Remediate Your Network

Today I wrap up my four-part series on how to secure your home network. We've enumerated our devices, gotten rid of stuff we don't need, assessed the state of our devices and now it's time to actually remediate any vulnerabilities we found. I'll walk you through everything you need to do. In other news: Chrome's Topics API has rolled out (and I'll tell you how to shut it off); Apple fixes two zero-day, zero-click exploits; FBI dismantles and even fixes the Qakbot malware network; the UK backs down on requirements to undermine end-to-end encryption; Macs are being targeted with a malvertising campaign; LastPass breach seems to be behind crypto wallet stealing; Apple reveals why it abandoned its CSAM scanning feature; Kias and Hyundais are being stolen left and right and are being sued; new cars are a privacy nightmare; Chrome extensions are able to steal private data from web pages. Article Links [The Verge] How to disable Chrome’s new targeted ad tracking https://www.theverge.com/23860050/chrome-ads-topics-sandbox [citizenlab.ca] NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/ [TechCrunch] FBI operation tricked thousands of computers infected by Qakbot into uninstalling the malware https://techcrunch.com/2023/08/29/fbi-operation-qakbot-uninstall/ [AppleInsider] UK backs down from nonsensical law after threats from Apple, WhatsApp https://appleinsider.com/articles/23/09/06/uk-backs-down-from-nonsensical-law-after-threats-from-apple-whatsapp [Tom's Guide] Macs under threat from malicious ads spreading malware — don’t fall for this https://www.tomsguide.com/news/macs-under-threat-from-malicious-ads-spreading-malware-dont-fall-for-this [briankrebs] Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/ [WIRED] Apple’s Decision to Kill Its CSAM Photo-Scanning Tool Sparks Fresh Controversy https://www.wired.com/story/apple-csam-scanning-heat-initiative-letter/ [VICE] Kias and Hyundais Keep Getting Stolen by the Thousands and Cities Are Suing https://www.vice.com/en/article/93kdmp/kias-and-hyundais-keep-getting-stolen-by-the-thousands-and-cities-are-suing [Gizmodo] If You’ve Got a New Car, It’s a Data Privacy Nightmare https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416 [techxplore.com] Researchers issue warning over Chrome extensions that access private data https://techxplore.com/news/2023-09-issue-chrome-extensions-access-private.html Tip of the Week: Remediate Your Network: https://firewallsdontstopdragons.com/secure-your-network-4-remediate/ Further Info Nominate someone for a challenge coin: https://fdsd.me/quest  Get your Firewalls Don’t Stop Dragons Merch! https://fdsd.me/merch  Give the gift of privacy and security: https://fdsd.me/coupons  Send me your questions! https://fdsd.me/qna  Support our mission! https://fdsd.me/support  Subscribe to the newsletter: https://fdsd.me/newsletter  Check out my book, Firewalls Don’t Stop Dragons: https://fdsd.me/book  Would you like me to speak to your group about security and/or privacy? https://fdsd.me/speakerrequest  Generate secure passphrases! https://d20key.com/#/  Table of Contents Use these timestamps to jump to a particular section of the show. 0:00:29: Kashmir Hill interview coming 0:01:40: News rundown 0:04:32: How to disable Chrome’s new targeted ad tracking 0:07:12: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild 0:10:36: FBI operation dismantles Qakbot botnet 0:13:51: UK backs down from nonsensical law after threats from Apple, WhatsApp 0:17:10: Macs under threat from malicious ads spreading malware 0:23:03: Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach