09=09display:block !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09#templatePreheader .mcnTextContent=2C#templatePreheader .mcnTextCont=
ent p{
=09=09=09font-size:14px !important;
=09=09=09line-height:150% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09#templateHeader .mcnTextContent=2C#templateHeader .mcnTextContent p{
=09=09=09font-size:16px !important;
=09=09=09line-height:150% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09#templateBody .mcnTextContent=2C#templateBody .mcnTextContent p{
=09=09=09font-size:16px !important;
=09=09=09line-height:150% !important;
=09=09}

}=09@media only screen and (max-width: 480px){
=09=09#templateFooter .mcnTextContent=2C#templateFooter .mcnTextContent p{
=09=09=09font-size:14px !important;
=09=09=09line-height:150% !important;
=09=09}

}</style></head>
<body style=3D"height: 100%;margin: 0;padding: 0;width: 100%;-ms-text-=
size-adjust: 100%;-webkit-text-size-adjust: 100%;background-color: #ffffff=
;"><div itemscope=3D"" itemtype=3D"http://schema.org/EmailMessage"><div it=
emprop=3D"publisher" itemscope=3D"" itemtype=3D"http://schema.org/Organiza=
tion"><meta itemprop=3D"name" content=3D"~this week in security~"><link it=
emprop=3D"url" content=3D"https://mastodon.social/@zackwhittaker"></div><d=
iv itemprop=3D"about" itemscope=3D"" itemtype=3D"http://schema.org/Offer">=
<link itemprop=3D"image" href=3D"https://gallery.mailchimp.com/e1ad6038c99=
4abec17dafb116/images/dfcfdb2e-8ab2-450c-a830-1461d1aefb25.png"></div></di=
v>
<!--
-->
<!--[if !gte mso 9]><!----><span class=3D"mcnPreviewText" style=
=3D"display:none; font-size:0px; line-height:0px; max-height:0px; max-widt=
h:0px; opacity:0; overflow:hidden; visibility:hidden; mso-hide:all;">Trump=
's DHS guts cyber committees=2C PowerSchool hack hits 62M students=2C Chan=
ge Healthcare hack affects most Americans=2C and more.</span><!--<![endif=
]-->
<!--
-->
<center>
<table align=3D"center" border=3D"0" cellpadding=3D"0" cellspa=
cing=3D"0" height=3D"100%" width=3D"100%" id=3D"bodyTable" style=3D"border=
-collapse: collapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-s=
ize-adjust: 100%;-webkit-text-size-adjust: 100%;height: 100%;margin: 0;pad=
ding: 0;width: 100%;background-color: #ffffff;">
<tr>
<td align=3D"center" valign=3D"top" id=3D"bodyCell" st=
yle=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-te=
xt-size-adjust: 100%;height: 100%;margin: 0;padding: 10px;width: 100%;bord=
er-top: 0;">
<!-- BEGIN TEMPLATE // -->
<!--[if (gte mso 9)|(IE)]>
<table align=3D"center" border=3D"0" cellspacing=
=3D"0" cellpadding=3D"0" width=3D"600" style=3D"width:600px;">
<tr>
<td align=3D"center" valign=3D"top" width=3D"600"=
style=3D"width:600px;">
<![endif]-->
<table border=3D"0" cellpadding=3D"0" cellspacing=
=3D"0" width=3D"100%" class=3D"templateContainer" style=3D"border-collapse=
: collapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjus=
t: 100%;-webkit-text-size-adjust: 100%;border: 0;max-width: 600px !importa=
nt;">
<tr>
<td valign=3D"top" id=3D"templatePreheader=
" style=3D"background:#ffffff none no-repeat center/cover;mso-line-height-=
rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;ba=
ckground-color: #ffffff;background-image: none;background-repeat: no-repea=
t;background-position: center;background-size: cover;border-top: 0;border-=
bottom: 0;padding-top: 9px;padding-bottom: 9px;"><table border=3D"0" cellp=
adding=3D"0" cellspacing=3D"0" width=3D"100%" class=3D"mcnTextBlock" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #656565;text-align: left;">

<h1 class=3D"null" style=3D"text-align: center=
;display: block;margin: 0;padding: 0;color: #202020;font-family: Helvetica=
;font-size: 26px;font-style: normal;font-weight: bold;line-height: 125%;le=
tter-spacing: normal;"><span style=3D"font-size:27px"><span style=3D"color=
:#000000"><strong>~this week in security~</strong></span></span></h1>

<div style=3D"text-align: center;">a cybersecurity newsletter by <a href=
=3D"https://mastodon.social/@zackwhittaker" target=3D"_blank" style=3D"mso=
-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-ad=
just: 100%;color: #656565;font-weight: normal;text-decoration: underline;"=
>@zackwhittaker</a><br>
<br>
<span style=3D"font-size:14px"><strong><span style=3D"text-align:center">v=
olume 8=2C issue 4</span></strong></span><br>
<span style=3D"font-size:12px"><a href=3D"https://mailchi.mp/weekinsecurit=
y/this-week-in-security-january-26-2025-edition?e=3D9d10de3b61" target=3D"_b=
lank" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-w=
ebkit-text-size-adjust: 100%;color: #656565;font-weight: normal;text-decor=
ation: underline;">View this email in your browser</a> | <a href=3D"https:=
//us18.campaign-archive.com/feed?u=3De1ad6038c994abec17dafb116&id=3Da2457d=
c8ad" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-w=
ebkit-text-size-adjust: 100%;color: #656565;font-weight: normal;text-decor=
ation: underline;">RSS</a></span><br>
<br>
~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td valign=3D"top" id=3D"templateHeader" s=
tyle=3D"background:#ffffff none no-repeat center/cover;mso-line-height-rul=
e: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;backg=
round-color: #ffffff;background-image: none;background-repeat: no-repeat;b=
ackground-position: center;background-size: cover;border-top: 0;border-bot=
tom: 0;padding-top: 9px;padding-bottom: 0;"><table border=3D"0" cellpaddin=
g=3D"0" cellspacing=3D"0" width=3D"100%" class=3D"mcnTextBlock" style=3D"m=
in-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-table-r=
space: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">TH=
IS WEEK=2C TL;DR</span></span><span style=3D"font-size:16px"><span style=
=3D"font-weight:bolder"> </span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td valign=3D"top" id=3D"templateBody" sty=
le=3D"background:#ffffff none no-repeat center/cover;mso-line-height-rule:=
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;backgro=
und-color: #ffffff;background-image: none;background-repeat: no-repeat;bac=
kground-position: center;background-size: cover;border-top: 0;border-botto=
m: 2px solid #EAEAEA;padding-top: 0;padding-bottom: 9px;"><table border=3D=
"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" class=3D"mcnTextBlo=
ck" style=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0=
pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adju=
st: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong><a hr=
ef=3D"https://www.wired.com/story/big-interview-jen-easterly-cisa-cybersec=
urity/" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;=
-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-dec=
oration: underline;">Trump cyber team disbands CISA advisory committees in=
vestigating big hacks</a></strong><br>
<strong>Wired ($): </strong>We're now week one into Trump term two and it'=
s "all change" in government. Wired's <a href=3D"https://mastodon.online/@=
lhn/113877589757673685" style=3D"mso-line-height-rule: exactly;-ms-text-si=
ze-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight:=
normal;text-decoration: underline;">@lhn</a> scored the big exit intervie=
w with former CISA head <a href=3D"https://x.com/CISAJen" style=3D"mso-lin=
e-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust=
: 100%;color: #007C89;font-weight: normal;text-decoration: underline;">@CI=
SAJen</a>=2C who spoke of her time in government=2C the agency's successes=
=2C her concerns for the future=2C and more. It's a brilliant interview=2C=
plus video. Just as Easterly and the rest of the Biden cyber crew were em=
ptying their desks and departing government service=2C the new administrat=
ion has already brought in new people=2C changed the locks=2C and <a href=
=3D"https://x.com/ericgeller/status/1881804954547220650" style=3D"mso-line=
-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;color: #007C89;font-weight: normal;text-decoration: underline;">fire=
d</a> the cyber committees investigating major breaches =E2=80=94 includin=
g the China-backed Salt Typhoon hacks targeting major U.S. telcos and inte=
rnet giants. Members of those committees=2C such as the Cyber Safety Revie=
w Board (CSRB)=2C called the shutdowns <a href=3D"https://techcrunch.com/2=
025/01/22/trump-administration-fires-members-of-cybersecurity-review-board=
-in-horribly-shortsighted-decision/" style=3D"mso-line-height-rule: exactl=
y;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89=
;font-weight: normal;text-decoration: underline;">"horribly shortsighted."=
</a> For its rationale=2C DHS said it would no longer tolerate committees=
that "push agendas that attempt to undermine its national security missio=
n." <em>Uhh....</em>(??) ...so=2C not a great start=2C since getting to th=
e bottom of what's been described as the biggest (and <a href=3D"https://w=
ww.techdirt.com/2025/01/23/trump-disbands-cybersecurity-board-investigatin=
g-massive-chinese-phone-system-hack/" style=3D"mso-line-height-rule: exact=
ly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C8=
9;font-weight: normal;text-decoration: underline;">most serious</a>) set o=
f security breaches in recent history seems like it should be a priority=
=2C no? And that's not even getting into the <a href=3D"https://therecord.=
media/politicization-of-pclob-could-threaten-key-eu-us-data-transfer-agree=
ment" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-w=
ebkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decor=
ation: underline;">ordered resignations</a> of the members of PCLOB=2C the=
civil liberties board tasked with oversight of the intelligence agencies=
and a key data transfer agreement with Europe... all to say=2C there's be=
en a lot of change this week and not all of it particularly welcome.<br>
<strong>More:</strong> <a href=3D"https://techcrunch.com/2025/01/22/trump-=
administration-fires-members-of-cybersecurity-review-board-in-horribly-sho=
rtsighted-decision/" style=3D"mso-line-height-rule: exactly;-ms-text-size-=
adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: no=
rmal;text-decoration: underline;">TechCrunch</a> | <a href=3D"https://www.=
techdirt.com/2025/01/23/trump-disbands-cybersecurity-board-investigating-m=
assive-chinese-phone-system-hack/" style=3D"mso-line-height-rule: exactly;=
-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;f=
ont-weight: normal;text-decoration: underline;">Techdirt</a> | <a href=3D"=
https://www.reuters.com/world/us/us-department-homeland-security-firing-al=
l-advisory-committee-members-letter-2025-01-21/" style=3D"mso-line-height-=
rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;co=
lor: #007C89;font-weight: normal;text-decoration: underline;">Reuters ($)<=
/a> | <a href=3D"https://x.com/ericgeller/status/1881804954547220650" styl=
e=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text=
-size-adjust: 100%;color: #007C89;font-weight: normal;text-decoration: und=
erline;">@ericgeller</a> | <a href=3D"https://bsky.app/profile/kevincollie=
r.bsky.social/post/3lgbqjt7fbc2t" style=3D"mso-line-height-rule: exactly;-=
ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;fo=
nt-weight: normal;text-decoration: underline;">@kevincollier</a> | <a href=
=3D"https://bsky.app/profile/k8em0.bsky.social/post/3lgdy4kwots26" style=
=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;color: #007C89;font-weight: normal;text-decoration: unde=
rline;">@k8em0</a><br>
<br>
<strong><a href=3D"https://www.bleepingcomputer.com/news/security/powersch=
ool-hacker-claims-they-stole-data-of-62-million-students/" style=3D"mso-li=
ne-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjus=
t: 100%;color: #007C89;font-weight: normal;text-decoration: underline;">Po=
werSchool hacker claims theft of 62 million students' data</a></strong><br=
>
<strong>Bleeping Computer: </strong>U.S. edtech software giant PowerSchool=
=2C whose school information system tech is used by thousands of school di=
stricts across North America=2C was breached=2C and the hacker claims to h=
ave stolen data on 62 million students and more than 9 million teachers. P=
owerSchool=2C for its part=2C has said <a href=3D"https://techcrunch.com/2=
025/01/22/what-powerschool-isnt-saying-about-its-massive-student-data-brea=
ch/" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-we=
bkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decora=
tion: underline;">very little</a> about the breach (gotta put those crisis=
comms dollars to work!) but schools are reporting breaches going back <a=
href=3D"https://techcrunch.com/2025/01/21/toronto-school-district-says-40=
-years-of-student-data-stolen-in-powerschool-breach/" style=3D"mso-line-he=
ight-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 10=
0%;color: #007C89;font-weight: normal;text-decoration: underline;">in some=
cases <em>decades</em></a>. Cue Toronto's school district=2C which says d=
ata added to its system includes information on students dating back to 19=
85. We're still waiting on the final incident report from CrowdStrike =E2=
=80=94 but so far=2C all signs point to a single stolen credential and no=
MFA that allowed access to reams of people's private data. If that sounds=
familiar=2C that's <em>exactly</em> how hackers broke into Change Healthc=
are last year.<br>
<strong>More:</strong> <a href=3D"https://www.theregister.com/2025/01/22/p=
owerschool_canada_lawsuits/" style=3D"mso-line-height-rule: exactly;-ms-te=
xt-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-we=
ight: normal;text-decoration: underline;">The Register</a> | <a href=3D"ht=
tps://techcrunch.com/2025/01/22/what-powerschool-isnt-saying-about-its-mas=
sive-student-data-breach/" style=3D"mso-line-height-rule: exactly;-ms-text=
-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weig=
ht: normal;text-decoration: underline;">TechCrunch</a> | <a href=3D"https:=
//www.k12dive.com/news/powerschool-data-breach-lawsuits-negligence/737900/=
" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decoratio=
n: underline;">K-12 Dive</a> | <a href=3D"https://arstechnica.com/security=
/2025/01/students-parents-and-teachers-still-smarting-from-breach-exposing=
-their-info/" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;te=
xt-decoration: underline;">Ars Technica</a> | <a href=3D"https://mastodon.=
social/@zackwhittaker/113889490267756163" style=3D"mso-line-height-rule: e=
xactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #0=
07C89;font-weight: normal;text-decoration: underline;">@zackwhittaker</a><=
/span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">

<a href=3D"https://bsky.app/profile/ta=
rah.org/post/3lgjdjoirpc2e" title=3D"" class=3D"" target=3D"_blank" style=
=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;">
<img align=3D"middle" alt=3D"Tarah=
Wheeler post on Bsky: &quot;I say this as a CEO: From now on=2C when chil=
dren=E2=80=99s health data is compromised because multi factor authenticat=
ion was not enforced=2C fire the CEO=2C not the CISO. I mean=2C sure=2C fi=
re the CISO as well=2C but the CEO bears the responsibility=2C&quot; follo=
wed by a link to an Ars Technica story." src=3D"https://mcusercontent.com/=
e1ad6038c994abec17dafb116/images/cd5b26ef-194a-c3d8-cfcd-98ae756ea038.jpeg=
" width=3D"564" style=3D"max-width: 1000px;padding-bottom: 0;display: inli=
ne !important;vertical-align: bottom;border: 0;height: auto;outline: none;=
text-decoration: none;-ms-interpolation-mode: bicubic;" class=3D"mcnImage"=
>
</a>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong><a hr=
ef=3D"https://techcrunch.com/2025/01/24/unitedhealth-confirms-190-million-=
americans-affected-by-change-healthcare-data-breach/" style=3D"mso-line-he=
ight-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 10=
0%;color: #007C89;font-weight: normal;text-decoration: underline;">UnitedH=
ealth confirms 190M Americans affected by Change Healthcare data breach</a=
></strong><br>
<strong>TechCrunch: </strong>...speaking of Change Healthcare=2C it's the=
worst medical data breach in history that somehow inexplicably keeps gett=
ing worse. Yes=2C the ransomware attack on the UnitedHealth-owned health t=
ech giant last February now affects 190 million people in America=2C almos=
t double the previous estimate given in October. It's an absolutely abhorr=
ent and horrendous breach that will affect <em>the majority</em> of people=
in America for life. Even if you haven't interacted with UnitedHealth=2C=
there's a good chance Change still handled your data=2C thanks to its siz=
e =E2=80=94 in large part thanks to unchecked corporate consolidation over=
the years. Per <a href=3D"https://www.changehealthcare.com/hipaa-substitu=
te-notice.html" target=3D"_blank" style=3D"mso-line-height-rule: exactly;-=
ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;fo=
nt-weight: normal;text-decoration: underline;">its HIPAA notice</a>=2C the=
stolen data includes patients' health data=2C billing and insurance infor=
mation=2C diagnoses=2C medications=2C test results=2C and more. All the wh=
ile=2C UnitedHealth made $400 billion (yes=2C with a <em><u>b</u></em>) in=
revenue in 2024 =E2=80=94 but couldn't seem to bother with basic cybersec=
urity practices=2C like MFA. Change said it'll notify the U.S. government'=
s health department formally at a later date. <em>(Disclosure: I wrote thi=
s story.)</em><br>
<strong>More:</strong> <a href=3D"https://www.fiercehealthcare.com/payers/=
unitedhealth-estimates-190m-people-impacted-change-healthcare-cyberattack"=
style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit=
-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decoration=
: underline;">Fierce Healthcare</a> | <a href=3D"https://www.wsj.com/artic=
les/unitedhealth-estimates-change-healthcare-hack-impacted-about-190-milli=
on-people-9564533c" style=3D"mso-line-height-rule: exactly;-ms-text-size-a=
djust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: nor=
mal;text-decoration: underline;">WSJ Pro ($)</a> | <a href=3D"https://www.=
reuters.com/business/healthcare-pharmaceuticals/unitedhealth-confirms-190-=
million-americans-affected-by-hack-tech-unit-2025-01-24/" style=3D"mso-lin=
e-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust=
: 100%;color: #007C89;font-weight: normal;text-decoration: underline;">Reu=
ters ($)</a></span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">TH=
E STUFF YOU MIGHT'VE MISSED</span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong><a hr=
ef=3D"https://www.404media.co/the-powerful-ai-tool-that-cops-or-stalkers-c=
an-use-to-geolocate-photos-in-seconds/" style=3D"mso-line-height-rule: exa=
ctly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007=
C89;font-weight: normal;text-decoration: underline;">AI tool helps cops (o=
r stalkers) geolocate photos in seconds</a></strong><br>
<strong>404 Media ($): </strong> Prepare to get freaked out: a new closed-=
access AI tool dubbed GeoSpy can examine photos and geolocate where they w=
ere captured within seconds=2C based on surrounding information =E2=80=94=
including landmarks=2C architecture=2C and more. Some open-source intelli=
gence (OSINT) tools exist like this in a very basic form to geolocate phot=
os but GeoSpy seems to massively soup up those capabilities. Think twice b=
efore you take that photo... (or any photo=2C really).</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">

<a href=3D"https://infosec.exchange/@j=
osephcox/113861090742371502" title=3D"" class=3D"" target=3D"_blank" style=
=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;">
<img align=3D"middle" alt=3D"A scr=
enshot of the GeoSpy tool=2C showing someone's photo and a larger map show=
ing where that photo was geolocated =E2=80=94 based on surrounding informa=
tion in the photo itself=2C such as landmarks. " src=3D"https://mcusercont=
ent.com/e1ad6038c994abec17dafb116/images/92864a6f-61c2-3cf8-87e9-eddc6e188=
5a6.jpeg" width=3D"564" style=3D"max-width: 1000px;padding-bottom: 0;displ=
ay: inline !important;vertical-align: bottom;border: 0;height: auto;outlin=
e: none;text-decoration: none;-ms-interpolation-mode: bicubic;" class=3D"m=
cnImage">
</a>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong><a hr=
ef=3D"https://www.bleepingcomputer.com/news/security/fake-homebrew-google-=
ads-target-mac-users-with-malware/" style=3D"mso-line-height-rule: exactly=
;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;=
font-weight: normal;text-decoration: underline;">Fake ads target Mac users=
with malware</a></strong><br>
<strong>Bleeping Computer: </strong> As if we need <a href=3D"https://tech=
crunch.com/2022/12/22/fbi-ad-blocker/" style=3D"mso-line-height-rule: exac=
tly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C=
89;font-weight: normal;text-decoration: underline;">any more reasons</a> t=
o <a href=3D"https://techcrunch.com/2024/04/13/government-spyware-use-ad-b=
locker/" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%=
;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-de=
coration: underline;">use an ad-blocker</a>=2C but here we are. Malicious=
Google ads caught masquerading as Homebrew ads are directing Mac users to=
download malware=2C tricking victims into thinking they're downloading th=
e legitimate open-source package manager. (Per <a href=3D"https://x.com/JT=
Parker09/status/1881754775819374664" style=3D"mso-line-height-rule: exactl=
y;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89=
;font-weight: normal;text-decoration: underline;">@JTParker09</a>=2C here'=
s the <a href=3D"https://www.virustotal.com/gui/file/b329b32fa3e87f2e8ff7d=
c3d080e2d042a5484d26f220028b556000389a437c5" style=3D"mso-line-height-rule=
: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color:=
#007C89;font-weight: normal;text-decoration: underline;">VirusTotal link<=
/a>). Malicious ads are a common way for attackers to target people search=
ing for certain software. Use an ad-blocker! <a href=3D"https://github.com=
/gorhill/uBlock" style=3D"mso-line-height-rule: exactly;-ms-text-size-adju=
st: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal=
;text-decoration: underline;">uBlock Origin</a> is one of the best (<a hre=
f=3D"https://kaylees.site/wipr.html" style=3D"mso-line-height-rule: exactl=
y;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89=
;font-weight: normal;text-decoration: underline;">Wipr</a>=2C too); and if=
your browser doesn't support it=2C <em>change your browser</em>.<br>
<br>
<strong><a href=3D"https://letsencrypt.org/2025/01/22/ending-expiration-em=
ails/" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-=
webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-deco=
ration: underline;">No more Let's Encrypt expiry emails</a></strong><br>
<strong>Let's Encrypt: </strong> Everyone's favorite free TLS certificate=
issuer Let's Encrypt will soon no longer send out email notifications for=
expired domains beginning June 2025. Let's Encrypt certs expire after 90=
days (and can be automatically renewed)=2C but found that sending emails=
cost the nonprofit-run organization thousands of dollars each year in ema=
ils. On the flip side=2C by not emailing people=2C the organization no lon=
ger has to store email address information that isn't necessary =E2=80=94=
so that's a win for privacy. Nice! <em>(via <a href=3D"https://bsky.app/p=
rofile/campuscodi.risky.biz/post/3lgetbfyiwc2k" style=3D"mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;col=
or: #007C89;font-weight: normal;text-decoration: underline;">@campuscodi</=
a>)</em><br>
<br>
<strong><a href=3D"https://www.theregister.com/2025/01/23/fortigate_config=
_leaks_infoseccers_list_victim_emails/" style=3D"mso-line-height-rule: exa=
ctly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007=
C89;font-weight: normal;text-decoration: underline;">FortiGate config leak=
s now reveal victim email addresses</a></strong><br>
<strong>The Register: </strong> If you recall=2C someone recently released=
around 15=2C000 configuration files for FortiGate firewalls used by enter=
prises across the globe. These config files contain credentials=2C IP addr=
esses =E2=80=94 and now <a href=3D"https://www.theregister.com/2025/01/23/=
fortigate_config_leaks_infoseccers_list_victim_emails/" style=3D"mso-line-=
height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;color: #007C89;font-weight: normal;text-decoration: underline;">emai=
l addresses</a> =E2=80=94 which at least makes it somewhat easier to ident=
ify individuals at affected organizations. Cyber weatherman <a href=3D"htt=
ps://cyberplace.social/@GossiTheDog/113874064792010448" style=3D"mso-line-=
height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;color: #007C89;font-weight: normal;text-decoration: underline;">@Gos=
siTheDog</a> (with a <a href=3D"https://doublepulsar.com/2022-zero-day-was=
-used-to-raid-fortigate-firewall-configs-somebody-just-released-them-a7a74=
e0b0c7f" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%=
;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-de=
coration: underline;">Medium ($)</a> blog post on the issue) also publishe=
d <a href=3D"https://raw.githubusercontent.com/GossiTheDog/Monitoring/refs=
/heads/main/Fortigate-Config-Dump-emails.txt" style=3D"mso-line-height-rul=
e: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color=
: #007C89;font-weight: normal;text-decoration: underline;">the known email=
addresses</a> for visibility=2C and is now reporting a slightly clearer f=
orecast for affected orgs to take action.<br>
<br>
<strong><a href=3D"https://samcurry.net/hacking-subaru" style=3D"mso-line-=
height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;color: #007C89;font-weight: normal;text-decoration: underline;">Web=
bugs exposed Subaru's system for tracking millions of cars</a></strong><b=
r>
<strong>Sam Curry: </strong> I can't remember who first said modern cars a=
re trackers on wheels=2C but it's absolutely true. No more so than Subaru=
vehicles=2C thanks to a buggy Subaru web portal used by employees. <a hre=
f=3D"https://x.com/samwcyo" style=3D"mso-line-height-rule: exactly;-ms-tex=
t-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-wei=
ght: normal;text-decoration: underline;">Sam Curry</a>=2C the incredible c=
ar hacker of today's times=2C along with <a href=3D"https://x.com/infosec_=
au" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-web=
kit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decorat=
ion: underline;">Shubham Shah</a>=2C found bugs in the portal allowing any=
one to track Subaru vehicles =E2=80=94 including their historical location=
data(!). He proved this by asking his mum for permission to access her Su=
baru's location across Omaha over a <em>year!</em> (supportive parents=2C=
ftw!). The bugs also allowed anyone to take control of the vehicle=2C lik=
e unlocking the car and honking its horn. <a href=3D"https://www.wired.com=
/story/subaru-location-tracking-vulnerabilities/" style=3D"mso-line-height=
-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;c=
olor: #007C89;font-weight: normal;text-decoration: underline;">Wired ($)</=
a> digs in with its own reporting. (Car makers: <em>please</em> make a "st=
upid" car. No internet connections wanted!)</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">

<a href=3D"https://samcurry.net/hackin=
g-subaru" title=3D"" class=3D"" target=3D"_blank" style=3D"mso-line-height=
-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;"=
>
<img align=3D"middle" alt=3D"A scr=
eenshot of a Google Map showing all of the locations across Omaha where Sa=
m Curry tracked his mum's Subaru car using bugs in a Subaru staff portal.=
" src=3D"https://mcusercontent.com/e1ad6038c994abec17dafb116/images/1b0c5=
5f4-b659-f030-376d-7256b7ef3bc2.jpeg" width=3D"564" style=3D"max-width: 10=
00px;padding-bottom: 0;display: inline !important;vertical-align: bottom;b=
order: 0;height: auto;outline: none;text-decoration: none;-ms-interpolatio=
n-mode: bicubic;" class=3D"mcnImage">
</a>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong><a hr=
ef=3D"https://www.bleepingcomputer.com/news/security/new-android-identity-=
check-locks-settings-outside-trusted-locations/" style=3D"mso-line-height-=
rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;co=
lor: #007C89;font-weight: normal;text-decoration: underline;">New Android=
anti-theft security feature lands</a></strong><br>
<strong>Bleeping Computer: </strong> Google has a new Android "identity ch=
eck" feature that locks sensitive device and account settings behind a bio=
metric lock (like your fingerprint or face scan) when outside of a trusted=
location=2C such as home or work. This is meant to prevent device thieves=
from taking control of your unlocked but snatched device. It's a similar=
(if not almost identical) feature <a href=3D"https://support.apple.com/en=
-us/120340" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 1=
00%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text=
-decoration: underline;">rolled out by Apple</a> last year. It's a good id=
ea=2C but so far limited to Google Pixel devices running Android 15 and Sa=
msung Galaxy phones running One UI 7.<br>
<br>
<strong><a href=3D"https://gist.github.com/zachlatta/f86317493654b550c689d=
c6509973aa4" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;te=
xt-decoration: underline;">Almost phished using a crafty Google short-URL=
attack</a></strong><br>
<strong>Zach Latta: </strong> Here's a detailed walkthrough of how Zach La=
tta <em>almost</em> got phished by a pretty complex attack involving Googl=
e's official g.co URL shortcut. This attack almost resulted in Latta grant=
ing access to his Google account hijacked. Of course=2C a big part of this=
is to <a href=3D"https://techcrunch.com/2024/09/07/for-security-we-have-t=
o-stop-picking-up-the-phone/" style=3D"mso-line-height-rule: exactly;-ms-t=
ext-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-w=
eight: normal;text-decoration: underline;">stop picking up the phone</a> (=
and manually checking for signs of improper account activity yourself)=2C=
but this walkthrough might help save you =E2=80=94 or someone else =E2=80=
=94 from this crafty hack attempt. (I will add=2C though: this <a href=3D"=
https://gist.github.com/zachlatta/f86317493654b550c689dc6509973aa4?permali=
nk_comment_id=3D5406650#gistcomment-5406650" style=3D"mso-line-height-rule=
: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color:=
#007C89;font-weight: normal;text-decoration: underline;">comment</a> crac=
ked me up. "The first evidence that it was a scam was that you received a=
call from Google support. Google's lack of customer support is legendary.=
")</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">


<img align=3D"middle" alt=3D"A phi=
shing email that looks almost like a perfect Google Workspace spoof=2C say=
ing &quot;Your Google Account has been reset=2C&quot; using the g.co subdo=
main." src=3D"https://mcusercontent.com/e1ad6038c994abec17dafb116/images/6=
2b8cff6-00c3-2004-cd5a-438ee538179e.jpeg" width=3D"564" style=3D"max-width=
: 1000px;padding-bottom: 0;display: inline !important;vertical-align: bott=
om;border: 0;height: auto;outline: none;text-decoration: none;-ms-interpol=
ation-mode: bicubic;" class=3D"mcnImage">


</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnBoxedTextBlock" style=3D"min-width: 100%;border-collapse:=
collapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust=
: 100%;-webkit-text-size-adjust: 100%;">
<!--[if gte mso 9]>
=09<table align=3D"center" border=3D"0" cellspacing=3D"0" cellpadding=3D"0=
" width=3D"100%">
=09<![endif]-->
=09<tbody class=3D"mcnBoxedTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnBoxedTextBlockInner" style=3D"m=
so-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-=
adjust: 100%;">

=09=09=09=09<!--[if gte mso 9]>
=09=09=09=09<td align=3D"center" valign=3D"top" ">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" width=3D"100%" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;float: left;" class=3D"mcnBoxedTextConten=
tContainer">
<tbody><tr>

<td style=3D"padding-top: 9px;padding-left: 18px;p=
adding-bottom: 9px;padding-right: 18px;mso-line-height-rule: exactly;-ms-t=
ext-size-adjust: 100%;-webkit-text-size-adjust: 100%;">

<table border=3D"0" cellspacing=3D"0" class=3D=
"mcnTextContentContainer" width=3D"100%" style=3D"min-width: 100% !importa=
nt;background-color: #F5F5F5;border: 3px dotted #54B2AA;border-collapse: c=
ollapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">
<tbody><tr>
<td valign=3D"top" class=3D"mcnTextCon=
tent" style=3D"padding: 18px;color: #222222;font-family: Helvetica;font-si=
ze: 14px;font-weight: normal;line-height: 150%;text-align: center;mso-line=
-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;word-break: break-word;">
<div style=3D"text-align: center;"=
><span style=3D"font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-seri=
f"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">THANK=
S FOR READING!</span></span></span></div>
&nbsp;

<div style=3D"text-align: left;"><span style=3D"font-size:15px"><span styl=
e=3D"font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong>=
~this week in security~</strong> is my free weekly cybersecurity newslette=
r supported entirely by donations from readers like you. As a <a href=3D"h=
ttps://techcrunch.com/author/zack-whittaker/" style=3D"mso-line-height-rul=
e: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color=
: #007C89;font-weight: normal;text-decoration: underline;">working journal=
ist</a>=2C I don't run ads or accept sponsors for this newsletter. Donatio=
ns help reduce the costs of sending this newsletter while keeping it free=
=2C weekly=2C and without tracking.<br>
<br>
<strong>To support this newsletter</strong>=2C <a href=3D"https://ko-fi.co=
m/thisweekinsecurity" target=3D"_blank" style=3D"mso-line-height-rule: exa=
ctly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007=
C89;font-weight: normal;text-decoration: underline;"><strong>check out my=
Ko-fi</strong></a> to drop a one-time donation=2C or sign up from $10/mon=
thly to get <a href=3D"https://ko-fi.com/thisweekinsecurity/tiers" target=
=3D"_blank" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 1=
00%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text=
-decoration: underline;">cool swag</a> shipped worldwide.</span></span></d=
iv>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if gte mso 9]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if gte mso 9]>
</tr>
</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">OT=
HER NEWSY NUGGETS</span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong>Cloud=
flare issue leaks chat app users' broad location: </strong> Really impress=
ive work here by security researcher <a href=3D"https://gist.github.com/ha=
ckermondev/45a3cdfa52246f1d1201c1e8cdef6117" style=3D"mso-line-height-rule=
: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color:=
#007C89;font-weight: normal;text-decoration: underline;">Daniel</a>=2C a=
15-year-old high school junior=2C who discovered an impressive informatio=
n disclosure bug that allows anyone to determine someone's broad location=
(like a person's city) by sending an image (or emoji) to a target =E2=80=
=94 using a friend request push notification on Discord=2C for example. Th=
e issue at hand is that the image is cached in one of Cloudflare's datacen=
ters closest to the intended target=2C which can be used to infer roughly=
where a person is located. As noted by <a href=3D"https://www.404media.co=
/cloudflare-issue-can-leak-chat-app-users-broad-location/" style=3D"mso-li=
ne-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjus=
t: 100%;color: #007C89;font-weight: normal;text-decoration: underline;">40=
4 Media ($)</a>=2C this shows the importance for at-risk users "to protect=
not just their message contents=2C but their network activity as well." (=
<em>via <a href=3D"https://gist.github.com/hackermondev/45a3cdfa52246f1d12=
01c1e8cdef6117" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjus=
t: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;=
text-decoration: underline;">@hackermondev</a></em>)</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">

<a href=3D"https://gist.github.com/hac=
kermondev/45a3cdfa52246f1d1201c1e8cdef6117" title=3D"" class=3D"" target=
=3D"_blank" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 1=
00%;-webkit-text-size-adjust: 100%;">
<img align=3D"middle" alt=3D"An an=
imated GIF showing a Discord bot that creates an image cached by Cloudflar=
e=2C and sent to someone=2C allowing the bot to return an approximate loca=
tion of where that recipient is=2C based on the distance of the recipient=
to Cloudflare's nearest datacenter." src=3D"https://mcusercontent.com/e1a=
d6038c994abec17dafb116/images/8df0e0f5-a95a-c758-82ef-7572090a4190.gif" wi=
dth=3D"564" style=3D"max-width: 800px;padding-bottom: 0;display: inline !i=
mportant;vertical-align: bottom;border: 0;height: auto;outline: none;text-=
decoration: none;-ms-interpolation-mode: bicubic;" class=3D"mcnImage">
</a>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><strong>Court=
reconsiders Pompompurin sentence: </strong> Conor Fitzpatrick=2C aka Pomp=
ompurin=2C a prolific hacker behind <a href=3D"https://www.justice.gov/opa=
/pr/justice-department-announces-arrest-founder-one-world-s-largest-hacker=
-forums-and-disruption" style=3D"mso-line-height-rule: exactly;-ms-text-si=
ze-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight:=
normal;text-decoration: underline;">the notorious BreachForums</a> and ac=
cused of other major hacks (and <a href=3D"https://infosec.exchange/@nixon=
nixoff/113869199862962950" style=3D"mso-line-height-rule: exactly;-ms-text=
-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weig=
ht: normal;text-decoration: underline;">CSAM charges</a>)=2C will be re-se=
ntenced after a court found the hacker's previous punishment was not suffi=
cient. <a href=3D"https://cyberscoop.com/conor-fitzpatrick-resentenced-pom=
pompurin-breachforums/" style=3D"mso-line-height-rule: exactly;-ms-text-si=
ze-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight:=
normal;text-decoration: underline;">Cyberscoop</a> has more on the case.=
In short=2C the judge was <em>quite</em> un-thrilled by the hacker's lack=
of remorse and persistent violations of his probation by using a VPN to a=
ccess the internet. (<em>via <a href=3D"https://infosec.exchange/@PogoWasR=
ight/113869199601653766" style=3D"mso-line-height-rule: exactly;-ms-text-s=
ize-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight=
: normal;text-decoration: underline;">@PogoWasRight</a>=2C <a href=3D"http=
s://infosec.exchange/@nixonnixoff/113869199862962950" style=3D"mso-line-he=
ight-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 10=
0%;color: #007C89;font-weight: normal;text-decoration: underline;">@nixonn=
ixoff</a> </em>)<br>
<br>
<strong>To Pyongyang via North Carolina: </strong> The DOJ threw charges a=
t a North Carolina-based laptop farm this week=2C which prosecutors accuse=
of enabling North Korean IT workers to gain unauthorized employment at bi=
g U.S. firms and earn a wage (and stealing data) for the purposes of fundi=
ng the regime's nuclear weapons program. The scheme allowed the North Kore=
ans to earn around $866=2C000 over six years(!). Remember=2C these fake IT=
workers are everywhere =E2=80=94 they could even be in your company. The=
scale of this operation is absolutely huge=2C and has been able to <a hre=
f=3D"https://techcrunch.com/2024/11/28/north-korean-hackers-have-stolen-bi=
llions-in-crypto-by-posing-as-vcs-recruiters-and-it-workers/" style=3D"mso=
-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-ad=
just: 100%;color: #007C89;font-weight: normal;text-decoration: underline;"=
>generate <em>billions</em> in illegal revenue</a> for making nukes. Yeah=
=2C not great! (<em>via <a href=3D"https://cyberscoop.com/doj-indicts-five=
-in-north-korean-fake-it-worker-scheme/" style=3D"mso-line-height-rule: ex=
actly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #00=
7C89;font-weight: normal;text-decoration: underline;">Cyberscoop</a></em>)=
<br>
<br>
<strong>U.S. spies withheld a bunch o' bugs before 2023: </strong> Sometim=
es when the U.S. government (or a close ally =E2=80=94 a country or privat=
e company) finds a bug that its spies reckon could be used for=2C well=2C=
<em>spying</em>=2C the feds will keep hold of these bugs and use them in=
offensive cyber operations =E2=80=93 all the while without telling the af=
fected vendor. The feds make this decision through a process called VEP=2C=
or the vulnerabilities equities process. This week=2C the U.S. government=
revealed during 2023 that it informed companies of 39 bugs =E2=80=94 but=
that it previously withheld 10 bugs discovered in "prior years" from disc=
losure. In other words=2C 10 of those bugs were probably used to actively=
hack people. (<em>via <a href=3D"https://bsky.app/profile/joemenn.bsky.so=
cial/post/3lgj5ecwpz22p" style=3D"mso-line-height-rule: exactly;-ms-text-s=
ize-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight=
: normal;text-decoration: underline;">@joemenn</a>=2C <a href=3D"https://w=
ww.wyden.senate.gov/imo/media/doc/fy23_unclassified_vep_annual_reportpdf.p=
df" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-web=
kit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-decorat=
ion: underline;">Ron Wyden</a></em>)<br>
<br>
<strong>Govtech giant Conduent hacked: </strong> Conduent=2C a major tech=
contractor for state and local governments=2C such as providing the tech=
that allows states to provide child support and other state benefits=2C w=
as hacked. Conduent danced around the issue for most of the week=2C but <a=
href=3D"https://techcrunch.com/2025/01/22/conduent-confirms-outage-was-du=
e-to-a-cybersecurity-incident/" style=3D"mso-line-height-rule: exactly;-ms=
-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font=
-weight: normal;text-decoration: underline;">eventually came clean</a> tha=
t its ongoing outage was caused by a cyberattack. Several U.S. states were=
affected by the outage caused by Conduent's hack. Conduent was hit by Maz=
e ransomware in 2020=2C by the way=2C so something to keep in mind. (<em>v=
ia <a href=3D"https://techcrunch.com/2025/01/22/conduent-confirms-outage-w=
as-due-to-a-cybersecurity-incident/" style=3D"mso-line-height-rule: exactl=
y;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89=
;font-weight: normal;text-decoration: underline;">TechCrunch</a></em>)</sp=
an></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">TH=
E HAPPY CORNER</span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><span style=
=3D"font-style:normal">Welcome once again to the happy corner. Take a brea=
th. (Paper bags available upon request.) Let's check in and see how our go=
od friend Hello Kitty is..</span></span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">

<a href=3D"https://www.instagram.com/p=
/DFGoNwhR4Eh/?img_index=3D5" title=3D"" class=3D"" target=3D"_blank" style=
=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;">
<img align=3D"middle" alt=3D"A per=
son in a full-sized Hello Kitty constume=2C sat at an office desk with a c=
up of coffee=2C on her phone=2C with a huge fire in the background on some=
one else's desk. Hello Kitty does not appear to give a.f." src=3D"https://=
mcusercontent.com/e1ad6038c994abec17dafb116/images/8b6c6403-93af-92a3-f705=
-c3c3726a381e.jpg" width=3D"564" style=3D"max-width: 1000px;padding-bottom=
: 0;display: inline !important;vertical-align: bottom;border: 0;height: au=
to;outline: none;text-decoration: none;-ms-interpolation-mode: bicubic;" c=
lass=3D"mcnImage">
</a>

</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><span style=
=3D"font-style:normal">...well=2C I guess that answers that. </span><br>
<br>
<span style=3D"font-style:normal">There are a couple of scrapings from the=
barrel of good news this week. First up=2C the U.S. Second Circuit Court=
of Appeals ruled that backdoor searches by U.S. spy agencies of Anericans=
' private communications collected under the authority known as Section 70=
2 are =E2=80=94 in fact =E2=80=94 illegal. This means that U.S. authoritie=
s cannot search this massive database of NSA-collected data for Americans'=
communications without first obtaining a warrant. That's a huge deal=2C a=
ctually. The EFF =E2=80=94 which has argued the unconstitutionality of war=
rantless access to Americans' data for more than a decade =E2=80=94 has a=
<a href=3D"https://www.eff.org/deeplinks/2025/01/victory-federal-court-fi=
nally-rules-backdoor-searches-702-data-unconstitutional" style=3D"mso-line=
-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust:=
100%;color: #007C89;font-weight: normal;text-decoration: underline;">good=
blog post</a> on the decision=2C and so does <a href=3D"https://www.cato.=
org/blog/federal-court-rules-fisa-section-702-back-door-searches-unconstit=
utional" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%=
;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-de=
coration: underline;">Cato</a>.</span><br>
<br>
<span style=3D"font-style:normal">And=2C lastly. I really hope <a href=3D"=
https://old.reddit.com/r/csMajors/comments/1i7v7hg/my_teams_intern_just_fo=
und_a_critical_bug_by/" style=3D"mso-line-height-rule: exactly;-ms-text-si=
ze-adjust: 100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight:=
normal;text-decoration: underline;">this Reddit post</a> is real... this=
young'un intern may have saved an entire company by discovering a bug in=
their legacy authentication system that's as old as the kid who found it.=
I'm not entirely sure what it means to call token validation "kinda thicc=
=2C" and their Jira ticketing could probably do with some work ("Auth be a=
cting mad sus")=2C but this is... absolutely excellent work. Hats off to t=
he kid=2C and I hope they get a full-time job out of this. Plus=2C per the=
post=2C now the company has to explain to the CEO what "no cap frfr" mean=
s.</span></span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif">If you have g=
ood news you want to share=2C get in touch at: <a href=3D"mailto:this@week=
insecurity.com?subject=3DGood%20news%20for%20your%20newsletter" target=3D"=
_blank" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;=
-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;text-dec=
oration: underline;">this@weekinsecurity.com</a>.</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">CY=
BER CATS &amp; FRIENDS</span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif">This week's c=
ybercat is Cow=2C who can be seen here taking it easy after a long day hac=
king. Many thanks to Keegan P. for sending in! (Apparently=2C cybercats ca=
n be exchanged for extra credit in cybersecurity class =E2=80=94 that's so=
cool! A+ cybercatting.)</span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnImageBlock" style=3D"min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnImageBlockOuter">
<tr>
<td valign=3D"top" style=3D"padding: 9px;mso-line-height-r=
ule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;" c=
lass=3D"mcnImageBlockInner">
<table align=3D"left" width=3D"100%" border=3D"0" cell=
padding=3D"0" cellspacing=3D"0" class=3D"mcnImageContentContainer" style=
=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt;mso-ta=
ble-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
float: left;">
<tbody><tr>
<td class=3D"mcnImageContent" valign=3D"top" s=
tyle=3D"padding-right: 9px;padding-left: 9px;padding-top: 0;padding-bottom=
: 0;text-align: center;mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;">


<img align=3D"middle" alt=3D"Cow i=
s a very fluffy white kitty with big paws and rolling on their back on the=
carpet by the garden door." src=3D"https://mcusercontent.com/e1ad6038c994=
abec17dafb116/images/c882c002-ad62-9699-e3a6-383b5f2456cc.jpg" width=3D"56=
4" style=3D"max-width: 1000px;padding-bottom: 0;display: inline !important=
;vertical-align: bottom;border: 0;height: auto;outline: none;text-decorati=
on: none;-ms-interpolation-mode: bicubic;" class=3D"mcnImage">


</td>
</tr>
</tbody></table>
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif"><a href=3D"ma=
ilto:this@weekinsecurity.com?Subject=3DCyber%20Cat%20%28%26%20Friends%29%2=
0submission&Body=3DPlease%20include%20a%20JPG%20of%20your%20cyber%20cat%20=
%28or%20other%20non-feline%20friend%29%2C%20their%20name%2C%20and%20also%2=
0your%20name%20and/or%20Twitter%20handle%20if%20you%20want%20credit." targ=
et=3D"_blank" style=3D"mso-line-height-rule: exactly;-ms-text-size-adjust:=
100%;-webkit-text-size-adjust: 100%;color: #007C89;font-weight: normal;te=
xt-decoration: underline;"><strong>Keep sending in your cyber cats!</stron=
g></a> (or a non-feline friend). Drop me an email at any time with their n=
ame and a photo=2C and they'll be featured in an upcoming newsletter!</spa=
n></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<div style=3D"text-align: center;">~ ~</div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<h3 style=3D"display: block;margin: 0;padding:=
0;color: #202020;font-family: Helvetica;font-size: 20px;font-style: norma=
l;font-weight: bold;line-height: 125%;letter-spacing: normal;text-align: l=
eft;"><span style=3D"font-size:19px"><span style=3D"font-weight:bolder">SU=
GGESTION BOX</span></span></h3>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table><table border=3D"0" cellpadding=3D"0" cellspacing=3D"0" width=3D"1=
00%" class=3D"mcnTextBlock" style=3D"min-width: 100%;border-collapse: coll=
apse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 100=
%;-webkit-text-size-adjust: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding: 0px 18px 9px;font-family: Arial=2C &quot;Helvetica Neue&quot;=
=2C Helvetica=2C sans-serif;font-size: 14px;line-height: 150%;mso-line-hei=
ght-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100=
%;word-break: break-word;color: #202020;text-align: left;">

<span style=3D"font-size:15px"><span style=3D"=
font-family:arial=2Chelvetica neue=2Chelvetica=2Csans-serif">And that's it=
for this week... hope everyone is doing OK and sending my best to you fro=
m a very=2C very chilly U.S. east coast. As always=2C feel free to get in=
touch if you have anything you want to share for the newsletter =E2=80=94=
<a href=3D"mailto:this@weekinsecurity.com" style=3D"mso-line-height-rule:=
exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;color:=
#007C89;font-weight: normal;text-decoration: underline;">drop me an email=
</a> any time.<br>
<br>
Catch you next Sunday=2C<br>
<a href=3D"http://mastodon.social/@zackwhittaker" target=3D"_blank" style=
=3D"mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;color: #007C89;font-weight: normal;text-decoration: unde=
rline;">@zackwhittaker</a></span></span>
</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table></td>
</tr>
<tr>
<td valign=3D"top" id=3D"templateFooter" s=
tyle=3D"background:#transparent none no-repeat center/cover;mso-line-heigh=
t-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-adjust: 100%;=
background-color: #transparent;background-image: none;background-repeat: n=
o-repeat;background-position: center;background-size: cover;border-top: 0;=
border-bottom: 0;padding-top: 9px;padding-bottom: 9px;"><table border=3D"0=
" cellpadding=3D"0" cellspacing=3D"0" width=3D"100%" class=3D"mcnTextBlock=
" style=3D"min-width: 100%;border-collapse: collapse;mso-table-lspace: 0pt=
;mso-table-rspace: 0pt;-ms-text-size-adjust: 100%;-webkit-text-size-adjust=
: 100%;">
<tbody class=3D"mcnTextBlockOuter">
<tr>
<td valign=3D"top" class=3D"mcnTextBlockInner" style=3D"paddin=
g-top: 9px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webki=
t-text-size-adjust: 100%;">
=09<!--[if mso]>
=09=09=09=09<table align=3D"left" border=3D"0" cellspacing=3D"0" cellpaddi=
ng=3D"0" width=3D"100%" style=3D"width:100%;">
=09=09=09=09<tr>
=09=09=09=09<![endif]-->
=09=09=09
=09=09=09=09<!--[if mso]>
=09=09=09=09<td valign=3D"top" width=3D"600" style=3D"width:600px;">
=09=09=09=09<![endif]-->
<table align=3D"left" border=3D"0" cellpadding=3D"0" cells=
pacing=3D"0" style=3D"max-width: 100%;min-width: 100%;border-collapse: col=
lapse;mso-table-lspace: 0pt;mso-table-rspace: 0pt;-ms-text-size-adjust: 10=
0%;-webkit-text-size-adjust: 100%;float: left;" width=3D"100%" class=3D"mc=
nTextContentContainer">
<tbody><tr>

<td valign=3D"top" class=3D"mcnTextContent" style=
=3D"padding-top: 0;padding-right: 18px;padding-bottom: 9px;padding-left: 1=
8px;mso-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-=
size-adjust: 100%;word-break: break-word;color: #656565;font-family: Helve=
tica;font-size: 12px;line-height: 150%;text-align: center;">

<div style=3D"text-align: center;"><span style=
=3D"font-size:12px">
You are receiving this email because you opted in.<br>
<br>
~this week in security~ doesn't track email opens or&nbsp;clicks.<br>
($) indicate sites with paywalls or logins. Please support journalism!<br>
<br>
Our mailing address is:&nbsp;<div class=3D"vcard"><span class=3D"org fn">~=
this week in security~</span><div class=3D"adr"><div class=3D"street-addre=
ss">Zack Whittaker</div><div class=3D"extended-address">PO Box 415</div><s=
pan class=3D"locality">Jersey City</span>=2C <span class=3D"region">NJ</sp=
an> <span class=3D"postal-code">07303-0415</span></div><br><a href=3D"http=
s://social.us18.list-manage.com/vcard?u=3De1ad6038c994abec17dafb116&id=3Da=
2457dc8ad" class=3D"hcard-download">Add us to your address book</a></div>
<br>
You can <a href=3D"https://social.us18.list-manage.com/profile?u=3De1ad603=
8c994abec17dafb116&id=3Da2457dc8ad&e=3D9d10de3b61&c=3D2ec731902e" style=3D"m=
so-line-height-rule: exactly;-ms-text-size-adjust: 100%;-webkit-text-size-=
adjust: 100%;color: #656565;font-weight: normal;text-decoration: underline=
;">update your preferences</a> or <a href=3D"https://social.us18.list-mana=
ge.com/unsubscribe?u=3De1ad6038c994abec17dafb116&id=3Da2457dc8ad&t=3Db&e=
=3D9d10de3b61&c=3D2ec731902e" style=3D"mso-line-height-rule: exactly;-ms-tex=
t-size-adjust: 100%;-webkit-text-size-adjust: 100%;color: #656565;font-wei=
ght: normal;text-decoration: underline;">unsubscribe from this list</a>.</=
span></div>

</td>
</tr>
</tbody></table>
=09=09=09=09<!--[if mso]>
=09=09=09=09</td>
=09=09=09=09<![endif]-->

=09=09=09=09<!--[if mso]>
=09=09=09=09</tr>
=09=09=09=09</table>
=09=09=09=09<![endif]-->
</td>
</tr>
</tbody>
</table></td>
</tr>
</table>
<!--[if (gte mso 9)|(IE)]>
</td>
</tr>
</table>
<![endif]-->
<!-- // END TEMPLATE -->
</td>
</tr>
</table>
</center>
</body>
</html>
--_----------=_MCPart_30188012--
    (1-1/1)