PP110: News Roundup–Linux Fragged, Edge’s Password Manager Dragged, Android Intrusions Tagged, and More

PP110: News Roundup--Linux Fragged, Edge's Password Manager Dragged, Android Intrusions Tagged, and More

JJ and Drew unpack an overstuffed suitcase of infosec stories in today’s News Roundup. Microsoft’s Edge password manager stores credentials in plaintext and Microsoft says “Yup”, the Linux kernel takes a one-two punch from Dirty Frag and Fragnesia, and a new industry coalition takes critical infrastructure protection private.

A Taiwanese radio enthusiast allegedly brings high-speed trains to a halt with cloned emergency signals, the FCC realizes not allowing firmware patches and security updates is bad for protecting consumer routers, and Google forces a sticky AI model on Chrome users without asking (we have details on how to unstick it).

Threat actors school ed-tech giant Canvas with a successful ransomware attack, Google adds forensic intrusion logging in Android to help investigators spot sophisticated spyware, and MoveIT users need to get a move-on to deal with critical patches.

Google shortens its timeline for post-quantum migration, NIST updates DNS security guidelines, ham radio operators tune into an abundance of IPv6 addresses, and Apple goes all the back to 2015 with security updates.

AdSpot Sponsor: Meter

Meter delivers full-stack networking—wired, wireless, and cellular—to leading enterprises. It’s a single integrated solution with everything included. Meter has designed the hardware, written the firmware, and built the software. Meter deploys and manages everything required at your site, or sites, so that you get performant, reliable, and secure connectivity. If you’re ready for fast, secure, and scalable connectivity without the complexity of managing multiple providers or tools, it’s time to check out Meter. Go to meter.com/packetprotector to book a demo now!

Episode Links:

EdgeSavedPasswordsDumper – GitHub

PoC tool extracts cleartext passwords from Microsoft Edge memory – Cyber Insider

Why Edge stores your passwords in plaintext, according to Microsoft – ZD Net

New Linux ‘Dirty Frag’ zero-day gives root on all major distros – Bleeping Computer

Dirtyfrag – GitHub

Fragnesia: Linux Kernel Local Privilege Escalation via ESP-in-TCP – Wiz

Dirty Frag gets a sequel as Fragnesia hands Linux attackers root-level access – The Register

New cybersecurity industry coalition aims to lead US critical infrastructure protection – Cybersecurity Dive

Alliance for Critical Infrastructure

Taiwan cops say student’s radio kit brought bullet trains to a standstill – The Register

Student who allegedly disrupted rail network on bail – Taipei Times

College student hacks Taiwan high-speed rail line with software defined radios, stopping four trains – Toms Hardware

Student Arrested in Taiwan for using SDR and Handheld Radios to Halt Four High Speed Trains with TETRA Hack – RTL-SDR

FCC pushes ban on security updates for foreign-made routers, drones to 2029 – The Record

After banning foreign routers, FCC says existing ones can get updates until 2029 – Ars Technica

FCC Covered List Addition — Routers Produced in Foreign Countries (DA 26-278) – FCC

OET Announces Extension and Expansion of Waiver (PDF) – FCC

Google Chrome silently installs a 4 GB AI model on your device without consent. At a billion-device scale the climate costs are insane – That Privacy Guy

Chrome silently installs a 4 GB local LLM on your computer – The Register

Canvas’ parent company reaches agreement with hacking group behind breach – Reuters

Instructure Reaches Ransom Agreement with ShinyHunters to Stop 3.65TB Canvas Leak – The Hacker News

Instructure reaches ‘agreement’ with ShinyHunters to stop data leak – Bleeping Computer

Double Canvas breach acknowledged as ShinyHunters sets new pay-or-leak deadline – The Register

Android Intrusion Logging as a new source of data for consensual forensic analysis  – Amnesty International Security Lab

What’s New in Android Security and Privacy in 2026 – Google

Google launches new Android security feature to help uncover spyware attacks – Tech Crunch

PP082: Building a Workable Mobile Security Strategy In a World of Risky Apps – Packet Pushers

PP072: Mobile Device Threat Management – Packet Pushers

New MOVEit vulnerabilities prompt urgent patch warning – Cybersecurity Dive

Quantum frontiers may be closer than they appear – Google

Secure Domain Name System (DNS) Deployment Guide (PDF) – NIST

Unofficial IETF draft calls for grant of five nonillion IPv6 addresses to ham radio operators – The Register

Apple Security Releases – Apple

Apple just pushed dozens of critical security updates, going all the way back to 2015 iPhones – MacWorld

By admin

Leave a Reply